Newark, N.J.–Nine people were charged in two indictments unsealed today in Brooklyn, New York, and Newark federal court with an international scheme to hack into three business newswires and steal yet-to-be published press releases containing non-public financial information that was then used to make trades that allegedly generated approximately $30 million in illegal profits.
The SEC also unsealed a civil complaint today charging the nine indicted defendants and several other individuals and entities.
The indictments unsealed today charge the defendants with hacking into the newswires and stealing confidential information about companies traded on the NASDAQ and NYSE in what is the largest scheme of its kind ever prosecuted. The defendants allegedly stole approximately 150,000 confidential press releases from the servers of the newswire companies. They then traded ahead of more than 800 stolen press releases before their public release, generating millions of dollars in illegal profits.
“Today’s announcement is a testament to the countless hours of hard work and dedication by law enforcement and other personnel across government, including the Secret Service investigative team. In today’s day and age, criminals are using computers instead of guns to steal money and threaten the safety and security of our cyber networks,” U.S. Secretary of Homeland Security Jeh Johnson said. “In matters of cybersecurity, the Department of Homeland Security has a major law enforcement role, and our work to counter cyber threats is a critical priority for the Secret Service because of the substantial threat it poses to this nation’s financial infrastructure.”
“The defendants were a well-organized group that allegedly robbed the newswire companies and their clients and cheated the securities markets and the investing public by engaging in an unprecedented hacking and trading scheme,” U.S. Attorney Paul Fishman said. “The defendants launched a series of sophisticated and relentless cyber attacks against three major newswire companies, stole highly confidential information and used to enrich themselves at the expense of public companies and their shareholders.”
The 23-count District of New Jersey indictment charges five defendants – Ivan Turchynov, 27; Oleksandr Ieremenko, 24; and Pavel Dubovoy, 32; all of Ukraine, and Arkadiy Dubovoy, 51, and Igor Dubovoy, 28, of Alpharetta, Georgia – with wire fraud conspiracy, securities fraud conspiracy, wire fraud, securities fraud, and money laundering conspiracy. Turchynov and Ieremenko are additionally charged with computer fraud conspiracy, computer fraud, and aggravated identity theft.
The Eastern District of New York indictment charges four defendants: Vitaly Korchevsky, 50, of Glen Mills, Pennsylvania; Vladislav Khalupsky, 45, of Brooklyn, New York; and Odessa, Ukraine; Leonid Momotok, 47, of Suwanee, Georgia; and Alexander Garkusha, 47, of Cummings and Alpharetta, Georgia, with wire fraud conspiracy, securities fraud conspiracy, securities fraud, and money laundering conspiracy.
Earlier today, the government seized 17 bank and brokerage accounts containing more than $6.5 million of alleged criminal proceeds. The government also took steps to restrain 12 properties, a shopping center located in Pennsylvania, an apartment building located in Georgia, and a houseboat, all worth more than $5.5 million.
Five of the nine defendants named above were arrested this morning: Arkadiy Dubovoy, Igor Dubovoy, Momotok, and Garkusha were all arrested at their homes in Georgia, and are scheduled to appear this afternoon before U.S. Magistrate Judge Alan J. Baverman in federal court in Atlanta, Georgia. Korchevsky was arrested at his home in Glenn Mills, Pennsylvania, and is scheduled to appear this afternoon before U.S. Magistrate Judge Linda K. Caracappa in federal court in Philadelphia, Pennsylvania. Turchynov, Ieremenko, Pavel Dubovoy, and Khalupsky remain in Ukraine, and international arrest warrants were issued today for their arrests.
Between February 2010 and August 2015, Turchynov and Ieremenko, computer hackers based in Ukraine, gained unauthorized access into the computer networks of Marketwired L.P., PR Newswire Association LLC (PRN), and Business Wire. They used a series of sophisticated cyber attacks to gain access to the computer networks. The hackers moved through the computer networks and stole press releases about upcoming announcements by public companies concerning earnings, gross margins, revenues, and other confidential and material financial information.
