Cyber Ring Made $100M on Stolen News Releases by Phishing

By DAVID PORTER | August 14, 2015

In late October 2013, Panera Bread Co., the national chain of restaurants that specializes in healthy soups and baked goods, prepared a news release to announce it was adjusting its earnings expectations downward for the recently begun fourth quarter.

The release undoubtedly was one of many sent by publicly traded companies to business news services for publication.

This one was different, though. As an unsuspecting investing public awaited the announcement, federal authorities say a group comprising computer hackers and stock traders already had seen the release in the computer system of Marketwired, the Toronto business newswire.

Using the crucial information in the release, the group allegedly made $17 million worth of trades and orders betting Panera’s stock would lose value once the news went public. They were correct, and for their efforts walked away with nearly $1 million in profit, according to a criminal indictment unsealed Tuesday against nine people in the U.S. and Ukraine.

The international hacking scheme allegedly raked in $100 million between 2010 and 2015. It is being called the biggest case of its kind ever prosecuted, and one that demonstrated yet another way in which the financial world is vulnerable to cybercrime.

The Securities and Exchange Commission also brought civil charges against the nine plus 23 other people and companies in the U.S. and Europe.

The case “illustrates the risks posed for our global markets by today’s sophisticated hackers,” SEC chief Mary Jo White said. “Today’s international case is unprecedented in terms of the scope of the hacking at issue, the number of traders involved, the number of securities unlawfully traded and the amount of profits generated.”

The nine people indicted include two people described as Ukrainian computer hackers and six stock traders. Prosecutors said the defendants made $30 million from their part of the scheme.

Authorities said that beginning in 2010 and continuing as recently as May, they gained access to more than 150,000 press releases that were about to be issued by Marketwired; PR Newswire in New York; and Business Wire of San Francisco. The press releases contained earnings figures and other corporate information.

The defendants then used roughly 800 of those news releases to make trades before the information came out, exploiting a time gap ranging from hours to three days, prosecutors said.

Perhaps even more alarming was the assertion by prosecutors that much of the group’s ability to illegally tap into the news services’ computer systems came via “phishing,” a well-known practice in which hackers send an email with a seemingly innocuous link that, if clicked on, can eventually lead to the divulging of the user’s login and password information.

The case should sound a warning for anyone who uses email in a work setting, Paul Fishman, U.S. attorney for New Jersey, said Tuesday.

“Every employee of every company has to be vigilant about the emails they get from people who look like their friends or acquaintances, urging them to click on a link,” Fishman said. “They should say to themselves every time that happens, ‘That seems like a really bad idea.”‘

A strong earnings report or other positive news can cause a company’s stock to rise, while disappointing news can make it fall. The conspirators typically used the advance information to buy stock options, which are essentially a bet on the direction a stock will move, authorities said.

The hackers were routinely paid a cut of the profits, prosecutors contended.

Five defendants were arrested in the U.S. on Tuesday, and warrants were issued for four others in Ukraine.

Among those charged were Pavel, Igor and Arkadiy Dubovoy. Authorities said they are related but didn’t say how. Arkadiy and Igor were arrested at their homes in Alpharetta, Georgia. Pavel was believed to be in Ukraine.

It wasn’t immediately known whether the defendants had attorneys.

Business Wire said it has hired a cybersecurity firm to test its systems and make sure they are protected. PR Newswire said it is cooperating with the investigation, and added: “We take security very seriously and are dedicated to protecting our information and systems.” Marketwire did not immediately respond to a request for comment.

The hacker group made more than $600,000 by trading the stock of Caterpillar Inc. in 2011 after getting an advance look at a news release that said the heavy-equipment maker’s profits were up 27 percent, according to the indictment.

Similarly, the group made more than $1.4 million trading stock in Silicon Valley’s Align Technology in 2013 ahead of a press release that said revenue had climbed more than 20 percent, the indictment said.

The most serious charges in the indictment, wire fraud and securities fraud, carry up to 20 years in prison.

The SEC lawsuit named 17 individuals and 15 companies in the U.S. and abroad, in such places as Russia, France, Malta and Cyprus. The agency is seeking unspecified fines and restitution against the 32 defendants.

(Associated Press writers Bree Fowler and Joseph Pisani, in New York, and AP Business Writer Marcy Gordon, in Washington, contributed to this story.)

Was this article valuable?

Here are more articles you may enjoy.