On Tuesday, the Securities and Exchange Commission (SEC) at Oklahoma charged nine defendants who participated in a previously disclosed scheme to hack into SEC’s EDGAR corporate filing system and extracted nonpublic information for use in illegal trading. The charged defendants were, a Ukrainian hacker, six individual traders in California, Ukraine, and Russia, and two entities.
According to a CNBC report, “The scheme allegedly netted $4.1 million for fraudsters from the U.S., Russia, and Ukraine. Using 157 corporate earnings announcements, the group was able to execute trades on material nonpublic information. Most of those filings were “test filings,” which corporations upload to the SEC’s website.”
Craig Carpenito, U.S. Attorney for the District of New Jersey, said, “After hacking into the EDGAR system they stole drafts of [these] reports before the information was disseminated to the general public.”
According to Carpenito, the hacked documents included quarterly earnings, mergers and acquisitions plans and other sensitive news. Also, the criminals were able to view it before it was released as a public filing, thus affecting the individual companies’ stock prices.
The alleged hackers also executed trades on the reports and sold them to other illicit traders. One inside trader made $270,000 in a single day, Carpenito said.
The hack was carried out by sending a malicious software via email to the SEC employees. Carpenito said, after planting the software on the SEC computers, the hackers sent the information they were able to gather from the EDGAR system to servers in Lithuania, where they either used it or distributed the data to other criminals.
According to SEC official press report, “the hacker and some of the traders were also involved in a similar scheme to hack into newswire services and trade on information that had not yet been released to the public.”
Steven Peikin, Enforcement Division Co-Director alongside Avakian, said, “The trader defendants charged today are alleged to have taken multiple steps to conceal their fraud, including using an offshore entity and nominee accounts to place trades. Our staff’s sophisticated analysis of the defendants’ trading exposed the common element behind their success, providing overwhelming evidence that each of them traded based on information hacked from EDGAR.”
Know more about this news in detail in SEC’s official press release report.
Read Next
Hyatt Hotels launches public bug bounty program with HackerOne
Black Hat hackers used IPMI cards to launch JungleSec Ransomware, affects most of the Linux servers