theDocumentId => 748846 Justice Department Indicts 2 Ukrainian Nationals ...

Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security

1/16/2019
09:35 AM
Scott Ferguson
Scott Ferguson
News Analysis-Security Now
50%
50%

Justice Department Indicts 2 Ukrainian Nationals With Hacking SEC

The Justice Department has charged two Ukrainian nationals with hacking into the SEC's EDGAR systems and accessing sensitive company reports and other data before the information was made public.

The US Justice Department has indicted two Ukrainian nationals with attacking the computer networks of the Securities and Exchange Commission (SEC) and accessing thousands of sensitive company documents, and then selling that data to others or trading on this insider information.

The two men, Artem Radchenko, 27, and Oleksandr Ieremenko, 26, who both live in Kiev, face a slew of charges stemming from the 16-count indictment, including securities fraud conspiracy, wire fraud conspiracy, computer fraud conspiracy, wire fraud and computer fraud, according to the Justice Department. The two remain at large.

Together, the two used a series of cyberattacks to target the SEC's Electronic Data Gathering, Analysis and Retrieval system, which is also known as EDGAR. This database contains thousands of sensitive corporate documents, including quarterly and annual earnings reports, as well as other data such as disclosures for companies considering an initial public offering (IPO).

(Source: SEC)
(Source: SEC)

Specifically, between February 2016 to March 2017, Radchenko and Ieremenko, as well as other individuals not named in the indictment, targeted what is called test filings within the EDGAR system. These tests allow companies to preview what disclosures will be released, but they also contain much of the same information that is found in the public version of the documents.

It's these test filings documents that were stolen. That data was then sold to others or used to conduct stock trades using financial information that was not available to the general public.

To gain access to the SEC and EDGAR, Radchenko and Ieremenko used a number of different techniques and cyberattacks to penetrate the IT systems, including phishing attacks, malware planted on servers and directory traversal attacks, which involve accessing the restricted directories of a web server's root directory and then executing commands within the server. This then allows the attacker to access restricted files, where sensitive data is stored.

Once the information was stolen, the data was used to make a series of stock trades based on the test documents. For example, on May 19, 2016, a publicly traded company uploaded information to the EDGAR database at 3:32 p.m. Eastern time. About six minutes later, that report was stolen and uploaded to a server in Lithuania. In a few minutes, about $2.4 million shares of the company were bought and the company then announced record earnings the same day at 4:02 p.m.

The next day, the stock purchased with stolen data was sold for a profit of more than $270,000, according to the Justice Department.

"The defendants charged in the indictment announced today engaged in a sophisticated hacking and insider trading scheme to cheat the securities markets and the investing public," Craig Carpenito, the US Attorney for New Jersey, wrote in a January 15 statement.

In 2017, Ieremenko was previously indicted, along with several others, with stealing press releases and other statements that contained confidential and non-public financial information from the servers of newswire companies. Again, the people involved profited from buying and selling stock based on these details.

Of the new charges filed against Radchenko and Ieremenko this week, the most serious are the wire fraud conspiracy and substantive wire fraud counts, which carry a maximum penalty of 20 years in federal prison and a $250,000 maximum fine.

Related posts:

— Scott Ferguson is the managing editor of Light Reading and the editor of Security Now. Follow him on Twitter @sferguson_LR.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34432
PUBLISHED: 2021-07-27
In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0.
CVE-2021-20399
PUBLISHED: 2021-07-27
IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196073.
CVE-2021-20562
PUBLISHED: 2021-07-27
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 and 6.1.0.0 through 6.1.0.2 vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclos...
CVE-2020-18428
PUBLISHED: 2021-07-26
tinyexr commit 0.9.5 was discovered to contain an array index error in the tinyexr::SaveEXR component, which can lead to a denial of service (DOS).
CVE-2020-18430
PUBLISHED: 2021-07-26
tinyexr 0.9.5 was discovered to contain an array index error in the tinyexr::DecodeEXRImage component, which can lead to a denial of service (DOS).