Trial of two men accused of $20m hacked press release fraud begins

We didn’t know the information that made us rich was stolen from PR agencies! That appears to be the defence proffered by two defendants in the hacked press release trial.

On Tuesday, the latest trial in this $20m insider trading case began for Vitaly Korchevsky, a former hedge fund manager for Morgan Stanley, now turned pastor, and Vladislav Khalupsky, who had been arrested in Ukraine and extradited.

Reuters reported on Tuesday that the two men are facing charges including securities fraud and conspiracy. They’ve been accused of making nearly $20m by trading stocks based on corporate press releases stolen by Ukraine-based hackers from financial newswires before they were released to the public.

According to Reuters, this is the first time criminal charges have been brought for a securities fraud scheme involving hacked inside information.

In opening statements, Assistant U.S. Attorney David Gopstein said that the pair got information that had been stolen by Ukraine-based hackers. Court papers have showed that the targeted newswires are the leading business outfits Marketwired, PRN, and Business Wire.

This was an international network of conspirators that lasted for years, Gopstein said. In an earlier trial of two of the hackers, US Attorney Paul J. Fishman said that Vadym Iermolovych (plus nine or so aliases), along with his fellow Ukrainian hackers, spent five years hacking into the newswires.

Two of the hackers, Arkadiy Dubovoy and his son, Igor Dubovoy, pleaded guilty in May 2016 to aggravated identity theft, conspiracy to commit wire fraud, and computer hacking.

Since then, they’ve been feeding information to the prosecution.

According to a Department of Justice press release from August 2015, a total of nine people in two states were originally charged in the scheme, which prosecutors said involved the theft of about 150,000 confidential press releases from the servers of the newswire companies.

That gave the hackers access to some very sweet insider knowledge: the stolen press releases had upcoming announcements by public companies concerning earnings, gross margins, revenues, and other confidential and material financial information.

Naturally enough, the accused generally traded before the press releases were made public. The conspirators allegedly made about $30 million in profit.

Since their trial, the two hackers have flipped for the prosecution.

Korchevsky and Khalupsky are claiming they didn’t know about any of this. According to Reuters, their lawyers told the jury that their clients were “unwitting dupes” of the Dubovoys. Steven Brill, representing Korchevsky, claimed that his client made money ahead of company earnings reports based on his own research.

The pair made $20m over the course of the five years they were allegedly being fed confidential information on companies that included household names like Caterpillar, HP, Home Depot, Panera Bread Co., and Verisign. The feds have also charged two other traders: Leonid Momotok and Alexander Garkusha – who also pleaded guilty to wire fraud in this case in December 2015.

The government served up this detailed description of how the hackers gained access to the newswires’ networks through targeted phishing, malware, and SQL injection attacks. They shared the stolen releases with traders via overseas computer servers, complete with guidance on concealment…

The traders created “shopping lists” or “wish lists” for the hackers listing desired upcoming press releases for publicly traded companies… [T]heir trading activities shadowed the hackers’ capabilities to exfiltrate stolen press releases… trading data often showed a flurry of trading activity around a stolen press release just prior to its public release.

The traders’ and hackers’ compensation scheme allegedly called for payments to reflect a percentage of profits, transferred via foreign shell companies.

As of 2016, the feds figured that this was the “Largest Known Computer Hacking And Securities Fraud Scheme.” However, we are unlikely to see the Largest Computer Hacking Prison Sentence ever as a result, if the one handed down to 28-year-old hacker Vadym Iermolovych is anything to go by. He was looking at a maximum of 20 years in jail. He got just 30 months.