Ukrainian Hackers Made $100M from Insider Trading on Stolen Information

The US Securities and Exchange Commission (SEC) filed fraud charges against over thirty people for allegedly taking part in a scheme to profit from stolen insider information about corporate earnings announcements. The international cybercrime ring, composed of two Ukrainians hackers and dozens of traders around the world, broke into newswire services to obtain the information, generating more than $100 million in illegal profits.

“This international scheme is unprecedented in terms of the scope of the hacking, the number of traders, the number of securities traded and profits generated,” said Securities and Exchange Commission Chair Mary Jo White. “That deception ends today as we have exposed their fraudulent scheme and frozen their assets.”

The SEC alleges that over a five-year period, Ivan Turchynov and Oleksandr Ieremenko spearheaded the criminal operations, using advanced techniques to hack into newswire services, such as Business Wire, Marketwired and PR Newswire, and stole hundreds of corporate earnings announcements before the newswires released them publicly. Turchynov and Ieremenko created a secret web-based location to transmit the stolen data to traders in Russia, Ukraine, Malta, Cyprus, France and the US.

Join the Leading Industry Event!

Advanced Techniques

Turchynov and Ieremenko hid the intrusions by using proxy servers to mask their identities and by posing as newswire service employees and customers. The two allegedly recruited traders with a video showcasing their ability to steal the earnings information before its public release. In return for the information, the traders paid the hackers a share of their profits, even going so far as to give the hackers access to their brokerage accounts to monitor the trading and ensure that they received the appropriate percentage of the profits.

The traders sought to conceal their illicit activity by establishing multiple accounts in a variety of names, funneling money to the hackers as supposed payments for construction and building equipment, and trading in products such as contracts for difference (CFDs).

At times, the hackers and traders had a very narrow window of opportunity to extract and use the allegedly hacked information. In one particularly dramatic instance on May 1, 2013, the hackers and traders allegedly moved in the 36-minute period between a newswire’s receipt and release of an announcement that a company was revising its earnings and revenue projections downward. According to the SEC’s complaint, ten minutes after the company sent the still-confidential release to the newswire, traders began selling short its stock and selling CFDs, realizing $511,000 in profits when the company’s stock price fell following the announcement.