US lays charges for hacking SEC database for filing public company earnings

Credit: ID 130315150 © Firuz Buksayev | Dreamstime.com

The US Securities and Exchange Commission (SEC) has charged hackers for illegally accessing the SEC’s EDGAR database to use in illegal trades after the same group had hacked press release services to make trades on non-public information.  

The SEC today announced charges against nine people for hacking EDGAR to use information in illegal trades that took place in 2016. 

The charges are against one Ukraine hacker, six traders from California, Ukraine, and Russia, and two companies.   

The hacker and traders are alleged to have used EDGAR illegally in 2016 after hacking the press release services, PRNewswire Associates LLC and Business Wire, according to Bloomberg

The accused allegedly gained access to the SEC’s computer networks through a “series of targeted cyber-attacks, including directory traversal attacks, phishing attacks, and infecting computers with malware”, according to the Justice Department.

EDGAR, or the Electronic Data Gathering, Analysis, and Retrieval system, contains millions of forms that companies submit before the information is made publicly available. People with access to these non-public information can win on trades before the information is made public.

The SEC alleges that Ukrainian hacker Oleksandr Ieremenko hacked the SEC database to gain access to non-public earnings results between May and October 2016 that earned him and others involved at least $4.1 million.

The Justice Department today announced that 26-year-old Ieremenko and fellow Ukrainian national Artem Radchenko, 27, faced fraud and computer crime charges for illegally accessing pre-release earning reports from the SEC.

The breaches highlight the difficulties the US has faced in preventing and punishing foreign hackers for attacking US financial markets. 

“The defendants allegedly orchestrated sophisticated computer intrusions to steal non-public information from the SEC, compromising the integrity of the market and depriving honest investors of a level playing field,” said Assistant Attorney General Benczkowski.  

“The Department of Justice will aggressively pursue and prosecute those who attack our financial markets and seek to profit unfairly, no matter where such offenders reside.”

After stealing information from EDGAR, the hackers sent the earnings reports to a server in Lithuania. People involved in the scheme used the information to make trades before the information was made public.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags SECEDGAR Online

More about BloombergDepartment of JusticeSECSecurities and Exchange Commission

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Liam Tung

Latest Videos

More videos

Blog Posts