Hackers charged for breach of key government financial database: SEC

by Ike Obudulu Posted on January 16th, 2019

Washington D.C.: The U.S. Securities and Exchange Commission (SEC) today announced charges against nine defendants for participating in a previously disclosed scheme to hack into the SEC’s EDGAR system and extract nonpublic information to use for illegal trading. The SEC charged a Ukrainian hacker, six individual traders in California, Ukraine, and Russia, and two entities. The hacker and some of the traders were also involved in a similar scheme to hack into newswire services and trade on information that had not yet been released to the public. The SEC charged the hacker and other traders for that conduct in 2015 (see here, here and here).

The SEC’s complaint alleges that after hacking the newswire services, Ukrainian hacker Oleksandr Ieremenko turned his attention to EDGAR and, using deceptive hacking techniques, gained access in 2016. Ieremenko extracted EDGAR files containing nonpublic earnings results. The information was passed to individuals who used it to trade in the narrow window between when the files were extracted from SEC systems and when the companies released the information to the public. In total, the traders traded before at least 157 earnings releases from May to October 2016 and generated at least $4.1 million in illegal profits.

“International computer hacking schemes like the one we charged today pose an ever-present risk to organizations that possess valuable information,” said Enforcement Division Co-Director Stephanie Avakian. “Today’s action shows the SEC’s commitment and ability to unravel these schemes and identify the perpetrators even when they operate from outside our borders.”

“The trader defendants charged today are alleged to have taken multiple steps to conceal their fraud, including using an offshore entity and nominee accounts to place trades,” said Enforcement Division Co-Director Steven Peikin. “Our staff’s sophisticated analysis of the defendants’ trading exposed the common element behind their success, providing overwhelming evidence that each of them traded based on information hacked from EDGAR.”

The SEC’s complaint alleges that Ieremenko circumvented EDGAR controls that require user authentication and then navigated within the EDGAR system. Ieremenko obtained nonpublic “test files,” which issuers can elect to submit in advance of making their official filings to help make sure EDGAR will process the filings as intended. Issuers sometimes elected to include nonpublic information in test filings, such as actual quarterly earnings results not yet released to the public. Ieremenko extracted nonpublic test files from SEC servers, and then passed the information to different groups of traders.

The SEC’s complaint alleges that the following traders received and traded on the basis of the hacked EDGAR information:

• Sungjin Cho, Los Angeles, California
• David Kwon, Los Angeles, California
• Igor Sabodakha, Ukraine
• Victoria Vorochek, Ukraine
• Ivan Olefir, Ukraine
• Andrey Sarafanov, Russia
• Capyield Systems, Ltd. (owned by Olefir)
• Spirit Trade Ltd.

In a parallel action, the U.S. Attorney’s Office for the District of New Jersey today announced related criminal charges.

The SEC’s complaint charges each of the defendants with violating the federal securities antifraud laws and related SEC antifraud rules and seeks a final judgment ordering the defendants to pay penalties, return their ill-gotten gains with prejudgment interest, and enjoining them from committing future violations of the antifraud laws. The SEC also named and is seeking relief from four relief defendants who profited from the scheme when defendants used the relief defendants’ brokerage accounts to place illicit trades.

The SEC said it appreciates the assistance of the U.S. Attorney’s Office for the District of New Jersey, the Federal Bureau of Investigation, and the U.S. Secret Service.

Chairman Clayton’s statement on EDGAR hacking enforcement action

In August 2017, shortly after my arrival at the Commission, I was informed that an intrusion into the SEC’s Electronic Data Gathering, Analysis, and Retrieval (“EDGAR”) system took place in 2016. We immediately initiated a series of review and response initiatives, including promptly disclosing the incident and our anticipated response to the public and to Congress.

In the subsequent months, we have pursued various review and uplift efforts around the EDGAR system and the SEC’s information technology systems more broadly. These efforts are discussed in more detail in my Congressional testimony and our agency financial report.

Importantly, one of the agency’s principal efforts around the EDGAR intrusion has been the Division of Enforcement’s investigation into potentially illicit trading related to information that was stolen from the SEC. We have conducted our investigative efforts in valuable partnership with law enforcement.

Earlier today, we announced charges against several defendants for their participation in a fraudulent scheme centered on the EDGAR intrusion. Our complaint alleges that certain individuals hacked into EDGAR and accessed test filings, including test filings containing material nonpublic information pertaining to earnings announcements of publicly-traded companies. We allege that certain defendants then traded based on the hacked information and profited once the information became public. The defendants in this action include a Ukrainian hacker, six individual traders in California, Ukraine, and Russia, and two entities.

I commend the Division of Enforcement, and in particular the Cyber Unit and the Market Abuse Unit, for their thoughtful work on this matter. As in other actions, they have done an admirable job responding to cyber threats in order to protect American markets and investors. I also want to note my appreciation for the assistance provided by the SEC’s Office of Information Technology and Division of Economic and Risk Analysis for their significant contributions. Similarly, I appreciate the constructive collaboration with our law enforcement partners at the U.S. Attorney’s Office for the District of New Jersey, the Federal Bureau of Investigations and the U.S. Secret Service.

This action illustrates that the SEC faces many of the same cybersecurity threats that confront exchange-listed companies, other SEC-registered entities and market participants of all types. These threats to our marketplace are significant and ongoing and often involve threats from actors outside our borders. No system can be entirely safe from a cyber intrusion. Here at the SEC, we recognize that we must continuously use the resources available to us efficiently and effectively to bolster our cybersecurity defenses and reduce our cyber risk profile. Our recent and ongoing work on both enhanced security and risk reduction has involved many of our divisions and offices as well as external consultants and government partners. I appreciate the significant contributions from the Office of the General Counsel, Office of Inspector General, Office of the Chief Operating Officer, and the Office of Information Technology to these efforts.

Today’s enforcement action reinforces our dedication to protecting our markets and the over 50 million households invested in those markets. Speaking more broadly, I believe that our exchange-listed companies and other market participants should continue to improve their disclosure of cyber risks and cyber incidents as well as their individual and collective efforts to combat cyber risk.

Leave a Reply