Two Ukrainian men hacked into the Securities and Exchange Commission's computers to steal thousands of quarterly and annual reports of public companies and worked with traders to use the information to make more than $4 million in illegal profits, U.S. Atty. Craig Carpenito said Tuesday.
An indictment charged Artem Radchenko and Oleksandr Ieremenko with multiple counts of conspiracy, computer fraud and wire fraud. The SEC also filed civil charges Tuesday against Ieremenko and six others from the United States, Ukraine and Russia plus two offshore trading companies.
Both men are fugitives. Ieremenko is well known to law enforcement through his alleged involvement in a similar conspiracy to hack into the computers of business newswire services. He was indicted in connection with that scheme in 2015.
Steven Peikin, co-director of the SEC's division of enforcement, said in-house tools helped the agency identify foreign and domestic traders involved in the alleged scheme. He said some were also involved in the newswire hacking scheme.
In one example of how the system allegedly worked, officials said a report was extracted eight minutes after it appeared in SEC computers — but before it was publicly available. The group then made trades for roughly 35 minutes and ultimately made more than $300,000 after the information was made public.
The stolen reports contained information such as whether a company was going to meet or fall short of earnings forecasts.
Some of the methods the defendants are accused of using to gain entry to the SEC's computers were relatively low-tech, such as phishing, in which bogus emails were sent to SEC employees, purportedly from colleagues.
Others were more sophisticated. Officials alleged Tuesday that Ieremenko ultimately created a program that automatically extracted thousands of reports from the SEC before their public release. The computer servers are in New Jersey.
Peikin said steps have been taken to safeguard the system.