Cybercrime , Fraud Management & Cybercrime , Governance & Risk Management
SEC Settles With 2 Traders Over EDGAR Hacking Case
Ukrainian Man Behind the Hacking Remains at LargeThe U.S. Securities and Exchange Commission has settled charges against two traders who were accused of profiting from insider information stolen from the hacking of an SEC EDGAR system server in 2016, the commission announced.
See Also: The Healthcare CISO’s Guide to Medical IoT Security
David Kwon of California and Igor Sabodakha of Ukraine each agreed to pay fines and restitution to settle the charges, according to the SEC. The two were part of a group of six individuals and two companies whom the SEC charged in 2019 with profiting from insider information gleaned from the hacking of the EDGAR server.
The hacking and insider trading scheme illegally netted the group a total of $4.1 million over several months, according to the SEC (see: Insider Trading: SEC Describes $4.1 Million Hacking Scheme).
EDGAR, which stands for Electronic Data Gathering, Analysis, and Retrieval, is the SEC's system that acts as an electronic filing repository for company data, including future announcements and corporate financial records. By hacking into one test server, the hacker retrieved nonpublic "test files" uploaded by companies prior to releasing the information publicly. The traders and companies then made trades based on this information before it went public, according to the SEC's original complaint.
In addition to the six traders and two companies charged by the SEC, the U.S. Justice Department criminally charged Oleksandr Ieremenko, a Ukrainian national, with the hack of the EDGAR server. Ieremenko allegedly gained access to the system by bypassing its authentication control, according to the criminal indictment.
A second man, Artem Radchenko, who is also a Ukrainian national, was also charged by the New Jersey U.S. attorney, which is overseeing the criminal case.
Once the EDGAR system was hacked, Ieremenko allegedly gave the information to the traders, who profited from the inside information. While charged in 2019, Ieremenko remains at large and is believed to be living in Russia and out of the reach of U.S. authorities, according to The Verge. Radchenko also remains at large.
The Scheme
After Ieremenko gained access to the EDGAR test server, he began giving insider company data to the group of six traders and two companies, who would then buy and sell stocks based on that information before it went public.
Sabodakha, for example, made a total of 49 trades based on the insider information between May and October 2016. Kwon made a total of 18 trades based on insider knowledge during the same time period, according to the SEC.
While the hacking of the EDGAR server started in February 2016 and continued through at least October 2016, the SEC did not discover the incident until 2017 - the exact date is not clear - and cut off access to the system, according to a previous announcement.
The SEC later announced the hacking incident in September 2017, but the criminal case was not announced until January 2019.
As part of the agreement with the SEC, Kwon will pay $165,474, which represents the amount he made as part of the illegal trading, as well as $16,254 in prejudgment interest. Sabodakha agreed to disgorge $148,804 in profits from his illegal trades, including trades he conducted in the account of his wife, plus $20,945 in interest. Sabodakha also agreed to pay a civil penalty of $148,804. In turn, the SEC will dismiss charges against Sabodakha's wife.
These agreements are subject to approval from a federal judge, and the cases against the other traders and companies remain open.
Other Cases
In addition to the EDGAR hacking case, the SEC and Justice Department also believe that Ieremenko was responsible for hacking into major U.S. newswires to steal confidential, nonpublic information on businesses as part of an international insider-trading scheme. The case was disclosed in 2015 (see: Feds Charge 9 with $30M Insider Trading, Hacking Scheme).
Some of the same traders involved in the EDGAR case were also involved in profiting from the hacking of the newswires, the SEC says.