This Week In Securities Litigation (Week ending Jan. 18, 2019)

The partial government shutdown continues, leaving agencies such as the SEC virtually dark. Nevertheless, the Commission issued and order this week and filed three new actions. The most significant charged those who hacked EDGAR with fraud. A parallel action was brought by the U.S. Attorney’s Office for the District of New Jersey. The Commission also filed two administrative proceedings based on unprofessional conduct by audit firms and the engagement partners involved in the conduct on which the proceedings were based. One of those actions was ordered set for hearing. It is the first contested administrative proceeding filed since last May.

SEC

Stay: The Commission entered an order on January 16, 2019 noting that the agency has “experienced a lapse in appropriations . . . [and is thus] prohibited from performing the ongoing, regular functions of government except in very limited circumstances . . .” Accordingly, all pending administrative proceedings before an administrative law judge or the Commission are stayed “immediately” until further order from the agency.

SEC Enforcement – Filed and Settled Actions

The Commission filed 1 new civil injunctive action and 2 administrative proceedings, exclusive of section 12j actions and tag-a-long proceedings.

Cyber-security: SEC v. Ieremenko, Civil Action No. 2:19-cv-00505 (D.N.Y. Filed Jan. 15, 2019); see also U.S. v Ieremenko (D. N.J. Filed Jan 15, 2019). The Commission’s action names nine as defendants: Oleksandr Ieremenko of Kiev, Ukrane; Spirit Trade, Ltd., Hong Kong; Sungjin Cho, Los Angeles; David Kwon, Los Angeles; Igor Sabodakha, Kiev, Ukraine; Victoria Vorochek, Luhans’ka Oblast, Ukraine; Ivan Olefir, Luhans’ka Oblast, Ukraine; Capylield Systems, Ltd., Belize City, Belize; and Andrey Sarafanov, Moskva, Russian Federation. The 16 count criminal indictment names as defendants Artem Radchenko and Oleksandr Ieremenko, both of Kiev, Ukraine. Defendant Ieremenko is an international hacker charged with having breached three newswire services to secure inside information for trading along with a number of others. See SEC v. Dubovoy, Civil Action No 2:150cv006076 (D. N.J.); U.S. v. Turchynov, No. 2:15-cv-00390 (D.N.J.); U.S. v. Korchevsky, No. 1:150-cr-00381 (E.D.N.Y.). The EDGAR hack is just the next phase of those actions, according to the SEC’s complaint. The scheme was launched by Mr. Ieremenko and others in the spring of 2016 focused on acquiring test filings – those made by issuers which are not intended to become public. Rather, they are often made prior to the actual filing to ensure that format and other matters are correct. Initially, the hackers sent a series of malicious emails to sec.gov email addresses which emulated security communications. Once access was secured test trades using the information were placed which proved successful, generating $496,740 in gross illegal trading profits tied to the filings of seventeen issuers. Beginning in mid-May 2016 Mr. Ieremenko, or others, expanded the scheme. Specifically, an “Exfiltration Machine” was deployed – a server with a program. That server was able to automatically exfiltrate test files, a process initially done manually. This permitted Mr. Ieremenko “to obtain hacked test filings on a greater scale . . . more traders began to monetize the information” – that is, trade on inside information. From at least May 2016 through at least October 20, 2016 Mr. Ieremenko worked with traders located in the United States, Ukraine, and Russia to monetize the information. Virtually all of the traders had participated in the newswire phase of the scheme. During this period one group traded about 369 times using test filings exfiltrated from EDGAR. In October 2016 SEC IT personnel patched the EDGAR software “in response to a detected attack on the system. . .” Ieremenko could no longer access the system. Nevertheless, efforts to further compromise EDGAR continued until early the next year. Later Mr. Ieremenko boasted that he had successfully hacked specific newswire companies and “sec.gov.” The statements are confirmed by the electronic signatures remaining from the hacks – effectively Mr. Ieremenko’s electronic calling card. The SEC’s complaint alleges violations of Securities Act section 17(a) and Exchange Act section 10(b). The indictment contains counts alleging conspiracy, wire fraud, securities fraud and computer fraud. Both cases are pending. See Lit. Rel. No. 24381 (Jan. 17, 2019).

