A hacker, six traders and two companies have been charged for successfully hacking into the Securities and Exchange Commission’s EDGAR system and using the nonpublic company earnings reports they obtained to generate at least $4.1 million in illegal profits.
Despite the federal government shutdown, the SEC announced Tuesday that it had charged a Ukrainian hacker; six individual traders in California, Ukraine and Russia; and two entities in the hacking and trading scam. EDGAR is the database that hosts all mandated securities filings from public companies operating in the U.S.
The SEC’s complaint alleges that Ukrainian hacker Oleksandr Ieremenko used deceptive hacking techniques to gain access to its EDGAR system in 2016. Ieremenko extracted EDGAR files containing companies’ nonpublic earnings results and passed the information to individuals who used it to trade in the narrow window before the companies released the information to the public. In total, the traders traded before at least 157 earnings releases from May to October 2016 and generated at least $4.1 million in illegal profits.
“International computer hacking schemes like the one we charged today pose an ever-present risk to organizations that possess valuable information,” said Enforcement Division Co-Director Stephanie Avakian in a press release on Tuesday. “Today’s action shows the SEC’s commitment and ability to unravel these schemes and identify the perpetrators even when they operate from outside our borders.”
“The trader defendants charged today are alleged to have taken multiple steps to conceal their fraud, including using an offshore entity and nominee accounts to place trades,” said Enforcement Division Co-Director Steven Peikin on Tuesday. “Our staff’s sophisticated analysis of the defendants’ trading exposed the common element behind their success, providing overwhelming evidence that each of them traded based on information hacked from EDGAR.”
Looking For Test Files
The SEC’s complaint alleges that Ieremenko circumvented EDGAR controls that require user authentication and then navigated within the EDGAR system to obtain the nonpublic “test files,” which issuers can elect to submit in advance of making their official filings to help make sure EDGAR will process the filings as intended.
Issuers sometimes elect to include nonpublic information in test filings, such as actual quarterly earnings results not yet released to the public. Ieremenko extracted nonpublic test files from SEC servers, and then passed the information to different groups of traders.
In a parallel action, the U.S. Attorney’s Office for the District of New Jersey announced related criminal charges.
The SEC’s complaint charges each of the defendants with violating the federal securities antifraud laws and related SEC antifraud rules and seeks a final judgment ordering the defendants to pay penalties and return their ill-gotten gains with prejudgment interest. The complaint also enjoins the defendants from committing future violations of the antifraud laws. The SEC also named and is seeking relief from four relief defendants who profited from the scheme when defendants used the relief defendants’ brokerage accounts to place illicit trades.