The feds today charged nine people in two indictments unsealed in Brooklyn, New York, and Newark federal court. The charges spell out an alleged international scheme to hack into three business newswires and steal yet-to-be published press releases containing non-public financial information that was then used to make trades that allegedly generated approximately $30 million in illegal profits.
According to the U.S. Attorney’s Office, the indictments unsealed today charge the defendants with hacking into the newswires and stealing confidential information about companies traded on the NASDAQ and NYSE in what is the largest scheme of its kind ever prosecuted. The defendants allegedly stole approximately 150,000 confidential press releases from the servers of the newswire companies. They then traded ahead of more than 800 stolen press releases before their public release, generating millions of dollars in illegal profits.
“The defendants were a well-organized group that allegedly robbed the newswire companies and their clients and cheated the securities markets and the investing public by engaging in an unprecedented hacking and trading scheme,” Fishman said. “The defendants launched a series of sophisticated and relentless cyber attacks against three major newswire companies, stole highly confidential information and used to enrich themselves at the expense of public companies and their shareholders.”
“As alleged, the defendants and their co-conspirators formed an alliance of hackers and securities industry professionals to systematically steal valuable inside information and profit by trading ahead of authorized disclosures to the investing public,” stated Acting United States Attorney Currie. “Today’s sweeping indictments are the result of a cutting edge investigation by law enforcement to combat twenty-first century criminal schemes.”
“Today’s announcement is a testament to the countless hours of hard work and dedication by law enforcement and other personnel across government, including the Secret Service investigative team. In today’s day and age, criminals are using computers instead of guns to steal money and threaten the safety and security of our cyber networks,” Secretary Johnson said. “In matters of cybersecurity, the Department of Homeland Security has a major law enforcement role, and our work to counter cyber threats is a critical priority for the Secret Service because of the substantial threat it poses to this nation’s financial infrastructure.”
The 23-count District of New Jersey indictment charges five defendants – Ivan Turchynov, 27; Oleksandr Ieremenko, 24; and Pavel Dubovoy, 32; all of Ukraine, and Arkadiy Dubovoy, 51, and Igor Dubovoy, 28, of Alpharetta, Georgia – with wire fraud conspiracy, securities fraud conspiracy, wire fraud, securities fraud, and money laundering conspiracy. Turchynov and Ieremenko are additionally charged with computer fraud conspiracy, computer fraud, and aggravated identity theft.
The Eastern District of New York indictment charges four defendants: Vitaly Korchevsky, 50, of Glen Mills, Pennsylvania; Vladislav Khalupsky, 45, of Brooklyn, New York; and Odessa, Ukraine; Leonid Momotok, 47, of Suwanee, Georgia; and Alexander Garkusha, 47, of Cummings and Alpharetta, Georgia, with wire fraud conspiracy, securities fraud conspiracy, securities fraud, and money laundering conspiracy.
Earlier today, the government seized 17 bank and brokerage accounts containing more than $6.5 million of alleged criminal proceeds. The government also took steps to restrain 12 properties, a shopping center located in Pennsylvania, an apartment building located in Georgia, and a houseboat, all worth more than $5.5 million.
Five of the nine defendants named above were arrested this morning: Arkadiy Dubovoy, Igor Dubovoy, Momotok, and Garkusha were all arrested at their homes in Georgia, and are scheduled to appear this afternoon before U.S. Magistrate Judge Alan J. Baverman in federal court in Atlanta, Georgia. Korchevsky was arrested at his home in Glenn Mills, Pennsylvania, and is scheduled to appear this afternoon before U.S. Magistrate Judge Linda K. Caracappa in federal court in Philadelphia, Pennsylvania. Turchynov, Ieremenko, Pavel Dubovoy, and Khalupsky remain in Ukraine, and international arrest warrants were issued today for their arrests.
According to the indictments:
Between February 2010 and August 2015, Turchynov and Ieremenko, computer hackers based in Ukraine, gained unauthorized access into the computer networks of Marketwired L.P., PR Newswire Association LLC (PRN), and Business Wire. They used a series of sophisticated cyber attacks to gain access to the computer networks. The hackers moved through the computer networks and stole press releases about upcoming announcements by public companies concerning earnings, gross margins, revenues, and other confidential and material financial information.
At one point, one of the hackers sent an online chat message in Russian to another individual stating, “I’m hacking prnewswire.com.” In another online chat, Ieremenko told Turchynov that he had compromised the log-in credentials of 15 Business Wire employees.
The hackers shared the stolen press releases with traders Arkadiy Dubovoy, Korchevsky, Momotok, Igor Dubovoy, Pavel Dubovoy, Khalupsky, Garkusha, and others, using overseas computer servers that they controlled. In a series of emails, the hackers even shared “instructions” on how to access and use an overseas server where they shared the stolen releases with the traders, and the access credentials and instructions were distributed amongst the traders. In an email sent by one of the traders, the instructions for accessing the overseas server suggested that users conceal their Internet Protocol address when accessing the server as a precaution to avoid detection. The traders created “shopping lists” or “wish lists” for the hackers listing desired upcoming press releases from Marketwired and PRN for publicly traded companies. Trading data obtained over the course of the investigation showed that, after one of the shopping lists or wish lists was sent, the traders and others traded ahead of several of the press releases listed on it.
