WASHINGTON — An international hacking ring armed with tens of thousands of corporate secrets pocketed more than $100 million from illegal trades, targeting a core vulnerability of the financial system in one of the digital age's most sprawling insider-trading schemes, federal authorities said Tuesday.
Since 2010, more than 30 hackers and traders across the United States, Ukraine, Russia and other countries stole more than 150,000 press releases scheduled to be delivered to investors from corporate wire services Business Wire, PR Newswire and Marketwired.
With advance details on financial performance and corporate mergers from dozens of companies — including Bank of America, Boeing, Ford Motor, Home Depot, defense contractor Northrop Grumman and Smith & Wesson — the team made rapid and lucrative trades from shared brokerage accounts, funneling the money through shell companies and offshore bank accounts in Estonia and Macau.
Unlike the recent high-profile hacks of health insurers and government agencies, the sophisticated hacks targeted not just people's identities, but corporate intelligence, and some hackers and traders were even aided by former broker-dealers registered with the U.S. Securities and Exchange Commission.
By breaking into the wire services, some of Wall Street's most vital and unnoticed information hubs, investigators said the hackers and traders were able to defraud investors on a massive scale while leaving no public trace, a worrying development for the increasingly intricate networks that keep the financial world online.
The "brazen scheme … was unprecedented in terms of the scope of the hacking, the number of traders, the number of securities traded and profits generated," SEC Chairwoman Mary Jo White said Tuesday at a Newark news conference alongside Secretary of Homeland Security Jeh Johnson. "The traders were financially savvy, using equities and options … to maximize their profits."
Federal agents began arresting suspects Tuesday, and authorities have so far filed criminal charges against nine hackers and traders, indictments show. One trader who was arrested, Vitaly Korchevsky, ran a small investment fund in Philadelphia and was a former mutual fund manager at Morgan Stanley, according to his LinkedIn profile.
Two Ukrainian hackers, Oleksandr Ieremenko and Ivan Turchynov, were said to have spearheaded the scheme.
The hackers, who breached the wires and stole employee credentials through a series of attacks, shared the stolen intel with a network of traders, who would then pay the hackers a cut of their profits.