An international hacking ring that stole thousands of corporate secrets pocketed more than $100 million and targeted a core vulnerability of the financial system in one of the most sprawling insider-trading schemes of the digital age, federal investigators said Tuesday.

Since 2010, more than 30 hackers and traders across the United States, the Ukraine, Russia and other countries coordinated to steal and profit from more than 150,000 news releases before they were delivered to investors from corporate wire services Business Wire, PR Newswire and Marketwired.

U.S. Attorney Paul Fishman of New Jersey, center, speaks during a news conference in Newark, N.J., on Tuesday about a scheme carried out by an international group of hackers and stock traders who made $30 million by breaking into the computers of corporate newswire services.

With advance details on financial performance and corporate mergers from dozens of companies – including Bank of America, Boeing, Ford Motor, Home Depot, defense contractor Northrop Grumman and Smith & Wesson – the team made rapid and lucrative trades from shared brokerage accounts, funneling the money through shell companies and offshore bank accounts in Estonia and Macau.

Unlike the recent high-profile hacks of health insurers and government agencies, the sophisticated scheme targeted not just people’s identities, but corporate intelligence. Some of the hackers and traders were even aided by former broker-dealers registered with the Securities and Exchange Commission.

By breaking into the wire services, some of Wall Street’s most vital and unnoticed information hubs, the hackers and traders were able to defraud investors on a massive scale while leaving no public trace, a worrying development for the increasingly intricate networks that keep the financial world online, investigators said.

“Today’s international case is unprecedented in terms of the scope of the hacking at issue, the number of traders involved, the number of securities unlawfully traded and the amount of profits generated,” SEC Chair Mary Jo White said Tuesday at a news conference in Newark, New Jersey, alongside Homeland Security Secretary Jeh Johnson. “The traders were market-savvy, using equities and options … to maximize their profits.”

DIGITAL WEAKNESSES EXPLOITED

The years-long subterfuge highlights the hidden danger of modern finance and the broader Web, in which one compromised link in the larger chain can quietly endanger the system for years. The hackers, experts said, didn’t have to breach many individual companies or vacuum up a large amount of files to succeed. Instead, they hit data-rich clearinghouses knowing exactly what they wanted, ensuring an efficient attack.

The scheme was detailed in a lawsuit filed by the SEC, which announced civil charges against 32 defendants. Federal prosecutors in New York and New Jersey also filed criminal charges. Federal agents began arresting suspects Tuesday, with nine facing criminal charges for their role in taking $30 million in profits.

Authorities said they have seized a houseboat, an apartment complex, a shopping center and a dozen other properties, as well as more than a dozen brokerage accounts holding $6.5 million.

Two Ukrainians, Oleksandr Ieremenko, 23, and Ivan Turchynov, 27, were said to have spearheaded the scheme, by cracking into the newswires and listing the information on secret outposts accessed by traders in Cyprus, France, Malta, Russia, Ukraine and the United States.

The hackers, who breached the wires and swiped employee credentials through a series of attacks, shared the stolen intelligence with a black-market network of traders, who then paid the hackers a cut of their illicit profits, according to the indictments.

They masked their movements through proxy servers and stolen employee identities, and recruited traders with videos showcasing how swiftly they could steal corporate data before its release. Traders kept “shopping lists” of the releases they wanted from select public companies, many of whom were Fortune 500 conglomerates with a strong interest in market trading.

$500,000 PROFIT IN 36 MINUTES

The ability to see a stock’s near-future created windfalls at warp speed; in one instance, traders made half a million dollars in 36 minutes. In a 2013 scheme, the traders bought more than $8 million in shares of Align Technology after stolen documents showed that the medical-device maker’s revenue had recently soared. One day later, when the news went public, the traders cashed out for a profit of more than $1.4 million.

SEC investigators unraveled the scheme with the help of “enhanced trading surveillance” technology, White said, which can comb through millions of financial trades, track suspicious behavior and otherwise sniff out threats to “the integrity of our markets.”

The charged traders include Vitaly Korchevsky, 49, an investment adviser who once managed mutual funds for Morgan Stanley; Arkadiy Dubovoy, 50, and Igor Dubovoy, 28, a father-and-son team living in Alpharetta, Georgia; and a relative, Pavel Dubovoy, 32, of Ukraine.

The traders were helped by four co-conspirators, two of whom were formerly broker-dealers registered with the SEC. The indictments and complaints did not list attorneys for those charged.

The wire services that were hacked said they were cooperating closely with federal investigators, and Business Wire, a subsidiary of Warren Buffett’s investment empire Berkshire Hathaway, said it had hired a cybersecurity team to test its systems and ensure that its “network is fully operational and secure.”

Company chief executive Cathy Baron Tamraz said in a statement that Business Wire leads multiple security audits every year. But “despite extreme vigilance and commitment,” she said, “recent events illustrate that no one is immune to the highly sophisticated illegal cyber-intrusions that are plaguing every aspect of our society.”

Related Stories