How to beat Wall Street: when two men hacked into the SEC

Scheme generated about €3.6m in illegal profits

Companies use the Securities and Exchange Commission’s corporate filing system to share market-moving news. Photograph: iStock
Companies use the Securities and Exchange Commission’s corporate filing system to share market-moving news. Photograph: iStock

Companies use the Securities and Exchange Commission’s corporate filing system to share market-moving news with investors and the public. Getting an early peek at those filings would be very helpful to a thief.

That was the motivation for two computer hackers who tried to penetrate the system, known as EDGAR, according to an indictment unsealed on Tuesday by federal prosecutors in the US. Authorities charged two men, both of whom are believed to be Ukrainian nationals, in a scheme to hack into the commission’s database and steal secret information that they could either trade on or sell to others.

Prosecutors said that by hacking into the EDGAR system, the men, Artem Radchenko and Oleksandr Ieremenko, had stolen "annual, quarterly and current reports of publicly traded companies before the reports were disseminated to the investing public."

The scheme, prosecutors said, took place from roughly February 2016 to March 2017. Federal authorities had previously charged Mr Ieremenko in 2015 with hacking into the databases of business newswire companies to steal corporate news releases in order to make profitable trades.

READ SOME MORE

Government shutdown

A spokesman for Craig Carpenito, the US attorney for New Jersey, said that neither Mr Radchenko nor Mr Ieremenko was in federal custody. The SEC, which has been operating with a skeleton staff because of the partial government shutdown, said in a related civil complaint that the scheme had generated about $4.1 million (€3.6 million) in illegal profits.

In addition to Mr Ieremenko, six individuals, most of whom have addresses in Russia or Ukraine, and two entities were also named as defendants. One of the defendants, David Kwon, who is charged with securities fraud, is believed to live in Los Angeles, according to the complaint. Securities regulators contend that Mr Kwon, 44, traded at least 18 times on information stolen from EDGAR. He did not respond to a request for comment.

Another defendant listed in the commission's complaint, Sungjin Cho, who lives in Los Angeles, is accused of making at least 66 trades. Sean Prosser, a lawyer for Cho, declined to comment on the charges.

Phising

To gain access to the system, prosecutors said, the hackers sent so-called phishing emails to commission employees and then infected some of the agency’s computers with malware. The scheme targeted “test filings” that companies can submit to EDGAR before actual filings that are intended to be made public. Such test filings often contain information similar to that in the actual filings.

The criminal indictment said the defendants had stolen test filings submitted by at least five companies and then traded on the information or sold it to unnamed co-conspirators.

EDGAR has been compromised before. In 2015, the commission charged a Bulgarian man with creating a company in order to get an access code to the system. He then submitted bogus takeover bids for two companies, Avon Products and Rocky Mountain Chocolate Factory, in an effort to manipulate their stock prices. – The New York Times Service