Ukrainian Hacker Charged for Hacking SEC’s EDGAR
Ukrainian hacker Oleksandr Ieremenko was charged by US Officials for his part in hacking into the Securities and Exchange Commission (SEC) EDGAR financial filing system. The hacker allegedly stole stock market reports before they were released to the public. The SEC also charged three Ukrainian traders, a Russian trader, two traders in California, and two entities for their role in the cyber security hack.
Ieremenko allegedly hacked EDGAR files that contained nonpublic earnings results. In total, 157 earnings releases were hacked and used to make stock trades valued at more than $4.1 million in profits between May and October 2016.
Hacker Ieremenko allegedly sent phishing emails to SEC employees to gain access to the SEC network. He then infected machines with malware that extracted the financial filings. The malware hacked test filings that companies submitted to EDGAR before actual filings that were intended to be made public.
The traders used an offshore entity and nominee accounts to conceal their identities when they placed trades. Financial information not yet released to the public provides a window of opportunity for the traders to use the data to place profitable securities trades before the information is made public.
“The traders compensated the hackers, including Ieremenko, for the information by either paying regular fees for access to the hacked press releases or by kicking back a portion of their trading profits,” the SEC indictment reads.
What is EDGAR?
The Electronic Data Gathering, Analysis, and Retrieval (EDGAR) system is the SEC’s online filing system. Companies submit their required financial filings to the SEC via EDGAR. The system processes around 1.7 million electronic filings per year.
EDGAR lists millions of corporate disclosures including earnings results, annual and quarterly earnings reports, pre-IPO data, and confidential information on mergers and acquisitions
The Ukrainian hacker and some of the traders were previously charged in 2015 for stealing over100,000 unpublished press releases from PRNewswire, Business Wire, and Marketwired. The information in the still unpublished releases was used to make money on stock market trades.
The SEC investigation was conducted by the Market Abuse Unit and the Cyber Unit. The U.S. Attorney’s Office for the District of New Jersey also announced related criminal charges. Hackers Ieremenko and Radchenko were charged with 16 counts of hacking- and fraud-related charges. The NJ U.S. Attorney’s Office intends to seize all property tied to the alleged conspiracy.
Ieremenko remains at large in Ukraine.