U.S. Identifies Insider Trading Ring with Ukraine Hackers

Exposing a new front in cybercrime, U.S. authorities broke up an alleged insider trading ring that relied on computer hackers to pilfer corporate press announcements and then profited by trading on the sensitive information before it became public, according to a person familiar with the matter.

Officials have identified nine hackers and traders. Charges against some of the men were unsealed Tuesday in New Jersey federal court, and more are expected later in Brooklyn, New York. Five of the men were arrested by federal agents in morning raids in Georgia and Pennsylvania.

The hackers, who are thought to be in Ukraine and possibly Russia, infiltrated the computer servers of PRNewswire Association, Marketwired and Business Wire, a unit of Warren Buffett's Berkshire Hathaway, according to a person familiar with the matter.

Over several years, they allegedly siphoned 150,000 press releases including corporate data on deals and earnings that could be used to anticipate stock market moves and make profitable trades. The hackers passed the information to their associates in the U.S., who allegedly used it to buy and sell shares of dozens of companies, including Panera Bread, Boeing, Hewlett-Packard, Caterpillar and Oracle, through their retail brokerage accounts. Money was then shifted offshore through Estonian banks. The scheme netted more than $30 million, said the person.

It is the first major case of insider trading to cross into the cyber realm, exposing the vulnerabilities of financial markets in the digital age. Just as prosecutors deploy ever-more aggressive tactics like wiretaps to curb illegal trading, criminals have now leapt past them with a simple ruse: Steal information instead of persuading others to share it improperly. It's also a great equalizer. No longstanding Wall Street connections are needed to glean advance information from companies.

Burgeoning Caseload

Still, the breakthrough is a significant victory for the Federal Bureau of Investigation and prosecutors, who have been struggling to halt a burgeoning caseload of computer incursions that have publicly shaken Target, Sony and JPMorgan Chase, among other big companies.

Named in the 23-count New Jersey indictment on hacking- related and securities fraud charges are Ivan Turchynov, Oleksandr Ieremenko, Arkadiy Dubovoy, Igor Dubovoy and Pavel Dubovoy.

Little is known about the men other than they worked with others to siphon inside information out of several public relations firms.

With defendants spanning two, possibly three, countries, it's not yet clear who masterminded the idea to hack the firms and trade off the information. Aside from Vitaly Korchevsky, the alleged professional conduit of the group expected to be charged later Tuesday, the rest have little or no financial credentials or obvious experience as traders. They work in real estate and construction and operate a myriad of LLCs that appear to be covers for their trading operations, according with public records.

Three of the defendants appear to be related: Igor, Arcadiy and Paval Dubovoy. Arkadiy and Igor, who are father and son, currently live in Georgia, while Pavel is thought to be in Ukraine.

Investigation Begins

The investigation began when prosecutors in Brooklyn and the FBI received a referral from the Securities and Exchange Commission about a pattern of suspicious trading by some of the defendants. The U.S. Secret Service and federal prosecutors in New Jersey later began a separate investigation, the person said, that focused on the foreign hackers.

For more than two years, investigators unraveled the scheme and the trades, which spanned a period of five years and continued until recently, say people familiar with the investigation. Federal agents alerted the three wire services of the computer breaches, and the firms did not disclose them publicly to allow the investigation to continue unimpeded, the person said.

PRNewswire didn't immediately comment on the charges. The other newswires couldn't be reached.

Federal charges including conspiracy to commit securities fraud and hacking are expected to be filed against the nine men in Brooklyn and New Jersey, the person said. The SEC is pursuing a parallel civil case against some of the individuals.

With nine defendants spanning two, possibly three, countries, it's not yet clear who the mastermind was behind the plot to occupy the wire services' computers and trade on the stolen information.

Only one professional trader was arrested, in Pennsylvania, and he is described as the linchpin of the markets strategy. He ran a mutual fund and worked on Wall Street before starting his own hedge fund. The rest of the group lacks similar financial credentials. They list themselves in myriad real estate and construction businesses.

The scarce credentials show that in the new world of insider trading anyone willing to pay for hackers' services may be able to obtain information for illicit trading. Whatever the nine men's connections, they are missing those common to many of the major cases brought by New York prosecutors in recent years, things like Ivy League schools and Wall Street employers and top consulting firms.

For reprint and licensing requests for this article, click here.
Bank technology Law and regulation
MORE FROM AMERICAN BANKER