SEC, Insider Trading and Cyber Security: An International Hacking—Insider Trading Ring

Cyber security is a key focus for virtually everyone these days. The SEC, for example, has been issuing releases discussing disclosure requirements and offering guidance for a number of years. Prominent issuers have reported breaches as has the U.S. Government.

Now the SEC has brought an enforcement action tied to cybersecurity and two prominent news wire services. In a complaint unsealed yesterday the SEC, in conjunction with prosecutors in the District of New Jersey and the Eastern District of New York, filed charges against thirty-two defendants – 17 individuals and 15 entities — alleging an international hacking scheme. It tied to two insider trading groups which netted over $100 million in illegal trading profits over five years and which may be continuing. SEC v. Dubovoy (D. N.J. Unsealed August 11, 2015).

The defendants divide into three groups: 1) The hacker defendants: Oleksandr Ieremanko and Ivan Turchynov, both residents of Kiev, Ukraine. 2) The trader defendants—The Dubovoy Group: This is a group of twelve individuals and entities isheaded by Arkadiy Dubovoy of Alpharetta, Georgia. Members of the group reside in Georgia, Ukraine, New York and Pennsylvania. 3) The trader defendants – The Foreign Traders. This is a group of eighteen persons. The individual reside in Russia and Ukraine. The entities are from jurisdictions which include Malta, the Cayman Islands, Cyprus and France.

The hacker defendants penetrated the computer services of at least two newswire services. This was done using a variety of advanced techniques which included masking their identities by posing as newswire employees and customers. As a result they were able to acquire advance copies of corporate press releases before distribution to the public. Over time this gave the hackers access to press releases regarding companies which included: Catepillar, Inc., TreeHouse Foods, Inc., RadioShack, Zumiez, Inc., Brocade Communications Systems, Edwards Life Sciences, Panera Bread Co., VMware, Inc., TIBCO Software and Align Technology. Overall the hackers are alleged to have obtained over 100,000 press releases.

The hacker defendants – Messrs. Ieremanko and Turchynov – transmitted the information to the traders. The traders had been recruited with a video which showcased the ability of the hackers to obtain inside information. The information had to be transmitted in a narrow window of time before the release by the news wires of the press releases. The members of the trader group placed trades through a variety of accounts using the information prior to the public release of the information. The hacker defendants were paid either a flat fee or a percentage of the trading profits. At times the traders in the groups communicated with each other and the hackers had access to various trading accounts. Trading in this fashion has continued through at least May 2015. The Commission’s complaint alleges violations of Securities Act Section 17(a) and Exchange Act Sections 10(b), 20(a) and 20(e).

The parallel criminal actions in New Jersey and Brooklyn, New York were brought against nine individuals. Those cases allege that $30 million was made on the scheme.