Federal authorities have charged nine defendants with participating in a scheme to hack a Securities and Exchange Commission database to steal confidential information that netted $4.1 million in illegal stock trade profits.
Two of the defendants, federal prosecutors in New Jersey said, breached SEC networks starting in May 2016 by subjecting them to hacks that included directory traversal, phishing attacks, and infecting computers with malware. From there, the defendants allegedly accessed EDGAR (the SEC’s Electronic Data Gathering, Analysis, and Retrieval system) and stole nonpublic earnings reports that publicly traded companies had filed with the commission. The hackers then passed the confidential information to individuals who used it to trade in the narrow window between when the files were stolen and when the companies released the information to the public.
“Defendants’ scheme reaped over $4.1 million in gross ill-gotten gains from trading based on nonpublic EDGAR filings,” SEC officials charged in a civil complaint. It named Ukrainian nationalist Oleksandr Ieremenko as a hacker, along with six individual traders in California, Ukraine, and Russia, and it also named two entities. A criminal complaint filed by federal prosecutors in New Jersey charged Ieremenko and a separate Ukrainian named Artem Radchenko with carrying out the hack.