Hackers’ S$140m ring sold data on demand

NEW YORK — The email from Kiev offered a tantalising prize: The formula for a new kind of Wall Street crime.

“Log-in data will be sent to the email you leave,” the attached video said in Russian.

So began what authorities are calling an unprecedented scheme combining digital-age cybercrime with old-fashioned insider trading.

Five traders in the United States were arrested early Tuesday in connection with the alleged plot, which federal officials characterised as one of the most sophisticated trading rings ever seen. The supposed take: as much as US$100 million (S$140 million).

As the authorities tell it, how the suspects pulled off their crimes seems at once mind-bogglingly complex and fiendishly simple. In essence, the overseas hackers behind the scheme stole information and built an entire online business around it — a sort of Amazon of insider trading. They even went so far as to create a video tutorial for using their illicit products.

Working from Ukraine, the hackers infiltrated several widely used US newswire systems and, over five years, purloined tens of thousands of corporate press releases before the news was made public. They then sold that market-sensitive information to a league of traders on both sides of the Atlantic, authorities say.

In a season of high-profile computer breaches at major corporations, the case further underscores the technological vulnerabilities of systems at the heart of the 21st-century economy.

For Wall Street and the authorities who police it, the development also sends a sobering message: Insider-trading schemes, as old as markets themselves, have entered a new era.

“This international scheme is unprecedented in terms of the scope of the hacking, the number of traders, the number of securities traded and the profits generated,” said Chair of the Securities and Exchange Commission Mary Jo White on Tuesday at a press conference. The agency sued 17 individuals in a civil complaint, and prosecutors brought criminal charges against nine of them. The hackers and some defendants remain at large.

The story begins just as another era of insider trading was reaching its climax. The email from Ukraine was allegedly sent by a young hacker there in October 2010, as the billionaire Raj Rajaratnam was facing trial in the US in one of the most watched insider-trading cases since the days of Ivan Boesky. What that hacker, identified by authorities as Ivan Tuchynov, was offering was a high-tech version of the same scheme. Tuchynov, who was criminally charged, is believed to be in Ukraine.

According to authorities, the hackers used a variety of common tactics to infiltrate the computer servers of three systems used by many corporations to release news such as earnings reports, mergers and acquisitions, and executive changes. They phished, installed malware and stole passwords to gain secret access to PR Newswire Association, Marketwired and Business Wire, which together are used to issue thousands of corporate releases every day.

The information in those press releases proved highly valuable — so valuable that the hackers quickly built an online business around it. They were then brazen enough to create a video tutorial on how to access the pilfered data, according to prosecutors. The Russian-language video was shared by email.

Business Wire and PR Newswire said they are cooperating with prosecutors and examining their security systems. Marketwired said it has also cooperated and fixed “the issue at the heart of this matter”.

Prosecutors described a number of lucrative trades made ahead of quarterly earnings reports, including one, in 2012, in Caterpillar shares that netted US$1 million. The company’s announcement — on a server for less than 24 hours — had been pilfered by the hackers and sold to traders.

The 2010 email from Tuchynov was an invitation to would-be insider traders, prosecutors said.

Other exchanges disclosed by prosecutors show the hackers and various co-conspirators discussing a “proprietary trading business” involving a “special day trading strategy”.

The seemingly magical system, these people wrote, made money throughout 2012. The typical trader could expect to make as much as US$50,000 a month, the emails said.

At one point, a would-be customer told one of the hackers that something must be wrong with his business model because he was selling information too cheaply. The hacker replied that the customer had to take whatever was offered — for now.

The traders developed a “wish list” of press releases for hackers to steal, and then quickly bought and sold shares based on what they learned, according to the indictment.

The hackers used middlemen to communicate with traders, according to the indictment. As their business thrived, they sought to expand the operation by sharing tips on other fraud schemes and recruiting new traders and hackers through Internet chats and emails. BLOOMBERG