An international hacking ring pocketed more than $100 million from illicit trades, targeting a core vulnerability of the financial system in one of the digital age’s most sprawling insider-trading schemes.
More than 30 hackers and traders coordinated to steal and profit from more than 150,000 press releases, which were scheduled to be delivered to investors from corporate wire services Business Wire, PR Newswire and Marketwired.
With advance details on financial performance and corporate mergers from dozens of companies — including Bank of America, Boeing, Ford Motor, Home Depot, defense contractor Northrop Grumman and Smith & Wesson — the team made rapid and lucrative trades from shared brokerage accounts, funneling the money through shell companies and offshore bank accounts in Estonia and Macau.
More than 30 defendants were today named in criminal and civil cases over alleged hacking and insider trading.
Vitaly Korchevsky, the 49-year old Russian immigrant was arrested in Pennsylvania today in connection with a global cyber crime and insider trading ring that allegedly netted over $100 million.
Korchevsky made 600 trades using illegally obtained insider information, earning $17.5 million in the process, according to a complaint filed by the Securities and Exchange Commission.
Korchevsky then started his own hedge fund, NTS Capital Fund LP, in Glen Mills Pennsylvania in 2011, according to SEC filings. NTS was also named as a defendant in the SEC case and is alleged to have made $3.2 million in ill-gotten gains.
Korchevsky is alleged to be connected with Arkadiy Dubovoy, a 50-year old based in Georgia who made $11 million in ill-gotten gains and is the father of at least one of the other defendants, according to the SEC filing.
The two have established hedge funds together, and coordinated trading, the SEC filing alleged. Korchevsky also helped create offshore accounts for the Dubovoy Group.
By breaking into the wire services, some of Wall Street’s most vital and unnoticed information hubs, investigators said the hackers and traders were able to defraud investors on a massive scale while leaving no public trace, a worrying development for the increasingly intricate networks that keep the financial world online.
Two Ukrainian hackers, Oleksandr Ieremenko, 23, and Ivan Turchynov, 27, were said to have spearheaded the scheme, by cracking into the newswires and then listing the information on secret outposts accessed by traders in the U.S., Russia, Ukraine, Malta, Cyprus and France.
The hackers, who breached the wires and swiped employee credentials through a series of attacks, shared the stolen intelligence with a black-market network of traders, who would then pay the hackers a cut of their ill-gotten profits, indictments show.
Speaking in Russian, Turchynov said in an online chat in 2011 that rogue traders who made money from the hacked information would need to share a cut of their “seasonal” profits, according to the indictment. He added, “If you get really high with time you pay a fixed amount of dough a month.”
The hackers, who called the early-accessed filings “fresh stuff,” masked their movements through proxy servers and stolen employee identities, and recruited traders with videos showcasing how swiftly they could steal corporate data before its release. Traders kept “shopping lists” of the releases they wanted from select public companies, many of whom were large Fortune 500 conglomerates with heavy interest in market trading.
The ability to see a stock’s near-future generated windfalls at warp speed; in one instance, traders made half a million dollars in 36 minutes. In a 2013 scheme, the traders bought more than $8 million in shares of Align Technology after stolen documents showed that the medical-device maker’s revenues had recently soared. One day later, when the news went public, the traders cashed out for a profit of more than $1.4 million.
The hackers tapped an armament of brute-force, injection and “spear-phishing” attacks, bulldozing through security systems, implanting malicious code or persuading employees to click on booby-trapped links.
SEC investigators unraveled the scheme with the help of “enhanced trading surveillance” technology, White said, which can comb through millions of financial trades, track suspicious behavior and otherwise sniff out threats to “the integrity of our markets.”
The charged traders included Vitaly Korchevsky, 49, an investment advisor who ran once managed mutual funds for Morgan Stanley; Arkadiy Dubovoy, 50, and Igor Dubovoy, 28, a father-and-son team living in Alpharetta, Georgia; and a relative, Pavel Dubovoy, 32, in Ukraine.
The traders were helped by four co-conspirators in Alpharetta and Suwanee, Georgia; Glenn Mills, Pennsylvania; and Brooklyn, two of whom were formerly broker-dealers registered with the SEC. The indictments and complaints did not list attorneys for those charged.
These hackers aren’t alone in setting their sights on hyper-profitable market-moving events. In December, FireEye told the Federal Bureau of Investigation that another hacker group, called FIN4, had targeted the computer networks of more than 100 health care, law and pharmaceutical firms, hoping to grab insider intelligence on “impending market catalysts” that could help the group rake in cash from lucrative trades.
The case also echoes a decade-old scheme masterminded by two employees of Estonian financial-services firm Lohmus Haavel & Viisemann, whose theft of Business Wire releases netted them nearly $8 million in illicit profits before their arrest. The firm agreed to a civil settlement and $14 million in fines.
The wire services said they were cooperating closely with federal investigators, and Business Wire, a subsidiary of Warren Buffett’s investment empire Berkshire Hathaway, said it had hired a cybersecurity team to test its systems and ensure its “network is fully operational and secure.”