Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security

1/16/2019
09:35 AM
Scott Ferguson
Scott Ferguson
News Analysis-Security Now
50%
50%

Justice Department Indicts 2 Ukrainian Nationals With Hacking SEC

The Justice Department has charged two Ukrainian nationals with hacking into the SEC's EDGAR systems and accessing sensitive company reports and other data before the information was made public.

The US Justice Department has indicted two Ukrainian nationals with attacking the computer networks of the Securities and Exchange Commission (SEC) and accessing thousands of sensitive company documents, and then selling that data to others or trading on this insider information.

The two men, Artem Radchenko, 27, and Oleksandr Ieremenko, 26, who both live in Kiev, face a slew of charges stemming from the 16-count indictment, including securities fraud conspiracy, wire fraud conspiracy, computer fraud conspiracy, wire fraud and computer fraud, according to the Justice Department. The two remain at large.

Together, the two used a series of cyberattacks to target the SEC's Electronic Data Gathering, Analysis and Retrieval system, which is also known as EDGAR. This database contains thousands of sensitive corporate documents, including quarterly and annual earnings reports, as well as other data such as disclosures for companies considering an initial public offering (IPO).

Specifically, between February 2016 to March 2017, Radchenko and Ieremenko, as well as other individuals not named in the indictment, targeted what is called test filings within the EDGAR system. These tests allow companies to preview what disclosures will be released, but they also contain much of the same information that is found in the public version of the documents.

It's these test filings documents that were stolen. That data was then sold to others or used to conduct stock trades using financial information that was not available to the general public.

To gain access to the SEC and EDGAR, Radchenko and Ieremenko used a number of different techniques and cyberattacks to penetrate the IT systems, including phishing attacks, malware planted on servers and directory traversal attacks, which involve accessing the restricted directories of a web server's root directory and then executing commands within the server. This then allows the attacker to access restricted files, where sensitive data is stored.

Once the information was stolen, the data was used to make a series of stock trades based on the test documents. For example, on May 19, 2016, a publicly traded company uploaded information to the EDGAR database at 3:32 p.m. Eastern time. About six minutes later, that report was stolen and uploaded to a server in Lithuania. In a few minutes, about $2.4 million shares of the company were bought and the company then announced record earnings the same day at 4:02 p.m.

The next day, the stock purchased with stolen data was sold for a profit of more than $270,000, according to the Justice Department.

"The defendants charged in the indictment announced today engaged in a sophisticated hacking and insider trading scheme to cheat the securities markets and the investing public," Craig Carpenito, the US Attorney for New Jersey, wrote in a January 15 statement.

In 2017, Ieremenko was previously indicted, along with several others, with stealing press releases and other statements that contained confidential and non-public financial information from the servers of newswire companies. Again, the people involved profited from buying and selling stock based on these details.

Of the new charges filed against Radchenko and Ieremenko this week, the most serious are the wire fraud conspiracy and substantive wire fraud counts, which carry a maximum penalty of 20 years in federal prison and a $250,000 maximum fine.

Related posts:

— Scott Ferguson is the managing editor of Light Reading and the editor of Security Now. Follow him on Twitter @sferguson_LR.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Cloud Security Threats for 2021
Or Azarzar, CTO & Co-Founder of Lightspin,  12/3/2020
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Assessing Cybersecurity Risk in Todays Enterprises
Assessing Cybersecurity Risk in Todays Enterprises
COVID-19 has created a new IT paradigm in the enterprise and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27772
PUBLISHED: 2020-12-04
A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could po...
CVE-2020-27773
PUBLISHED: 2020-12-04
A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to appli...
CVE-2020-28950
PUBLISHED: 2020-12-04
The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4.0 Patch C was vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges during installation process.
CVE-2020-27774
PUBLISHED: 2020-12-04
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but co...
CVE-2020-27775
PUBLISHED: 2020-12-04
A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but c...