X

Two Ukrainians charged with 2016 hack of SEC

The pair allegedly hacked a corporate filing system to obtain not-yet-public earnings reports.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read
Chip Somodevilla / Getty Images

US authorities have charged two Ukrainian men with hacking into the US Securities and Exchange Commission's computer networks to steal and profit from nonpublic earnings reports of publicly traded companies.

The indictment, filed Tuesday by the US Justice Department, accuses the pair of hacking into EDGAR, the SEC's corporate filing system used by public companies, in 2016. The hack, which went undetected for more than five months, netted the defendants and conspirators more than $4.1 million in illegal profits after they placed trades based on the stolen information, authorities said

The defendants' hacking and insider trading scheme cheated the securities markets and the investing public, US Attorney Craig Carpenito said in a statement.

"They targeted the Securities and Exchange Commission with a series of sophisticated and relentless cyber-attacks, stealing thousands of confidential EDGAR filings from the commission's servers and then trading on the inside information in those filings before it was known to the market, all at the expense of the average investor," Carpenito said.

SEC Chairman John Clayton revealed the hack in September 2017. At the time, Clayton said nonpublic information was transmitted through nonsecured personal email accounts.

On Tuesday, authorities accused Artem Radchenko, 27, and Oleksandr Ieremenko, 26, of conspiring to commit securities fraud, computer fraud and wire fraud in their alleged hack of Edgar. The pair used targeted cyberattacks, including phishing attacks and planted malware, to gain access to the SEC's computer networks, authorities said.

They then used a server in Lithuania to obtain thousands of "test filings," filings companies make in advance of public release and that often contain information that's similar or identical to that found in the official filing.

Related civil charges were also filed against nine individuals accused of conspiring with Ieremenko to profit from trades placed on information contained in the stolen filings. Two traders in Los Angeles, Sungjin Cho and David Kwon, were named as defendants in the SEC lawsuit.

Ieremenko was charged in 2015 with the theft of 150,000 press releases from services like PR Newswire, Business Wire and Marketwired. Iermolovych allegedly made tens of thousands of dollars by selling the releases online and many millions more by making trading decisions based on the non-yet-public information contained within.

Security: Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.

Blockchain Decoded: CNET looks at the tech powering bitcoin -- and soon, too, a myriad services that will change your life.