Unprofessional conduct: In the Matter of LBB & Associates Ltd., LLP, Adm. Proc. File No. 3-18967 (Jan. 14, 2019) is an action which names as Respondents the Huston based PCAOB registered accounting and audit firm and Carlos Lopez, a CPA and the firm’s managing partner and majority owner. This proceeding centers on the audits by the firm of Behavioral Recognition Systems, Inc. or BRS, now known as Giant Gray, Inc. in 2012, 2013 and 2014. Specifically, in 2012 when Mr. Lopez served as the engagement partner, the audit failed to conform to PCAOB standards in two key respects. First, Mr. Lopez relied exclusively on management to identify related party transactions although he was aware of red flags indicating that in fact there were other such transactions – and there were. Second, he failed to comply with the Board’s standards in auditing the related party transactions that were disclosed. Rather than conduct the procedures in accord with the applicable standards, he again relied on the representations of management. Finally, since Mr. Lopez served as the engagement partner in 2012, he was not eligible to conduct the EQR or engagement quality review in either 2013 or 2014. By conducting those reviews Mr. Lopez again acted contrary to the PCAOB standards and, together with his earlier conduct, he and the firm engaged in improper professional conduct. The Commission ordered that the matter be set for hearing.

Unprofessional conduct –independence: In the Matter of Katz, Napper & Miller, LLP, Adm. Proc. File No. 3-18966 (Jan. 9, 2019) is a proceeding which names as Respondents the Indianapolis based PCAOB registered audit firm and Scott Price, a CPA who is a partner at the firm. Respondents were engaged to conduct audits with respect to two pooled investment vehicles managed by then registered investment adviser Mohlman Asset Management Fund, LLC. The audits were for the exception to the Custody Rule. The adviser did not know that the financial statements for the Funds in 2012 and 2013 had been prepared by Respondents – they were not independent. In addition, Respondents engaged in unprofessional conduct with respect to audits conducted for one Fund in 2013 and 2014 because they failed to have the relevant knowledge and training, should have been aware of a related party transaction and a loan that had not been properly disclosed and failed to exercise due professional case. The firm also failed to establish sufficient control standards. Respondents took a number of remedial steps and entered into a series of undertakings which include the retention of an independent consultant who will conduct a comprehensive review of the firm’s policies, procedures, controls and training. The Order alleges violations of Advisers Act section 204(4). To resolve the proceedings Respondents consented to the entry of a cease and desist order based on the section cited in the Order. The firm was ordered to comply with its undertakings and Mr. Price was censured. In addition, the firm was directed to pay disgorgement of $32,473.06 along with prejudgment interest of $6,257.11 and a penalty of $63,104.31. Mr. Price will pay a penalty of $15,000.

Court of Appeals

Insider trading: U.S. v Klein, Docket No. 17-3355 (2nd Cir. Jan. 10, 2019). Defendant Robert Schulman appealed from his conviction for insider trading. He was a D.C. based partner at Hutton and William in the patent group. Tibor Klein was the principal of Klein Financial Services, a registered investment adviser based in Long Island, New York. Mr. Klein had served as the financial adviser to Attorney Schulman since 2000. The adviser had discretionary authority. Over the years the attorney and adviser developed a routine of meeting about three times per year on a Friday afternoon to review the performance of the portfolio and advisory. Mr. Klein traveled to Washington, met with the attorney and his wife at their home in Virginia, and then stayed over-night following dinner.

