Charges laid over alleged scheme to hack US SEC

Civil and criminal charges laid over hacking of ‘EDGAR’ system

An alleged hacker and a group of traders face civil and criminal charges over a scheme to obtain sensitive financial information from a system maintained by the US Securities and Exchange Commission (SEC) ahead of its release to the market.

The SEC has lodged civil charges against nine individuals and entities for an alleged scheme to obtain non-public information from the agency’s EDGAR system and use it for trading.

The scheme to hack EDGAR has previously been disclosed by the SEC, and some of the people charged by the commission were involved in a similar scheme that involved accessing newswire services to obtain early access to information, the corporate regulator said.

EDGAR — Electronic Data Gathering, Analysis, and Retrieval— is the SEC system used by companies to electronically file a range of documents.

A document outlining the charges says the scheme allegedly involved hacking EDGAR to “obtain nonpublic documents containing earnings announcements of publicly-traded companies, and to then use that information to profit by trading in advance of the information becoming public”

Spirit Trade, Ltd., Sungjin Cho, David Kwon, Capyield Systems, Ivan Olefir, Igor Sabodakha, Victoria Vorochek, and Andrey Sarafanov are charged with using the information to conduct trades.

Ukrainian Oleksandr Ieremenko has been charged with illicitly accessing EDGAR.

“Starting in at least May 2016 and continuing into at least October 2016, Defendant Ieremenko and others working with him used a variety of deceptive means to obtain thousands of nonpublic ‘test filings’ from the SEC’s EDGAR system’s servers,” the SEC complaint states.

“In some instances, these test filings included submissions by public companies that contained earnings results and other material information that the companies had not yet released to the public. The hacked material nonpublic information was then transmitted to traders who, in connection with approximately 157 earnings announcements, used it to place profitable securities trades before the information was made public.”

The SEC claims that prior to targeting EDGAR, Ieremenko hacked “at least three newswire services”, obtaining more than 100,000 draft press releases.

The hacking scheme began in early 2016.

“Ieremenko’s deceptive acts created the false appearance that he was an authorized user of the EDGAR system and ultimately allowed him to penetrate the EDGAR computer network to access certain nonpublic return copies of EDGAR test filings,” the SEC complaint states.

The scheme delivered at least US$4.1 million to the traders involved, courtesy of at least 157 earnings releases from May to October 2016, according to the SEC.

“International computer hacking schemes like the one we charged today pose an ever-present risk to organizations that possess valuable information,” said SEC enforcement division co-director Stephanie Avakian.

“Today’s action shows the SEC’s commitment and ability to unravel these schemes and identify the perpetrators even when they operate from outside our borders.”

Ieremenko and another Ukrainian man, Artem Radchenko, also face criminal charges of securities fraud conspiracy, wire fraud conspiracy, computer fraud conspiracy, wire fraud, and computer fraud. Radchenko allegedly helped recruit traders for the scheme.

“The defendants charged in the indictment announced today engaged in a sophisticated hacking and insider trading scheme to cheat the securities markets and the investing public,” said US Attorney Craig Carpenito.

“They targeted the Securities and Exchange Commission with a series of sophisticated and relentless cyber-attacks, stealing thousands of confidential EDGAR filings from the commission’s servers and then trading on the inside information in those filings before it was known to the market, all at the expense of the average investor.” 

“The defendants allegedly orchestrated sophisticated computer intrusions to steal non-public information from the SEC, compromising the integrity of the market and depriving honest investors of a level playing field,” said assistant attorney general Brian Benczkowski. 

“The Department of Justice will aggressively pursue and prosecute those who attack our financial markets and seek to profit unfairly, no matter where such offenders reside.”

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags cyber securityUS Securities and Exchange Commission (SEC)

More about Department of JusticeSECSecurities and Exchange Commission

Show Comments