Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security

1/16/2019
09:35 AM
Scott Ferguson
Scott Ferguson
News Analysis-Security Now
50%
50%

Justice Department Indicts 2 Ukrainian Nationals With Hacking SEC

The Justice Department has charged two Ukrainian nationals with hacking into the SEC's EDGAR systems and accessing sensitive company reports and other data before the information was made public.

The US Justice Department has indicted two Ukrainian nationals with attacking the computer networks of the Securities and Exchange Commission (SEC) and accessing thousands of sensitive company documents, and then selling that data to others or trading on this insider information.

The two men, Artem Radchenko, 27, and Oleksandr Ieremenko, 26, who both live in Kiev, face a slew of charges stemming from the 16-count indictment, including securities fraud conspiracy, wire fraud conspiracy, computer fraud conspiracy, wire fraud and computer fraud, according to the Justice Department. The two remain at large.

Together, the two used a series of cyberattacks to target the SEC's Electronic Data Gathering, Analysis and Retrieval system, which is also known as EDGAR. This database contains thousands of sensitive corporate documents, including quarterly and annual earnings reports, as well as other data such as disclosures for companies considering an initial public offering (IPO).

Specifically, between February 2016 to March 2017, Radchenko and Ieremenko, as well as other individuals not named in the indictment, targeted what is called test filings within the EDGAR system. These tests allow companies to preview what disclosures will be released, but they also contain much of the same information that is found in the public version of the documents.

It's these test filings documents that were stolen. That data was then sold to others or used to conduct stock trades using financial information that was not available to the general public.

To gain access to the SEC and EDGAR, Radchenko and Ieremenko used a number of different techniques and cyberattacks to penetrate the IT systems, including phishing attacks, malware planted on servers and directory traversal attacks, which involve accessing the restricted directories of a web server's root directory and then executing commands within the server. This then allows the attacker to access restricted files, where sensitive data is stored.

Once the information was stolen, the data was used to make a series of stock trades based on the test documents. For example, on May 19, 2016, a publicly traded company uploaded information to the EDGAR database at 3:32 p.m. Eastern time. About six minutes later, that report was stolen and uploaded to a server in Lithuania. In a few minutes, about $2.4 million shares of the company were bought and the company then announced record earnings the same day at 4:02 p.m.

The next day, the stock purchased with stolen data was sold for a profit of more than $270,000, according to the Justice Department.

"The defendants charged in the indictment announced today engaged in a sophisticated hacking and insider trading scheme to cheat the securities markets and the investing public," Craig Carpenito, the US Attorney for New Jersey, wrote in a January 15 statement.

In 2017, Ieremenko was previously indicted, along with several others, with stealing press releases and other statements that contained confidential and non-public financial information from the servers of newswire companies. Again, the people involved profited from buying and selling stock based on these details.

Of the new charges filed against Radchenko and Ieremenko this week, the most serious are the wire fraud conspiracy and substantive wire fraud counts, which carry a maximum penalty of 20 years in federal prison and a $250,000 maximum fine.

Related posts:

— Scott Ferguson is the managing editor of Light Reading and the editor of Security Now. Follow him on Twitter @sferguson_LR.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: He hits the gong anytime he sees someone click on an email link.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29071
PUBLISHED: 2020-11-25
An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from the insecure rendering of HTML files uploaded to the platform as attachments, when the -htmlview URL is directly accessed. The impact ranges from executing commands as root on the server to retrieving se...
CVE-2020-29072
PUBLISHED: 2020-11-25
A Cross-Site Script Inclusion vulnerability was found on LiquidFiles before 3.3.19. This client-side attack requires user interaction (opening a link) and successful exploitation could lead to encrypted e-mail content leakage via messages/sent?format=js and popup?format=js.
CVE-2020-26241
PUBLISHED: 2020-11-25
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth's pre-compiled dataCopy (at 0x00...04) co...
CVE-2020-26242
PUBLISHED: 2020-11-25
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service (crash) during block processing. This is fixed in 1.9.18.
CVE-2020-26240
PUBLISHED: 2020-11-25
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on...