Last month, the U.S. Securities and Exchange Commission charged nine defendants with hacking into the agency’s EDGAR system – the online platform used by public companies for making their public filings – and stealing material nonpublic information to use for illegal trading purposes.

While the charges are new, the insider trading scheme goes back years and underscores the challenges faced by U.S. law enforcement and regulatory authorities in pursuing foreign nationals who violate U.S. securities laws.

According to a 43-page complaint filed in federal court in New Jersey, a Ukrainian hacker and six individual traders based in the U.S., the Ukraine and Russia, made off with more than $4.1 million in illegal profits by hacking the EDGAR system and trading in front of market-moving news.

The EDGAR system is a repository of public company information and getting a peak at it before it goes public virtually assures a cybercriminal of making a profit. According to the SEC’s complaint, the hackers used “deceptive hacking techniques” to gain access to the EDGAR system in 2016 and extracted files that contained earnings results that had not yet been made public. The earnings information was then passed to the other defendants who traded on it during the short time frame between when the files were stolen from the EDGAR system and when the information was publicly released.

In all, according to the SEC, the defendants traded on at least nonpublic 157 earnings releases from May to October of 2016. On average, that means the rogue traders made slightly in excess of $26,000 per illegal trade.

The SEC’s complaint charges each defendant with violation the federal securities antifraud laws and related SEC rules and seeks the return of all illegal trading profits, among other things.

In addition, the U.S. Attorney’s Office in New Jersey filed parallel criminal charges against several of the defendants. The indictment charges that the hackers “used a series of targeted cyber-attacks” including phishing emails to commission employees and then infected some of the agency’s computers with malware. The scheme targeted “test filings” that companies often file in the EDGAR database before actual filings that are intended to be made public. Test filings often contain information similar to that in the actual filings.

This isn’t the first brush with authorities for most of these defendants.  In 2015, several of the defendants were accused of hacking PRNewswire and Business Wire.

 

×