SEC Brings Charges in Edgar Hacking Case

The SEC’s complaint alleges that after hacking the newswire services, Ukrainian hacker Oleksandr Ieremenko turned his attention to EDGAR and, using deceptive hacking techniques, gained access in 2016. Ieremenko extracted EDGAR files containing nonpublic earnings results. The information was passed to individuals who used it to trade in the narrow window between when the files were extracted from SEC systems and when the companies released the information to the public. In total, the traders traded before at least 157 earnings releases from May to October 2016 and generated at least $4.1 million in illegal profits.

“International computer hacking schemes like the one we charged today pose an ever-present risk to organizations that possess valuable information,” said Enforcement Division Co-Director Stephanie Avakian. “Today’s action shows the SEC’s commitment and ability to unravel these schemes and identify the perpetrators even when they operate from outside our borders.”

“The trader defendants charged today are alleged to have taken multiple steps to conceal their fraud, including using an offshore entity and nominee accounts to place trades,” said Enforcement Division Co-Director Steven Peikin. “Our staff’s sophisticated analysis of the defendants’ trading exposed the common element behind their success, providing overwhelming evidence that each of them traded based on information hacked from EDGAR.”

The SEC’s complaint alleges that Ieremenko circumvented EDGAR controls that require user authentication and then navigated within the EDGAR system. Ieremenko obtained nonpublic “test files,” which issuers can elect to submit in advance of making their official filings to help make sure EDGAR will process the filings as intended. Issuers sometimes elected to include nonpublic information in test filings, such as actual quarterly earnings results not yet released to the public. Ieremenko extracted nonpublic test files from SEC servers, and then passed the information to different groups of traders.

The SEC’s complaint alleges that the following traders received and traded on the basis of the hacked EDGAR information:

• Sungjin Cho, Los Angeles, California
• David Kwon, Los Angeles, California
• Igor Sabodakha, Ukraine
• Victoria Vorochek, Ukraine
• Ivan Olefir, Ukraine
• Andrey Sarafanov, Russia
• