As told by federal authorities, it was the ultimate cyber-era criminal mash-up: an elaborate computer hacking operation to enable a global and lucrative insider trading scheme.
In one of the most sweeping cases yet involving securities fraud and computer crime, prosecutors and the Securities Exchange Commission unveiled what they said was a long-running scheme to profit from yet-to-be-released corporate earnings, deals and other market-moving data.
The scheme, spanning from Ukraine to the U.S., involved the alleged hacking of business news wire services to pull inside information from pending but still private press releases and other documents so that rogue traders could get a jump on buying or selling shares before breaking news moved the stock prices.
The indictments, filed in U.S. District courts here and in Brooklyn, N.Y., accused a foreign-based hacking network of downloading more than 150,000 press releases for traders in the U.S. and elsewhere. The traders paid the hackers a flat rate or a percentage of the profits, the indictments alleged.
A companion civil case filed by the SEC included a wider network of defendants including hackers, traders and small securities firms in places such as Moscow, Paris, Cyprus and Malta. In all, the scheme netted more than $100 million in illicit profits, according to the SEC's complaint.
Analysts said the case, while not the first involving computer hacking and securities fraud, was a landmark for the breadth and complexity of the scheme and the fact that it involved criminal charges.
"This is the first time they have caught a scheme that involved both computer hackers and insider trading, going on for a long time and involving a substantial amount of money," said John Coffee, a Columbia University law professor.
The indictments and the civil case were unveiled at a news conference here Tuesday morning by SEC Chairwoman
Fishman said the indictment described "a cutting-edge, international scheme at the intersection of hacking and securities fraud."
The indictments allege that from 2010 to at least 2013, Ivan Tuchynov and Oleksandr Ieremenko, both Ukrainian residents, and others described as the "hacker" defendants "developed sophisticated systems" to gain access to Berkshire Hathaway unit Business Wire, Marketwired and PR Newswire Assn., all of which are major public relations news wire services that public companies hire to disseminate market-moving information at set times and in an orderly manner.
Following one intrusion, around October 2010, for instance, Turchynov sent about 96 stolen press releases taken from PR Newswire in an email under the subject line "fresh stuff," in Russian, to an individual, the indictment said. In the body of the email, he wrote, "[a]nd if he says he doesn't know what this is about, tell him 'quarterly report'"
The defendants allegedly shared the stolen releases by creating servers on which other defendants, known as "trader defendants," could quickly access the releases and trade on them before they were officially made public.
In a series of emails, the hackers shared instructions on how to access the servers and even made a video tutorial on how to do it, prosecutors said. Traders, in turn, sent hackers "shopping lists" or "wish lists" of upcoming press releases they wanted.
Authorities said the case illustrates the increasing sophistication of criminal networks both in their ability to hack sophisticated computer security systems as well as their acumen in using intricate trading strategies to conceal both the purpose of the scheme and who was behind it.
Using accounts at mainstream brokerages, the defendants traded in options, buying the right to buy or sell a security at a future time and a set price and, in short sales, borrowing shares and selling them to profit from a stock's decline, as well as in other types of sophisticated trades to fool securities regulators, officials said.
The indictments describe an elaborate array of hacking techniques, including phishing to fool unsuspecting employees at the wire service companies into allowing access to the system, "brute force" attacks to decrypt data and other ploys to gain access to the press releases.
In her remarks, White said the case also served as "a stark reminder to companies that your computer systems are vulnerable targets." She urged stepped-up vigilance.
Murray Jennex, a professor of information systems at San Diego State University, said the hacking techniques used in the case were not particularly innovative, but rather standard practices developed over the last several years.
Jennex said the case mostly points to the need for companies to focus as much on internal communications to detect signs of earlier hacks instead of concentrating entirely on new attacks from the outside.
"This was not a unique attack; these were not unique methods," he said. Companies "are looking at their external traffic. They need to start focusing on their internal stuff."
In statements, the news wire services said they take computer security seriously.
"As cybersecurity threats continue to evolve, so will our information security practices," said Robert Gray, chief executive of PR Newswire. Jason Maloni, a spokesman for Marketwired, said: "We found and fixed the issue at the heart of this matter, and we are confident that Marketwired is protected by world-class security, monitoring and prevention practices."
In all, nine defendants were charged, five from the U.S. and four from Ukraine. Authorities said the five U.S. residents were arrested in
Earlier Tuesday, the government seized 17 bank and brokerage accounts containing more than $6.5 million of alleged criminal proceeds.
The government also took steps to block the transfer of 12 properties, including a shopping center in Pennsylvania, an apartment building in Georgia and a houseboat. Those three properties were valued at a total of more than $5.5 million, authorities said.