Cybersecurity

US charges traders for hacking into SEC database

The Securities and Exchange Commission (SEC) on Tuesday filed fraud charges against nine individuals and firms that allegedly made more than $4.1 million in trades based on information stolen from the agency.

In a complaint filed with the U.S. District Court in Newark, New Jersey, the SEC said a group of Russian, Ukrainian and U.S. individuals made more than $4.1 million in illegal gains using nonpublic information hacked from the agency’s electronic filing system and database.

{mosads}Ukrainian hacker Oleksandr Ieremenko allegedly overrode authentication checks in the SEC’s Electronic Data Gathering, Analysis, and Retrieval system (EDGAR) to access unreleased earnings reports from 157 companies between May and October 2016.

“International computer hacking schemes like the one we charged today pose an ever-present risk to organizations that possess valuable information,” said Stephanie Avakian, co-director of the SEC’s enforcement division.

“Today’s action shows the SEC’s commitment and ability to unravel these schemes and identify the perpetrators even when they operate from outside our borders.”

Ieremenko allegedly shared the stolen information with six individuals and two firms, which made investments based on the nonpublic data, according to the SEC complaint. Ieremenko and Artem Radchenko, a Ukrainian who allegedly helped recruit traders for the scheme, were also indicted on 16 counts of fraud-related charges by the Justice Department.

The investors who allegedly profited on the stolen information included California residents Sungjin Cho and David Kwon; Igor Sabodakha, Victoria Vorochek and Ivan Olefir of Ukraine; and Andrey Sarafanov of Russia.

The SEC also charged Capyield Systems, a company owned by Olefir, and Spirit Trade Ltd., in the scheme. The commission also alleged that Ieremenko and several of the traders charged Tuesday were previously involved in a 2015 plot to trade on nonpublic information hacked from newswire services.

“The trader defendants charged today are alleged to have taken multiple steps to conceal their fraud, including using an offshore entity and nominee accounts to place trades,” said Steven Peiki, enforcement division co-director.

“Our staff’s sophisticated analysis of the defendants’ trading exposed the common element behind their success, providing overwhelming evidence that each of them traded based on information hacked from EDGAR.”

SEC Chairman Jay Clayton revealed in September 2017 that hackers had exploited software flaws in the EDGAR system to access and profit off of nonpublic information. The commission announced the following week that the hackers also accessed the birthdates and Social Security numbers of two people in the EDGAR system.

— Updated at 12:25 p.m.