Today in Security - The SEC’s Battle with Hackers

Today in Security: The SEC’s Battle with Hackers

​Although the partial U.S. government shutdown has slowed current federal operations, the U.S. Securities and Exchange Commission's (SEC) ongoing battle against hackers continues.  On Tuesday, the SEC announced charges against nine defendants for a scheme to hack into the SEC's EDGAR computer system and extract nonpublic information to use for illegal trading.

Back in 2015, SEC charged 32 defendants for their involvement in a scheme to profit from stolen nonpublic information about corporate earnings announcements. At the time, SEC officials said it was one of the most complex and sophisticated trading rings they had ever seen. Over a five-year period, two Ukrainian hackers, Ivan Turchynov and Oleksandr Ieremenko, spearheaded an effort to hack into newswire services and steal corporate earnings announcements before they were released publicly. The hackers and their associates made more than $100 million by trading on the stolen information, the SEC charged.

Turchynov and Ieremenko created a secret web-based location to transmit the stolen data to traders in Russia, Ukraine, Malta, Cyprus, France, and the U.S. states of Georgia, New York, and Pennsylvania.  The traders allegedly used this information to place illicit trades in stocks, options, and other securities, according to the SEC.

"This international scheme is unprecedented in terms of the scope of the hacking, the number of traders, the number of securities traded and profits generated," said Securities and Exchange Commission Chair Mary Jo White said in a statement.

In Tuesday's follow-up charges, the SEC alleges that Ieremenko went beyond the news agency hackings.

According to the SEC's account, after hacking the newswire services, Ukrainian hacker Ieremenko focused his efforts on the SEC's EDGAR computer system and gained access in 2016. He obtained EDGAR files containing nonpublic earnings results, and the information was passed to individuals who used it to trade before the information was publicly released. In total, the suspects traded on 157 earnings releases from May to October 2016 and made more than $4 million in illegal profits.

Besides Ieremenko, SEC charged six individual traders in California, Ukraine, and Russia, as well as two business entities. Like Ieremenko, some of the other traders were also involved in the 2015 newswire hacking.

"International computer hacking schemes like the one we charged today pose an ever-present risk to organizations that possess valuable information," Enforcement Division Co-Director Stephanie Avakian said in a statement Tuesday.

The charges announced Tuesday are just the latest in the SEC's ongoing battle with hackers. In an article in a previous issue of Security Management ("Cutting Edge Criminals," December 2017), the SEC's use of data analytic tools to detect suspicious patterns such as improbably successful trading is explored.