A group of mainly US-based stock traders and computer hackers in Ukraine made as much as $100m in illegal profits over five years by conspiring to use information stolen from thousands of corporate press statements before their public release, US authorities have said.
Prosecutors announced charges against nine people in an insider-trading case that marks the first time criminal charges have been brought for a securities fraud scheme involving hacked inside information, in this instance 150,000 press releases from distributors Business Wire, Marketwired and PR Newswire.
"This is the story of a traditional securities fraud scheme with a twist - one that employed a contemporary approach to a conventional crime," Diego Rodriguez, FBI assistant director-in-charge, said at a news conference.
Prosecutors said the Ukraine-based hackers, who were given "shopping lists" of press releases by the traders, improperly accessed press statements before the distributors planned to release them to the public.
The hackers created a "video tutorial" to help traders see the stolen releases and were paid a portion of the profits from trades based on the information in them, prosecutors said.
The nine people were indicted by grand juries in Brooklyn, New York, and Newark, New Jersey, on charges that they made $30m in illegal profits starting around February 2010.
Five were arrested yesterday. International arrest warrants were issued for the other four.
The US Securities and Exchange Commission in a related civil lawsuit charged 17 people and 15 corporate entities, and said that thefts of inside information resulted in more than $100m in illegal profit.
The SEC said the network included traders in New York, Cyprus, France, Malta and Russia.
It is seeking civil penalties, and has already obtained court-ordered asset freezes.
Law enforcement officials have warned companies for years about securing their computer networks against hackers, whose victims over the past two years have included leading retailers and US government personnel.
"This case illustrates how cyber criminals and those who commit securities fraud are evolving and becoming more sophisticated," US Attorney Paul Fishman in New Jersey said at the news conference. "The hackers were relentless and they were patient."
Fishman said the distributors, who were not charged with wrongdoing, provided "fabulous cooperation" in the probe.
The breaches could put more pressure on the information distribution business, which was founded decades ago and depends on clients trusting the distributors with sensitive information.
In recent years, prominent US companies including Google, Microsoft, Wal-Mart Stores and Tesla have started to release important information on their own websites or social media platforms, reducing their dependence on the business wires.
The three distribution companies all released statements touting their cooperation with authorities and their security measures.
Business Wire, a unit of Warren Buffett's Berkshire Hathaway, said it hired a security firm to test its systems.
"Despite extreme vigilance and commitment, recent events illustrate that no one is immune to the highly sophisticated illegal cyber-intrusions that are plaguing every aspect of our society," it said in a statement.
PR Newswire, a unit of Britain's UBM, said it also takes security very seriously, while Marketwired said it is protected by world-class security, monitoring and prevention practices.
The indictments said the news releases included sensitive corporate information such as financial results that would later become public. Foreign shell companies were used to share the money made from the insider trading, officials said.
"The traders were market-savvy, using equities, options and contracts for differences to maximize their profits," SEC Chair Mary Jo White said at the news conference.
Authorities said the scheme involved trades on such companies as Acme Packet, Align Technology, Caterpillar, Dealertrack Technologies, Dendreon, Edwards Lifesciences, Hewlett-Packard, Home Depot and Panera Bread.
The indictment in Brooklyn charged four traders: Vitaly Korchevsky, 50, a former hedge fund manager from Pennsylvania; Vladislav Khalupsky, 45, of Brooklyn and Odessa, Ukraine; and Leonid Momotok, 47, and Alexander Garkusha, 47, of the US state of Georgia.
The charges included securities fraud, wire fraud and money laundering conspiracy.
Mr Korchevsky appeared without a lawyer in federal court in Philadelphia. He was released on a $100,000 bond and told to surrender his passport, but later , a judge in Brooklyn stayed his release order, authorising law enforcement to keep him in custody until a bail hearing can be held in Brooklyn.
A prosecutor told the court that Mr Korchevsky was a flight risk with $5 million at his disposal and that he had travelled abroad 42 times since 2010. Mr Korchevsky's wife told the judge that 99% of her husband’s travel was in his role as a pastor.
The indictment made public in New Jersey charged Ivan Turchynov, 27, and Oleksandr Ieremenko, 24, alleged hackers who live in Ukraine; Pavel Dubovoy, 32, a trader from Ukraine; and Arkadiy Dubovoy, 51, and his son Igor Dubovoy, 28, traders from Georgia.
Arkadiy Dubovoy and Igor Dubovoy appeared in federal court in Atlanta, while Mr Momotok and Mr Garkusha made court appearances in nearby Gainesville. All four were scheduled to be in court again on Thursday.
One indictment quotes online chats in which Mr Ieremenko told Mr Turchynov on 25 March 2012, that he had "bruted" the log-in credentials of 15 Business Wire employees, and told an unidentified recipient in Russian on 10 October 2012, that "I'm hacking prnewswire.com."
SEC investigators found the traders by using technology that identified both suspicious trading and relationships among traders, Ms White told reporters.
She said those charged "went to great lengths to evade detection" and the SEC sorted through millions of traders, thousands of earnings announcements and gigabytes of data on IP addresses.