In July 2010 the Shulmans met with the adviser. At the time Mr. Schulman knew firm client King Pharmaceutical, Inc. was in merger discussions with Pfizer – the attorney learned about the deal while conducting patent litigation for the client. During the course of the evening Mr. Schulman stated that “boy, it would be nice to be king-for-a-day.” The attorney claimed the statement was a joke and that he never mentioned the merger or any discussions, according to the testimony he provided to the SEC. Essentially the same statement was made to the U.S. Attorney’s Office in a 2015 interview. Mrs. Schulman – the only person to testify at trial who was present at the time of the statement – did not remember anything being said about King. Almost immediately Mr. Klein and another adviser he called purchased significant stakes in King. Following the deal announcement Mr. Klien, the client accounts he purchased shares for – including that of attorney Schulman — had significant trading profits as did the other adviser. Following trial, a jury deliberated for one day before returning verdicts of guilty on charges of conspiracy and securities fraud. The court sentenced Mr. Schulman to three years of probation.

The key question on appeal was the sufficiency of the evidence. Mr. Schulman argued that the only evidence against him – the “king-for-a-day” statement — was insufficient to support his conviction on two criminal counts. In rejecting this claim the Second Circuit began by noting that an Appellant such as Mr. Schulman has a “heavy burden.” The reviewing court must “credit every inference that could have been drawn in the government’s favor.” If, from the reasonably drawn inferences, the “jury might fairy have concluded guilt beyond a reasonable doubt” the conviction must be affirmed.

In assessing the evidence, it is essential that it be viewed in its totality, not piecemeal or bits in isolation. The lynchpin to the Court’s conclusion is two statements by attorney Schulman, the inferences drawn from them and the trading. Initially, Mr. Schulman admits making the statement about being “a king-for-a-day,” although his wife did not recall it. Indeed, she testified that if she had heard it, the comment would have sounded silly.

Second, Mr. Schulman admitted that the “king-for-a-day” comment referred to King Pharmaceuticals, although there is no reference to the company in the statement. From these facts the Court inferred that “Klein apparently recognized that by ‘king’ Schulman meant ‘King.’” Further, “[c]ommon sense also would lead a rational juror to conclude that Schulman had to have communicated additional information to Klein for Klein to have promptly called Shechtman [the other adviser], cited ‘inside information’ about King and Pfizer . . and begun buying King stock. Indeed, this precise issue was argued to the jury . . .and was resolved by the jury against Schulman.” Finding that the other evidence and inferences were consistent with this conclusion the Court affirmed the conviction.

Hong Kong

MOU: The Securities and Futures Commission entered into a memorandum of understanding with the Commission de Surveillance du Secteur Financier of Luxembourg. The agreement establishes a framework for the exchange of information, regular dialogue and regulatory cooperation in relation to the cross-border offering of eligible Hong Kong public funds and Luxenbourgh UCITS funds.

Print Friendly, PDF & Email
Tagged with: , , ,

SEC: The EDGAR Hack Is Phase 2 of the Newswire Breaches

The SEC is the agency charged with monitoring cyber-security, internal controls and similar corporate matters. The agency has issued guidance on cyber-security. It is thus more than ironic that the Commission became a victim of hackers who breached EDGAR, the corporate filing system for the agency. At the same time the breach illustrates what the Commission has always said about compliance systems – the best can be breached. Whether the SEC’s was the best, however, is not the question. It was breached, and the information obtained was used to generate over $4 million in insider trading profits. That breach resulted in an action by the Commission and the U.S. Attorney’s Office. SEC v. Ieremenko, Civil Action No. 2:19-cv-00505 (D.N.Y. Filed Jan. 15, 2019); U.S. v Ieremenko (D. N.J. Filed Jan 15, 2019).