At one point, one of the hackers sent an online chat message in Russian to another individual stating, “I’m hacking prnewswire.com.” In another online chat, Ieremenko told Turchynov that he had compromised the log-in credentials of 15 Business Wire employees.
The hackers shared the stolen press releases with traders Arkadiy Dubovoy, Korchevsky, Momotok, Igor Dubovoy, Pavel Dubovoy, Khalupsky, Garkusha, and others, using overseas computer servers that they controlled. In a series of emails, the hackers even shared “instructions” on how to access and use an overseas server where they shared the stolen releases with the traders, and the access credentials and instructions were distributed amongst the traders. In an email sent by one of the traders, the instructions for accessing the overseas server suggested that users conceal their Internet Protocol address when accessing the server as a precaution to avoid detection. The traders created “shopping lists” or “wish lists” for the hackers listing desired upcoming press releases from Marketwired and PRN for publicly traded companies. Trading data obtained over the course of the investigation showed that, after one of the shopping lists or wish lists was sent, the traders and others traded ahead of several of the press releases listed on it.
The traders generally traded ahead of the public distribution of the stolen releases, and their activities shadowed the hackers’ capabilities to exfiltrate stolen press releases. In order to execute their trades before the releases were made public, the traders sometimes had to execute trades in extremely short windows of time between when the hackers illegally accessed and shared information and when the press releases were disseminated to the public by the newswires, usually shortly after the close of the markets. Frequently, all of this activity occurred on the same day. Thus, the trading data often showed a flurry of trading activity around a stolen press release just prior to its public release. The defendants illegal trading resulted in gains of more than $30 million, of which Korchevsky accounted for more than $17 million and Arkadiy Dubovoy accounted for more than $11 million.
The traders traded on stolen press releases containing material nonpublic information about publicly traded companies that included, among hundreds of others: Align Technology Inc.; Caterpillar Inc.; Hewlett Packard; Home Depot; Panera Bread Co.; and Verisign Inc.
The traders paid the hackers for access to the overseas servers based, in part, on a percentage of the money the traders made from their illegal trading activities. The hackers and traders used foreign shell companies to share in the illegal trading profits.
“This is the story of a traditional securities fraud scheme with a twist—one that employed a contemporary approach to a conventional crime. In this case the defendants allegedly traded on nonpublic information, ultimately benefitting from more than $30 million in illegal profits over the course of three years,” Assistant Director-in-Charge Diego Rodriguez said. “But just as criminals continue to develop relationships with one another in order to advance their objectives, the law enforcement community has developed a collaborative approach to fighting these types of crimes.”
“Cyber cases such as this are a vital part of the Secret Service’s integrated mission,” Joseph Clancy, Director of the U.S. Secret Service, said. “This is yet another example of the successful investigative work being done in coordination with our partners in the global law enforcement community.”
The wire fraud conspiracy and substantive wire fraud counts with which all defendants are charged carry a maximum potential penalty of 20 years in prison and a $250,000 fine, or twice the gain or loss from the offense. The securities fraud conspiracy count with which all defendants are charged carries a maximum potential penalty of five years in prison and a $250,000 fine, or twice the gain or loss from the offense. The substantive securities fraud counts with which all defendants are charged carry a maximum potential penalty of 20 years in prison and a $5 million fine, or twice the gain or loss from the offense. The money laundering conspiracy count with which all defendants are charged carries a maximum potential penalty of 20 years in prison and a $500,000 fine, or twice the value of the funds involved in the illegal transfers. The computer fraud counts with which the alleged hackers are charged carry a maximum potential penalty of five years’ imprisonment and a $250,000 fine, or twice the gain or loss from the offense. The aggravated identity theft counts with which the hackers are charged carry a mandatory consecutive term of imprisonment of 24 months.