The traders generally traded ahead of the public distribution of the stolen releases, and their activities shadowed the hackers’ capabilities to exfiltrate stolen press releases. In order to execute their trades before the releases were made public, the traders sometimes had to execute trades in extremely short windows of time between when the hackers illegally accessed and shared information and when the press releases were disseminated to the public by the newswires, usually shortly after the close of the markets. Frequently, all of this activity occurred on the same day. Thus, the trading data often showed a flurry of trading activity around a stolen press release just prior to its public release. The defendants illegal trading resulted in gains of more than $30 million, of which Korchevsky accounted for more than $17 million and Arkadiy Dubovoy accounted for more than $11 million.
The traders traded on stolen press releases containing material nonpublic information about publicly traded companies that included, among hundreds of others: Align Technology Inc.; Caterpillar Inc.; Hewlett Packard; Home Depot; Panera Bread Co.; and Verisign Inc.
The traders paid the hackers for access to the overseas servers based, in part, on a percentage of the money the traders made from their illegal trading activities. The hackers and traders used foreign shell companies to share in the illegal trading profits.
“This is the story of a traditional securities fraud scheme with a twist—one that employed a contemporary approach to a conventional crime. In this case the defendants allegedly traded on nonpublic information, ultimately benefitting from more than $30 million in illegal profits over the course of three years,” Assistant Director-in-Charge Rodriguez said. “But just as criminals continue to develop relationships with one another in order to advance their objectives, the law enforcement community has developed a collaborative approach to fighting these types of crimes.”
“Cyber cases such as this are a vital part of the Secret Service’s integrated mission,” Joseph P. Clancy, Director of the U.S. Secret Service, said. “This is yet another example of the successful investigative work being done in coordination with our partners in the global law enforcement community.”
The wire fraud conspiracy and substantive wire fraud counts with which all defendants are charged carry a maximum potential penalty of 20 years in prison and a $250,000 fine, or twice the gain or loss from the offense. The securities fraud conspiracy count with which all defendants are charged carries a maximum potential penalty of five years in prison and a $250,000 fine, or twice the gain or loss from the offense. The substantive securities fraud counts with which all defendants are charged carry a maximum potential penalty of 20 years in prison and a $5 million fine, or twice the gain or loss from the offense. The money laundering conspiracy count with which all defendants are charged carries a maximum potential penalty of 20 years in prison and a $500,000 fine, or twice the value of the funds involved in the illegal transfers. The computer fraud counts with which the alleged hackers are charged carry a maximum potential penalty of five years’ imprisonment and a $250,000 fine, or twice the gain or loss from the offense. The aggravated identity theft counts with which the hackers are charged carry a mandatory consecutive term of imprisonment of 24 months.
U.S. Attorney Fishman and Acting U.S. Attorney Currie credited special agents of the U.S. States Secret Service, Criminal Investigations, under the direction of Director Clancy, and the Newark Field Office under the direction of Special Agent in Charge Carl Agnelli; and special agents of the FBI, New York Field Office, under the direction of Assistant Director Diego Rodriguez, for the investigation leading to today’s arrests and indictments. They thanked the U.S. Securities and Exchange Commission, for its significant cooperation and assistance in the investigation and the newswires, which cooperated with law enforcement over the course of the investigation.
In the District of New Jersey, the government is represented by Assistant U.S. Attorneys Andrew S. Pak, Daniel V. Shapiro, and David M. Eskew of the Economic Crimes Unit, Computer Hacking & Intellectual Property Section, Assistant U.S. Attorney Svetlana M. Eisenberg of the Office’s Civil Division, and Special Assistant U.S. Attorney Sarah Devlin of the Asset Forfeiture and Money Laundering Unit.
In the Eastern District of New York, the government’s case is being prosecuted by the Business and Securities Fraud Section and the National Security and Cybercrime Section. Assistant U.S. Attorneys Christopher A. Ott, Christopher L. Nasson, and Richard M. Tucker are in charge of the prosecution. Assistant U.S. Attorneys Brian D. Morris and Tanisha Payne of the Office’s Civil Division are responsible for the forfeiture of assets.
The charges and allegations contained in the indictments are merely accusations, and the defendants are presumed innocent unless and until proven guilty.
The charges were brought in connection with the President’s Financial Fraud Enforcement Task Force. The task force was established to wage an aggressive, coordinated, and proactive effort to investigate and prosecute financial crimes. With more than 20 federal agencies, 94 U.S. Attorneys’ Offices, and state and local partners, it is the broadest coalition of law enforcement, investigatory, and regulatory agencies ever assembled to combat fraud. Since its formation, the task force has made great strides in facilitating increased investigation and prosecution of financial crimes; enhancing coordination and cooperation among federal, state, and local authorities; addressing discrimination in the lending and financial markets; and conducting outreach to the public, victims, financial institutions, and other organizations. Since fiscal year 2009, the Justice Department has filed over 18,000 financial fraud cases against more than 25,000 defendants.