The Commission’s action names nine as defendants: Oleksandr Ieremenko of Kiev, Ukrane; Spirit Trade, Ltd., Hong Kong; Sungjin Cho, Los Angeles; David Kwon, Los Angeles; Igor Sabodakha, Kiev, Ukraine; Victoria Vorochek, Luhans’ka Oblast, Ukraine; Ivan Olefir, Luhans’ka Oblast, Ukraine; Capylield Systems, Ltd., Belize City, Belize; and Andrey Sarafanov, Moskva, Russian Federation. The 16 count criminal indictment names as defendants Artem Radchenko and Oleksandr Ieremenko, both of Kiev, Ukraine.

Defendant Ieremenko is an international hacker charged with having breached three newswire services to secure inside information for trading along with a number of others. See SEC v. Dubovoy, Civil Action No 2:150cv006076 (D. N.J.); U.S. v. Turchynov, No. 2:15-cv-00390 (D.N.J.); U.S. v. Korchevsky, No. 1:150-cr-00381 (E.D.N.Y.). The EDGAR hack is just the next phase of those actions, according to the SEC’s complaint.

The scheme was launched by Mr. Ieremenko and others in the spring of 2016. Common hacking techniques were used to search for access to material nonpublic information in EDGAR. The focus was to access test filings – those made by issuers which are not intended to become public. Rather, they are often made prior to the actual filing to ensure that format and other matters are correct. The test filings, accordingly, often contain information which is material and non-public.

To breach EDGAR the hackers sent a series of malicious emails to sec.gov email addresses. The “emails were spoofed to appear as if they were being sent by SEC security personnel . . .[they] contained malware-infected documents . . .” The efforts successfully infected several SEC computer workstations.

To infect the workstations Mr. Ieremenko used a Romanian IP address he had employed during the newswire hacks. He also used the same web browser – a point evidenced by the fact that both intrusions involved an identical user agent string. Stated differently, the hacker left his signature.

Hacker Ieremenko first successfully accessed a test file on EDGAR on May 3, 3016. . He began manually exfiltrating electronic copies of test filings. Obtaining this information was the initial focus of the scheme.

The next day Mr. Ieremenko began using “deceptive hacking techniques” at 1:09 PM ET to access and exfiltrate a test filing for Issuer 1 from EDGAR. The test filing contained negative, material nonpublic information about the NYSE listed firm’s financial results. That information was apparently passed to one or more individuals at Spirit Trade. Between 2:57 PM and 3:59 PM ET that firm, controlled by Individual 1 who is a veteran of the newswire scheme, sold short 5,500 shares of Issuer I stock. Shortly after the trades were placed the market closed. Issuer 1 released the financial information and the stock price declined. The next morning Spirit Trade closed its position, yielding profits of $9,185 in gross profits. The pattern was repeated several times during May 2016, generating $496,740 in gross illegal trading profits tied to the filings of seventeen issuers.

Beginning in mid-May 2016 Mr. Ieremenko, or others, expanded the scheme. Specifically, an “Exfiltration Machine” was deployed – a server with a program. That server was able to automatically exfiltrate test files, a process initially done manually. This permitted Mr. Ieremenko “to obtain hacked test filings on a greater scale . . . more traders began to monetize the information” – that is, trade on inside information. From at least May 2016 through at least October 20, 2016 Mr. Ieremenko worked with traders located in the United States, Ukraine, and Russia to monetize the information. Virtually all of the traders had participated in the newswire phase of the scheme. During this period one group traded about 369 times using test filings exfiltrated from EDGAR.

In October 2016 SEC IT personnel patched the EDGAR software “in response to a detected attack on the system. . .” Ieremenko could no longer access the system. Nevertheless, efforts to further compromise EDGAR continued until early the next year. Later Mr. Ieremenko boasted that he had successfully hacked specific newswire companies and “sec.gov.” The SEC’s complaint alleges violations of Securities Act section 17(a) and Exchange Act section 10(b). The indictment contains counts alleging conspiracy, wire fraud, securities fraud and computer fraud. Both cases are pending.

Print Friendly, PDF & Email
Tagged with: , ,
Top