Federal authorities filed charges accusing eight people, including individuals from Russia and Ukraine, of hacking into a government database holding corporate secrets in a scheme that led to at least $4.1 million in illegal trading profits.
In a civil complaint, the Securities and Exchange Commission alleged that the defendants launched a sophisticated cyberattack against the agency starting in 2016. Once they penetrated the SEC’s system, the hackers stole thousands of documents with sensitive, confidential information about corporations’ financial conditions. They used that information to make a profit from illegal trading, prosecutors said.
“These threats to our marketplace are significant and ongoing and often involve threats from actors outside our borders. No system can be entirely safe from a cyber intrusion,” SEC Chairman Jay Clayton said in a statement.
The U.S. Attorney’s Office for the District of New Jersey filed related criminal charges against two people it says were involved in the scheme. The 16-count indictment charges Artem Radchenko, 27, and Oleksandr Ieremenko, 27, both of Kiev, Ukraine, with securities fraud conspiracy, wire fraud conspiracy and other crimes. Neither are believed to be in the United States or in custody, according to the U.S. attorney’s office.
The hackers and traders compromised “the integrity of the market” and deprived “honest investors of a level playing field,” said Brian Benczkowski, an assistant U.S. attorney in New Jersey.
The system that was breached, known as Edgar, serves as a clearinghouse for public filings companies must make to the agency, including reports on periodic financial results and newsworthy developments. There can be a lapse between the time when reports are electronically filed with the agency and when they can be viewed by the public, making the system a lucrative target for hackers hoping to learn sensitive information before the rest of the market.