The Ukrainian charges for SEC 2016 hack, other charges for insider trading

hacking

In 2014, Hacker also took part in the notorious hacking of three newswire services.

Today, US authorities charged a Ukrainian national with hacking the US Securities Exchange Commission, robbing private corporate data and passing it on to others who then took advantage of this information through insider trading.

The hacker charged with these crimes is Oleksandr Ieremenko, 26, from Kiev, Ukraine, a suspect also charged with hacking three newswire press releases between February 2010 and November 2014[1, 2] and found guilty of this.

According to an indictment filed today by the US Department of Justice, Ieremenko continued its hacking spree by targeting the EDGAR (Electronic Data Gathering, Analysis and Retrieval) system of the SEC, a database containing information on official company registrations, future announcements and previous financial records.

US authorities say that Ieremenko gained access to the SEC EDGAR system sometime in February 2016 by using “directory traversal attacks, phishing attacks, and infecting computers with malware. ”

Court documents reveal the hacker targeted and accessed the SEC EDGAR test filing system, an application that allows companies to upload test files and see if the SEC filing system works as intended.

While some companies tested the SEC filing system using non-sensitive files, others used documents containing sensitive information that Ieremenko stored and uploaded to a server under its control in Lithuania.

In a September 2017 press release, when the SEC revealed the hack, the agency detected the intrusion in May 2016 and immediately closed the hacker’s vulnerability.

In a new press release today, however, the SEC says that Ieremenko persisted somehow in its network and continued to sift documents until March 2017. The DOJ says that the hacker has worked with Artem Radchenko, 27, also from Kiev, Ukraine, who has also filed a 16-count criminal complaint today.

DOJ officials said that Radchenko “recruited to the scheme traders who were provided with the stolen test filings so they could profit by trading on the information before the investing public.” However, Ukrainian journalist Isobel Koshiw ‘s investigation into the newswire hacks revealed that Ieremenko and Radchenko were not ” partners ” in the scheme.

According to her investigation, published in The Verge, Ieremenko hacked ” under threat of violence ” at Radchenko ‘s behest and might never have benefited from the hacks, with all the money going to Radchenko and its trading partners.

According to a SEC press release today, Radchenko distributed the stolen SEC EDGAR test files to six other individuals and two other companies in the United States, Ukraine and Russia.

“In total, the traders traded before at least 157 earnings releases from May to October 2016 and generated at least $4.1 million in illegal profits, ” said the SEC. Both Ieremnko and Radchenko are still in the pipeline. If they are arrested, extradited, tried and found guilty, they are in danger for decades.

According to Koshiw ‘s investigation, Ieremenko might have moved to Russia after the SEC EDGAR hack.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.