The Department of Justice charged a group of nine hackers and stock traders in a criminal conspiracy with making more than $30 million in illegal trades based on exfiltrated data.
At the same time a civil case from the US Securities and Exchange Commission citing 32 defendants which made over $100 million in illicit profits.
The investigators discovered that two Ukrainian hackers breached computers of Marketwired, PR Newswire and Business Wire, which provides press releases specialized in trading.
The financial newswires announced they had cooperated with US authorities in order to identify the hackers and the computer intrusions.
“Despite extreme vigilance and commitment, recent events illustrate that no one is immune to the highly sophisticated illegal cyber-intrusions that are plaguing every aspect of our society,” said Business Wire chief executive Cathy Baron Tamraz.
The hackers launched sophisticated cyber attacks against the media agencies stealing some 150,000 press releases from February 2010 through this year.
The hackers run a malware-based attacks against the systems of the companies, they stole employee credentials in order to infect internal networks. According to the DoJ the cyber criminals also created a video containing the instructions to access the stolen information.
According to the DOJ, the stolen press releases contained non-public information considered critical to stock valuation.
“The defendants were a well-organized group that allegedly robbed the newswire companies and their clients and cheated the securities markets and the investing public by engaging in an unprecedented hacking and trading scheme,” said US Attorney Paul Fishman.“The defendants launched a series of sophisticated and relentless cyber attacks against three major newswire companies, stole highly confidential information and used (it) to enrich themselves at the expense of public companies and their shareholders.”
The criminals ring operated to resell the stolen information to traders, receiving in return a flat fee or a percentage of profits from trades.
The gang was composed of two Ukrainian hackers, and other seven defendants from Ukraine and the US states of Georgia, Pennsylvania and New York.
A spokesman for the US attorney in New Jersey confirmed the arrest for five of them, the other four defendants are still in Ukraine despite international arrest warrants were issued for their arrests.
The SEC complaint, filed in a New Jersey federal court on Monday, lists the same defendants, plus additional trading defendants from France and Russia.
“The hacker defendants stole the press releases and passed them to the trader defendants in the window of time between when the press releases were uploaded to the newswire service’s system and when the press releases were publicly issued,” the SEC complaint said.“As a result, the trader defendants had an unfair trading advantage over other market participants.”
The defendants in the DOJ case have earned about $648,000 in October 2011 in gains in Caterpillar stock after buying shares of the company based their activities on a stolen press release that said quarterly net income rose 27 percent. The shares of Caterpillar rose $4.38 after the earnings were released.
In October 2013, defendants in the DOJ case made about $1 million after accessing a Panera Bread press release, in this case, the company was about to announce losses for its shareholders, and the hackers worked to gain from the fall of the price of shares. In the 24 hours after the Panera statement was released, shares fell 6.8 percent.
(Security Affairs – insider trading, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.