A suspected Ukrainian computer hacker and several traders have been charged in a scheme that made more than $1.4 million in illicit profits by trading on nonpublic information stolen from a U.S. Securities and Exchange Commission database.
The charges resulted from a breach of the EDGAR database that SEC Chairman Jay Clayton disclosed in September 2017, raising concerns about the vulnerability of financial infrastructure.
According to an SEC civil complaint filed on Tuesday, Oleksandr Ieremenko of Kiev, Ukraine hacked into EDGAR and extracted thousands of nonpublic “test filings” containing, in some cases, companies’ submissions of their earnings results.
The stolen data was allegedly transmitted to six traders in California, Ukraine, and Russia, who were able to place profitable securities trades before the information was made publicly available on EDGAR.
Ieremenko and another Ukrainian, Artem Radchenko, have also been indicted in a parallel criminal case. Radchenko allegedly recruited the traders who were provided with the stolen test filings.
“The defendants … targeted the Securities and Exchange Commission with a series of sophisticated and relentless cyber attacks,” Craig Carpenito, the U.S. Attorney for New Jersey, said in a news release.
The SEC said the EDGAR breach was the second phase of a long-term hacking effort that began with the theft of more than 150,000 corporate press releases from business wire services, generating more than $100 million in trading profits. Ieremenko was previously charged in the newswire hack.
The EDGAR intrusion, the SEC said, involved exploiting the window of time between the submission of a test filing and the subsequent publication of the information contained in the test filing. Corporations use test filings to ensure their published results comply with SEC rules.
Ieremenko used a variety of deceptive hacking techniques to create “the false appearance that he was an authorized user of the EDGAR system,” according to the commission.
The traders named as defendants in the SEC’s case include Sungjin Cho and David Kwon of Los Angeles; Igor Sabodakha, Victoria Vorochek, and Ivan Olefir of Ukraine; Andrey Sarafanov of Russia; and two entities — Capyield Systems Ltd. and Spirit Trade Ltd.