By Matt Robinson and Chris Dolmetsch
(Bloomberg) --After the U.S. government shut down their scheme trading stocks on pilfered corporate press announcements, a team of eastern European hackers moved on to an even more ambitious target: the Securities and Exchange Commission.
That’s the startling claim laid out in a Tuesday court filing. The SEC said the same group that infiltrated PRNewswire Associates LLC and Business Wire computer servers years ago to obtain unreleased press statements was also behind the 2016 attack on the regulator’s Edgar database of corporate filings.
It’s a remarkable allegation that shows the challenges U.S. regulators face in bringing overseas fraudsters to justice, even if they’re repeat offenders. The case is also the latest example of hackers going to great lengths to brazenly steal secrets from American companies and government agencies.
The defendants include a network of traders who were based in the U.S., Ukraine and Russia, according to the SEC. They made more than $4.1 million after placing market bets based on information they received from Oleksandr Ieremenko, a 27-year-old hacker based in the Ukraine who worked with others to obtain thousands of filings from the Edgar system, the SEC said.
The stolen information included non-public corporate earnings reports and other material information. The Edgar breach lasted from May 2016 through at least October 2016, according to the SEC. All but one of the defendants sued Tuesday were also accused in 2015 of stealing unpublished press releases. Ieremenko, who was also accused of participating in the hack on PRNewswire and Business Wire, remains at large in the Ukraine, the SEC said in the Tuesday court filing.
Federal prosecutors separately unsealed a criminal indictment Tuesday against Ieremenko and Artem Radchenko, who’s also based in the Ukraine. The two were accused of hacking into the SEC’s computer networks and stealing unreleased financial reports of public companies. Both men are fugitives, New Jersey U.S. Attorney Craig Carpenito said at a press conference in Newark.
“The trader defendants charged today are alleged to have taken multiple steps to conceal their fraud, including using an offshore entity” to place their trades, Steven Peikin, the SEC’s co-enforcement director said in a statement. “Our staff’s sophisticated analysis of the defendants’ trading exposed the common element behind their success, providing overwhelming evidence that each of them traded based on information hacked from Edgar.”
The Edgar hack was an embarrassment for the SEC and lead to bipartisan criticism of the agency from U.S. lawmakers. After the breach was disclosed in September 2017, SEC Chairman Jay Clayton pledged to improve the regulator’s defenses against cyber attacks.
Clayton said Tuesday that the SEC has pursued a number of efforts to fortify Edgar and the the agency’s information-technology systems more broadly.
“We recognize that we must continuously use the resources available to us efficiently and effectively to bolster our cybersecurity defenses and reduce our cyber risk profile,” he said in a statement. “Our recent and ongoing work on both enhanced security and risk reduction has involved many of our divisions and offices as well as external consultants and government partners.”
Edgar is best known for being a massive repository where firms inform investors about everything from their earnings to top executives’ share sales. The hacked aspect of the database houses test filings that companies submit to familiarize themselves with using Edgar. Such filings are never intended to be made public.
--With assistance from Ben Bain.To contact the reporters on this story: Matt Robinson in New York at [email protected] ;Chris Dolmetsch in Federal Court in Manhattan at [email protected] To contact the editors responsible for this story: Jesse Westbrook at [email protected] Gregory Mott