by T. GormanPosted on Posted in SECActions

The Commission settled with three of the individuals charged in the Edgar hacking case. Defendants Sungjin Cho and Ivan Olefir, along with his firm Capyield Systems, Ltd., settled charges by the agency based on hacking into its computer system to steal material nonpublic information. SEC v. Ieremenko, Civil Action No. 2:19-cv-00505 (D.N.Y. Filed Jan. 15, 2019).

Each of the settling defendants consented to the entry of a permanent injunction based on Securities Act Section 17(a) and Exchange Act Section 10(b). The individual defendants also agreed to conduct based injunctions which limit their ability to trade U.S. listed securities and derivatives. Defendant Cho also agreed to pay a penalty of $175,000 while Defendant Oledfir and his firm will pay, on a joint and several basis, a penalty of $250,000.

The original complaint name nine as defendants: Oleksandr Ieremenko of Kiev, Ukrane; Spirit Trade, Ltd., Hong Kong; Sungjin Cho, Los Angeles; David Kwon, Los Angeles; Igor Sabodakha, Kiev, Ukraine; Victoria Vorochek, Luhans’ka Oblast, Ukraine; Ivan Olefir, Luhans’ka Oblast, Ukraine; Capylield Systems, Ltd., Belize City, Belize; and Andrey Sarafanov, Moskva, Russian Federation.

The scheme was launched by international hacker Ieremenko and others in the spring of 2016. See also See SEC v. Dubovoy, Civil Action No 2:150cv006076 (D. N.J.)(charging Mr. Leremenko and others in a hacking scheme). Common hacking techniques were used to search for access to material nonpublic information in EDGAR. The focus was to access test filings – those made by issuers which are not intended to become public. Rather, they are often made prior to the actual filing to ensure that format and other matters are correct. The test filings, accordingly, often contain information which is material and non-public.

To breach EDGAR the hackers sent a series of malicious emails to sec.gov email addresses. The “emails were spoofed to appear as if they were being sent by SEC security personnel . . .[they] contained malware-infected documents . . .” The efforts successfully infected several SEC computer workstations.

To infect the workstations Mr. Ieremenko used a Romanian IP address he had employed during the newswire hacks. He also used the same web browser – a point evidenced by the fact that both intrusions involved an identical user agent string. Stated differently, the hacker left his signature.

Hacker Ieremenko first successfully accessed a test file on EDGAR on May 3, 3016. He began manually exfiltrating electronic copies of test filings. Obtaining this information was the initial focus of the scheme.

The next day Mr. Ieremenko began using “deceptive hacking techniques” at 1:09 PM ET to access and exfiltrate a test filing for Issuer 1 from EDGAR. The test filing contained negative, material nonpublic information about the NYSE listed firm’s financial results. That information was apparently passed to one or more individuals at Spirit Trade. Between 2:57 PM and 3:59 PM ET that firm, controlled by a person who is a veteran of the newswire scheme, sold short 5,500 shares of Issuer I stock. Shortly after the trades were placed the market closed. Issuer 1 released the financial information and the stock price declined. The next morning Spirit Trade closed its position, yielding profits of $9,185 in gross profits. The pattern was repeated several times during May 2016, generating $496,740 in gross illegal trading profits tied to the filings of seventeen issuers.

Beginning in mid-May 2016 Mr. Ieremenko, or others, expanded the scheme. Specifically, an “Exfiltration Machine” was deployed – a server with a program. That server was able to automatically exfiltrate test files, a process initially done manually. This permitted Mr. Ieremenko “to obtain hacked test filings on a greater scale . . . more traders began to monetize the information” – that is, trade on inside information. From at least May 2016 through at least October 20, 2016 Mr. Ieremenko worked with traders located in the United States, Ukraine, and Russia to monetize the information. Virtually all of the traders had participated in the newswire phase of the scheme. During this period one group traded about 369 times using test filings exfiltrated from EDGAR.

In October 2016 SEC IT personnel patched the EDGAR software “in response to a detected attack on the system. . .” Defendant Ieremenko could no longer access the system. Nevertheless, efforts to further compromise EDGAR continued until early the next year. Later Mr. Ieremenko boasted that he had successfully hacked specific newswire companies and “sec.gov.” The SEC’s complaint alleges violations of Securities Act section 17(a) and Exchange Act section 10(b).

Video Program: OCIE Inspections and Exams: A Bad Day? You Need a Team! A video program on meeting the challenges and issues presented by these exams, Wednesday, Nov. 11, 2020; more information and registration (here).

Tagged with: ,

by T. GormanPosted on Posted in SECActions

The Division of Enforcement published its 2020 Annual Report on November 2, 2020 (here). The Report contains the now familiar sections: A Message from the Director keyed to highlights; a review and discussion of key areas of interest; a series of data charts; and lists of enforcement actions brought during the fiscal year.

