The Securities and Exchange Commission said Tuesday that it charged nine defendants with participating in a 2016 scheme to hack into the agency’s corporate Electronic Data Gathering, Analysis and Retrieval, or Edgar, filing system and extract nonpublic information to use for illicit trading.
The SEC charged a Ukrainian hacker; six individual traders in California, Ukraine and Russia; and two entities.
The SEC’s Tuesday complaint alleges that the following traders received and traded on the basis of the hacked Edgar information:
- Sungjin Cho, Los Angeles
- David Kwon, Los Angeles
- Igor Sabodakha, Ukraine
- Victoria Vorochek, Ukraine
- Ivan Olefir, Ukraine
- Andrey Sarafanov, Russia
- Capyield Systems Ltd.(owned by Olefir)
- Spirit Trade Ltd.
“Our complaint alleges that certain individuals hacked into Edgar and accessed test filings, including test filings containing material nonpublic information pertaining to earnings announcements of publicly traded companies,” said SEC Chairman Jay Clayton, in a statement. “We allege that certain defendants then traded based on the hacked information and profited once the information became public.”
In a parallel action, the U.S. Attorney’s Office for the District of New Jersey announced related criminal charges Tuesday.
Clayton was informed about the 2016 Edgar system intrusion in August 2017, shortly after his arrival at the commission. He publicly announced the intrusion on Sept. 20, 2017, and followed up on an internal investigation’s progress into the hack in late September testimony before the Senate Banking Committee.
The SEC announced the same day as Clayton’s Senate testimony two new cyber-related initiatives: the creation of a Cyber Unit that will focus on targeting cyber-related misconduct and a retail strategy task force that will implement initiatives that directly affect retail investors.
The hacker and some of the traders were also involved in a similar scheme in 2015 to hack into newswire services and trade on information that had not yet been released to the public, according to the SEC.
The SEC’s complaint alleges that after hacking the newswire services, Ukrainian hacker Oleksandr Ieremenko turned his attention to Edgar and, using deceptive hacking techniques, gained access in 2016.
Ieremenko extracted Edgar files containing nonpublic earnings results, the SEC states. “The information was passed to individuals who used it to trade in the narrow window between when the files were extracted from SEC systems and when the companies released the information to the public.”
In total, the traders traded before at least 157 earnings releases from May to October 2016 and generated at least $4.1 million in illegal profits, the SEC states.
“International computer hacking schemes like the one we charged today pose an ever-present risk to organizations that possess valuable information,” said Stephanie Avakian, co-director of the SEC’s Enforcement Division. “Today’s action shows the SEC’s commitment and ability to unravel these schemes and identify the perpetrators even when they operate from outside our borders.”
Co-director Steven Peikin added that “the trader defendants charged today are alleged to have taken multiple steps to conceal their fraud, including using an offshore entity and nominee accounts to place trades.”
SEC staff’s “sophisticated analysis of the defendants’ trading exposed the common element behind their success, providing overwhelming evidence that each of them traded based on information hacked from Edgar,” Peikin added.
The SEC’s complaint alleges that Ieremenko circumvented Edgar controls that require user authentication and then navigated within the system.
“Ieremenko obtained nonpublic ‘test files,’ which issuers can elect to submit in advance of making their official filings to help make sure Edgar will process the filings as intended. Issuers sometimes elected to include nonpublic information in test filings, such as actual quarterly earnings results not yet released to the public,” the complaint states.
Ieremenko extracted the files from SEC servers, and then passed the information to different groups of traders, the SEC said.
Members of the Senate Banking Committee told Clayton in a Sept. 25, 2017, letter to have SEC staff review whether the agency’s 2011 guidance regarding disclosure obligations related to cybersecurity risks needed updating, in light of the Equifax and Edgar hacks.
Clayton said that the Tuesday action “illustrates that the SEC faces many of the same cybersecurity threats that confront exchange-listed companies, other SEC-registered entities and market participants of all types. These threats to our marketplace are significant and ongoing and often involve threats from actors outside our borders. No system can be entirely safe from a cyber intrusion. Here at the SEC, we recognize that we must continuously use the resources available to us efficiently and effectively to bolster our cybersecurity defenses and reduce our cyber risk profile.”
— Related on ThinkAdvisor: