Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

File photo of the New York Stock Exchange. Associated Press

How a group of hackers and traders made $100 million - using press releases

The story of “one of the most intricate and sophisticated trading rings” in history.

EARLIER THIS WEEK, US authorities charged 32 people and companies with an elaborate five-year hacking and trading scheme that made them $100 million and is being called the biggest ever of its kind.

The key to the alleged plot, which reads like something from the Hollywood film The Wolf of Wall Street, was almost unbelievably simple – press releases.

Here’s how one man and his family almost pulled off “one of the most intricate and sophisticated trading rings” in American history.

Half a million dollars in 36 minutes

panera A Panera Bread restaurant with a sign reading "Take what you need, leave your fair share." Associated Press Associated Press

On the morning of 23 July 2013, Panera, an American chain of wholesome bread and soup restaurants, prepared a statement.

It was to announce the company was adjusting its earnings expectations downward for the recently begun fourth financial quarter.

A strong earnings report or other positive news can cause a company’s stock to rise, while disappointing news can make it fall.

The release was just like countless others sent by publicly traded companies to business news services, that day.

Except for one thing.

As an unsuspecting investing public awaited the announcement, US federal authorities say a group made up of computer hackers and stock traders had already seen the release in the wire service’s computer system.

  • At 10 am, Panera sent the press release to the wire service.
  • At 12.15 pm, Jaspen Capital Partners, a Bermudian investment bank based in the Ukrainian capital Kiev, sold Panera contracts-for-difference (CFDs), making $1.56 million by lunchtime.

Then came short selling and CFDs by nine different individuals, hedge funds and stock brokers all charged with fraud this week, all using information contained in Panera’s press release.

  • At 4pm, the wire service published the press release, and Panera’s share value fell from $182.01 to $169.62 on 24 July.

In those six hours, members of the alleged insider trading ring made $2.4 million on a stolen press release.

In another incredible example, the group made $511,377 in profits from short selling and CFDs on a California-based technology company.

Between the time the press release was sent to the wire service, and the time it went public, there were just 36 minutes.

brocade SEC SEC

The Dubovoy Group

According to a criminal indictment made public on Tuesday, the operation revolved around Arkadiy Dubovoy, a 50-year-old Ukrainian businessman who lives in the US state of Georgia.

The complaint brought by the Securities and Exchange Commission (SEC), claims Dubovoy and his family, including 28-year-old son Igor, orchestrated the trading component of the plot.

They traded stocks in their own names, via companies they owned, and through four “straw owners” – a company director in name only, used to conceal the true owner’s identity.

The group used mainly construction companies, investment brokerages, and an advertising firm.

In one case, Dubovoy allegedly set up a trading account in the name of a Ukrainian ice-cream company manager.

The Hackers

marketwired Marketwired Marketwired

The hacking component of the operation was allegedly run by two young Ukrainians working from Kiev – Oleksander Ieremenko (23) and Ivan Turchynov (27).

According to the charges, they used proxy servers and multiple online aliases to hide their intrusions into the networks of financial wire services.

They also posed as employees and customers of the news wires, and used phishing attacks (tricking actual employees into clicking links and revealing account passwords).

The hackers, led by the Ukrainian duo, even bragged about their ability to steal the non-public press releases, emailing video demonstrations to traders, in order to recruit them and persuade them to pay for the information.

The hackers would then distribute embargoed press releases among around two dozen trading companies in the US, Ukraine, Russia, France, Malta, Cyprus and the British Virgin Islands.

Closing Stocks File photo of the New York Stock Exchange. Associated Press Associated Press

Once the trades were made, those companies would then funnel a portion of the profits back to the hackers, as their commission.

In total, the international hacking scheme allegedly raked in $100 million between 2010 and 2015, as SEC Chair Mary Jo White explained:

This international scheme is unprecedented in terms of the scope of the hacking, the number of traders, the number of securities traded and profits generated.

Andrew Ceresney, Director of the SEC’s Division of Enforcement, added:

This cyber hacking scheme is one of the most intricate and sophisticated trading rings that we have ever seen, spanning the globe and involving dozens of individuals and entities.

SEC CEO Pay Associated Press Associated Press

Authorities said that beginning in 2010 and continuing as recently as May, they gained access to more than 150,000 press releases that were about to be issued by Marketwired in Toronto; PR Newswire in New York; and Business Wire of San Francisco.

The press releases contained earnings figures and other corporate information.

The case should sound a warning for anyone who uses email in a work setting, Paul Fishman, U.S. attorney for New Jersey, said on Tuesday.

Every employee of every company has to be vigilant about the emails they get from people who look like their friends or acquaintances, urging them to click on a link.
They should say to themselves every time that happens, ‘That seems like a really bad idea.’

Five defendants were arrested in the U.S. on Tuesday, and warrants were issued for four others in Ukraine.

The most serious charges in the indictment, wire fraud and securities fraud, carry up to 20 years in prison.

The SEC lawsuit named 17 individuals and 15 companies in the U.S. and abroad, in such places as Russia, France, Malta and Cyprus.

The agency is seeking unspecified fines and restitution against the 32 defendants.

To read the SEC’s detailed complaint in full, scroll down or click here.

Contains reporting by the Associated Press.
http://cdn.thejournal.ie/media/2015/08/comp-pr2015-163-1.pdf

Column: Nick Leeson – I sat my sons down this week to pass on the hard lessons I have learned>

Read: Billionaire trader convicted of 14 counts of insider trading>

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Close
26 Comments
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.
    JournalTv
    News in 60 seconds