Ukrainian hacker who stole data for insider trading ring sentenced
A Ukrainian member of a hacker gang that stole advance copies of electronic press releases from newswire companies got two-and-a-half years in prison Monday for his role in the insider trading scam, which prosecutors say netted the hackers and their securities-trader partners about $30 million.
Authorities say it’s the largest cyber-enabled securities fraud ever prosecuted.
In a release from acting U.S. Attorney for the District of New Jersey William Fitzpatrick, prosecutors state that the man — 29-year-old Vadym Iermolovych of Kiev — had pleaded guilty last year to conspiracy to commit wire fraud, conspiracy to commit computer hacking and aggravated identity theft.
U.S. District Judge Madeline Cox Arleo imposed the sentence, which added three years’ supervised probation and over $3 million in restitution. A spokesman for Fitzpatrick’s office told CyberScoop the sentence was imposed in line with federal guidance but that Iermolovych, as a foreign national, would in all likelihood be deported upon release from prison.
According to court documents, the six-man gang — three hackers and three traders — conspired with another group of four securities traders to hack into the computer networks of three newswire distribution companies and steal press releases being prepared for distribution that contained market-sensitive information, like earnings, gross margins, revenues or other confidential information. The hackers provided the releases to traders in the U.S., who used them to trade ahead of the news, and then split the proceeds — which were laundered through foreign shell companies.
According to prosecutors, Iermolovych admitted that he was personally involved in the hacks into Marketwired, PR Newswire and Business Wire. He admitted to hacking into PR Newswire’s corporate network between January and March 2013. He also admitted that he obtained a set of user credentials of PRN employees stolen from a computer hack into a social networking website and then used at least one of those credentials to ultimately gain access into PRN’s computer network.
According to prosecutors, the conspirators traded on stolen press releases containing material nonpublic information about hundreds of companies, including Align Technology Inc., Caterpillar Inc., Hewlett Packard, Home Depot, Panera Bread Co., and Verisign Inc.
“This international scheme is unprecedented in terms of the scope of the hacking, the number of traders, the number of securities traded and profits generated,” said then Securities and Exchange Commission Chairwoman Mary Jo White, when the indictments were handed down in 2015.
Two others of the six indicted in New Jersey have also pleaded guilty, and three are still at large, prosecutors say.