Yet the overall Report differs from earlier years. While it is the usual blend of case cites, discussion of initiatives and scattered statistics, the true story is one of perseverance through adversity.

A year of success despite COVID:The Report begins by noting that once the Division moved past “that initial period of uncertainty [the Division] . . . ultimately achieved a remarkable level of success, including brining more than 700 enforcement cases during the fiscal year . . . an extraordinary accomplishment.” This point is illustrated by the citation to a sampling of cases which include:

Telegram Group, Inc., a case that centered on an unregistered offering of digital tokens or Grams that ultimately was part of a larger scheme to unlawfully distribute the Grams to the secondary public market;

Bausch Health, formerly Valeant Pharmaceuticals, an action keyed to improper revenue recognition;

BMW AG, a settled action in which two subsidiaries made inaccurate disclosures about the firm’s retail sales volume in the U.S while raising $18 billion from investors through bond offerings;

SCANA Corp., a litigated case in which the company was charged along with two senior executives for making false statements about a nuclear power plant expansion that was abandoned; and

Telefonaktiebolaget LM Ericsson, an FCPA action based on a large-scale bribery scheme involving the use of sham consultants to channel cash to government officials in multiple countries.

Cases in select areas:Cases filed in four areas, along with the Division’s litigation results, further illustrate the success of the program, according to the Report. The cases include actions centered on financial fraud, investment professionals and main street investors along with the litigation results.

Financial fraud and issuer disclosure has long been a focus of the Commission’s enforcement efforts. Yet recent efforts to duplicate historic results in this area have been less than successful. That continues to be true.

The Report cites a series of cases to illustrate the Division’s work. Those include: Revolution Lighting Technologies, an action in which the firm and its executives falsely inflated revenue for years; Iconix Brand Group, a case in which the CEO and COO beat Wall Street analysts’ consensus estimates by creating fictious revenue; and Hill International, an action were two former executives employed fraudulent accounting practices.

To be sure, the Division seems to be emphasizing financial fraud by, for example, announcing a new initiative toward the end of the fiscal year focusing on EPS, evidenced by two cases. Similarly, in the final quarter of the year perhaps a larger number of financial fraud actions were brought than in any period during the fiscal year. Those cases are apparently the product of focusing on data and metrics, according to the Report. What they do suggest is a new beginning in this area.

The Division also continued to focus on actions involving investment professionals while seeking to protect main street investors. As the Report notes, a series of cases tied largely to conflicts of interest centered on matters such as the failure to disclose the payment of 12b-1 fees were filed. This trend has been evident over the last several years, continued through 2020, and is fully consistent with protecting main street investors as the Commission has repeatedly noted.

Litigation success is another key point. The Report notes that over 40% of the standalone matters were not fully resolved at the time of filing. Whether this is atypical, resulted from difficulties tied to the pandemic or for other reasons is not discussed. More significant, however, is the statement that the Commission prevailed in each litigated action, an important point.

Other initiatives: Initiatives undertaken by the Division supplemented its case filing efforts. A key point involves the effort to hold individuals accountable. Over the course of the year the Commission charged “individuals in 72% of the standalone enforcement actions brought.” That percentage appears to be based on the fact that about 400 “standalone” case were filed – it is not based on the 700 plus number touted in the report.

A second is whistleblowers, an increasingly important initiative for enforcement. Since inception, about $562 million has been awarded. In fiscal 2020 the agency sought to accelerate the speed at which claims are evaluated. Last year about $175 million was awarded to 39 individuals – a 200% increase in the number of awards made in a single year over the next-highest year.

The Division also created the Office of Bankruptcy, Collections, Distributions and Receiverships to improve on the distribution of cash to harmed investors. About $600 million was returned to those investors in fiscal 2020. Whether this resulted from the new Office, the Supreme Court’s decision in Liu that was handed down in June 2020, or some combination thereof is not clear.

The Division continued to try to speed the pace of investigations last year – a point also covered in last year’s report. The median investigation was completed in 21.6 months, a five year best. Similarly, complex investigations were completed in 34 months rather than 37 as in earlier years.

The Report also touts the Division’s efforts to accelerate investigations through meaningful cooperation. As an example of those efforts, the Report cited the case involving BMW where a reduced penalty was imposed for what is called “extensive cooperation, especially in light of COVID-19 challenges.” Just how this approach differs from that used in other years is not explained.

Conclusion: Perhaps the best statement about fiscal 2020 is not the case cites, the tables of statistics or the discussion of various initiatives, but the one offered by the Director in her opening letter: “the greatest of our achievements this year was the everyday work of the women and men of the Enforcement Division. The fact that they kept going. That they did their jobs. That they kept protecting investors. Through the darkness of late March and early April, through school closures, through work-from-home, through illness and worse. . .” they kept going. Those efforts are a testament to the Division, its leadership, the Commission and the public. Those efforts are the real results of 2020.

Tagged with: ,