U.S. Identifies Insider Trading Ring With Ukraine Hackers

Updated on
U.S. Exposes Insider Trading Ring Based on PR Hack

Exposing a new front in cybercrime, U.S. authorities broke up an alleged insider trading ring that relied on computer hackers to pilfer corporate press announcements and then profited by trading on the sensitive information before it became public.

In morning raids in Georgia and Pennsylvania, federal agents arrested five traders in the plot, while four others indicted on hacking and securities fraud charges are at large.

The suspected hackers, who are thought to be in Ukraine, allegedly infiltrated the computer servers of PRNewswire Association LLC, Marketwired and Business Wire, a unit of Warren Buffett’s Berkshire Hathaway Inc., over a five-year period.

They siphoned more than 150,000 press releases including corporate data on earnings that could be used to anticipate stock market moves and make profitable trades, the U.S. said. The hackers passed the information to associates in America and Ukraine, who allegedly used it to buy and sell shares of dozens of companies, including Panera Bread Co., Boeing Co., Hewlett-Packard Co., Caterpillar Inc. and Oracle Corp., through retail brokerage accounts.


Ukraine’s Hackers: What Do We Know?

  • An international police operation into the “Shylock” banking malware, which infected more than 100,000 computers, led to properties in Ukraine being searched and computers seized in 2014.
  • In June, Ukrainian police arrested five people suspected of links to ZeuS and Spyeye, two viruses that target online bank accounts around the world.
  • The country's Department on Combating Cybercrime, part of the Ministry of Internal Affairs, deals with online offenders.

Kit Chellel, Bloomberg News


Prosecutors said the men targeted more than 100 companies and made “approximately 1,000 inside the window trades.” Money was then shifted offshore through Estonian banks, according to one of two federal indictments unsealed Tuesday.

While U.S. prosecutors said the nine men netted $30 million, a broader lawsuit by the Securities and Exchange Commission listed more than two dozen individuals and companies as defendants in an alleged scheme that earned $100 million.

By way of comparison, Manhattan U.S. Attorney Preet Bharara described the $275 million insider trading case of SAC Capital Advisors LP portfolio manager Mathew Martoma as the biggest ever against a single person.

Cyber Realm

The prosecution’s case, led by the Brooklyn, New York, U.S. Attorney’s Office and the FBI, shows how insider trading has crossed into the cyber realm, exposing the vulnerabilities of financial markets in the digital age. Just as prosecutors deploy ever-more aggressive tactics like wiretaps to curb illegal trading, criminals have leapt past them with a simple ruse: Steal information instead of persuading others to share it.

It’s also a great equalizer. No longstanding Wall Street connections are needed to glean advance information from companies.

Still, the arrests and dual indictments in Brooklyn and New Jersey are a significant victory for the Federal Bureau of Investigation and prosecutors, who have been struggling to halt an increasing number of computer incursions that have publicly shaken Target Corp., Sony Corp. and JPMorgan Chase & Co., among other big companies.

Attorneys for defendants in both cases who had retained counsel couldn’t be immediately reached for comment.

At a press conference in Newark, New Jersey, Tuesday, SEC Chair Mary Jo White joined Homeland Security Secretary Jeh Johnson, New Jersey U.S. Attorney Paul Fishman and Acting Brooklyn U.S. Attorney Kelly Currie to announce the charges.

“Today’s international case is unprecedented in terms of the scope of the hacking at issue, the number of traders involved” and the number of securities and the amount of illegal profit, White said.

By spreading their activity across multiple accounts, they showed their “market savvy,” she said.

Inside Information

With defendants spanning two countries, it’s not yet clear who masterminded the idea to hack the firms and trade off the information.

The only professional U.S. trader arrested was Vitaly Korchevsky, who was picked up Tuesday morning at his home in Glen Mills, Pennsylvania, outside Philadelphia.

