Nine defendants in Edgar hack scheme charged
Where’s your data? Somewhere safe you hope. But, even EDGAR is not immune. The Securities and Exchange Commission (SEC) announced charges against nine defendants for participating in a previously disclosed scheme to hack into the SEC’s EDGAR system to extract nonpublic information to use for illegal trading. Among those charged are a Ukrainian hacker, six individual traders in California, Ukraine, and Russia, and two entities. The hacker and some of the traders were also involved in a similar scheme to hack into newswire services and trade on information that also had not yet been released to the public – for which the SEC charged the hacker and other traders in 2015.
According to the SEC’s complaint, after hacking the newswire services, Ukrainian hacker Oleksandr Ieremenko turned his attention to EDGAR and, gained access to the system in 2016. Ieremenko extracted EDGAR files containing nonpublic earnings results and passed that information to individuals who used it to trade in the narrow window between when the files were extracted from SEC systems and when the companies released the information to the public. In total, the traders traded before at least 157 earnings releases from May to October 2016 and generated at least $4.1 million in illegal profits.
“The trader defendants charged,” said Enforcement Division Co-Director Steven Peikin, “are alleged to have taken multiple steps to conceal their fraud, including using an offshore entity and nominee accounts to place trades.”
How Iremenko did it
The SEC’s complaint alleges that Ieremenko circumvented EDGAR controls that require user authentication and then navigated within the EDGAR system. Ieremenko obtained nonpublic “test files,” which issuers can elect to submit in advance of making their official filings to help make sure EDGAR will process the filings as intended. Issuers sometimes elected to include nonpublic information in test filings, such as actual quarterly earnings results not yet released to the public.
Ieremenko extracted nonpublic test files from SEC servers, and then passed the information to different groups of traders.
Also implicated in the SEC’s complaint are:
• Sungjin Cho, Los Angeles, California
• David Kwon, Los Angeles, California
• Igor Sabodakha, Ukraine
• Victoria Vorochek, Ukraine
• Ivan Olefir, Ukraine
• Andrey Sarafanov, Russia
• Capyield Systems, Ltd. (owned by Olefir)
• Spirit Trade Ltd.
In a parallel action, the U.S. Attorney’s Office for the District of New Jersey today announced related criminal charges. The SEC’s complaint charges each of the defendants with violating the federal securities antifraud laws and related SEC antifraud rules and seeks a final judgment ordering the defendants to pay penalties, return their ill-gotten gains with prejudgment interest, and enjoining them from committing future violations of the antifraud laws. The SEC also named and is seeking relief from four relief defendants who profited from the scheme when defendants used the relief defendants’ brokerage accounts to place illicit trades.
So…where’s your data?
SEC/Edgar aside, how about you keep your data safe, compliant, and close at hand? That’s where Patrina comes in. We’ve built our business based on helping organizations stay on the “straight and narrow” efficiently and cost-effectively. So, let’s talk. Call 212-233-1155 to ask about Patrina’s cost-effective, designated third-party services, our comprehensive, 8-module compliance solution, and compliant data capture & file storage, and records archiving specifically designed for the financial services community. Be smart. Be covered.