Korchevsky is described by the authorities as the linchpin of the markets strategy, having run a mutual fund and worked on Wall Street before starting his own hedge fund. He operated NTS Capital, which has made no filings since its initial one four years ago. It’s unclear if the fund is still in operation. NTS was named as a defendant in the SEC complaint.

Korchevsky was indicted in Brooklyn on five counts including conspiracy to commit securities and money laundering. Also named in that case are Vladislav Khalupsky, Leonid Momotok and Alexander Garkusha.

Korchevsky was freed Tuesday on $100,000 bond after appearing in Philadelphia federal court.

Caterpillar Earnings

In the indictment unsealed in Newark, prosecutors described a number of trades involving large purchases of shares made ahead of quarterly earnings reports. For example, at the beginning of 2012, Peoria, Illinois-based Caterpillar submitted to PRNewswire a prepared announcement stating that its profits for the previous year had risen 36 percent.

The announcement, which sat in the wire’s server for less than 24 hours, was scooped up by the hackers and passed to the traders, according to the government. In this short window, they allegedly bought $8.3 million in Caterpillar stock and options. The announcement was then released publicly before the markets opened on Jan. 26.

The stock rose 2 percent from $109.05 to $111.31 that day. The traders closed out their position for a profit of about $1 million, prosecutors said.

A spokeswoman for Caterpillar didn’t immediately return a call or e-mail seeking comment on the case.

Few Credentials

Named in the 23-count New Jersey indictment are five men: Ivan Turchynov, Oleksandr Ieremenko, Arkadiy Dubovoy, Igor Dubovoy and Pavel Dubovoy.

Little is known about the men other than they allegedly worked with others to extract inside information out of several press wire firms.

They appear to have little or no financial credentials or obvious experience as traders. They work in real estate and construction and operate a myriad of LLCs that appear to be covers for their trading operations, according to public records.

Three of the defendants appear to be related: Igor, Arcadiy and Pavel Dubovoy. Arkadiy and Igor, who are father and son, currently live in Georgia, while Pavel is thought by the government to be in Ukraine.

The five men face counts of conspiracy to commit securities fraud and hacking.

Arkadiy Dubovoy, Igor Dubovoy, Momotok, and Garkusha were arrested Tuesday at their homes in Georgia. Turchynov, Ieremenko, Pavel Dubovoy, and Khalupsky remain at large.

SEC Suit

The SEC filed a parallel lawsuit Tuesday in New Jersey federal court. In addition to the nine men, additional defendants included companies affiliated with them, foreign nationals, hedge funds and firms, most of which are based in Moscow.

The regulator said Korchevsky made about $17.5 million in illicit profits, while the Dubovoy men made more than $31 million.

The complaint described trading by the defendants based on illegally obtained releases from Radio Shack Corp. and Brocade Communications Systems Inc., among others.

The investigation began when prosecutors in Brooklyn and the FBI received a referral from the SEC about a pattern of suspicious trading by some of the defendants.

SEC's White: New Tools Identify Suspicious Trading

The U.S. Secret Service and federal prosecutors in New Jersey later began a separate investigation that focused on the foreign hackers, a person familiar with the matter said.

For more than two years, investigators unraveled the scheme and the trades, which continued until recently, say people familiar with the investigation.

Federal agents alerted the three wire services of the computer breaches, and the firms didn’t disclose them publicly to allow the investigation to continue unimpeded, the person said.

Business Wire said Tuesday in an e-mailed statement that it has been cooperating with the Justice Department and has hired a cybersecurity firm to “conduct additional forensic testing of its systems, and to provide assurance that Business Wire’s network is fully operational and secure.”

Read this next:

PR Newswire and Marketwired issued similar statements, saying they cooperated with the government.

“At PR Newswire, we take security very seriously and are dedicated to protecting our information and systems,” said Robert Gray, the company’s chief executive. “As cybersecurity threats continue to evolve, so will our information security practices.”

Marketwired said it fixed “the issue at the heart of this matter,” and is confident its systems are “protected by world-class security, monitoring and prevention practices.”

Before it's here, it's on the Bloomberg Terminal. LEARN MORE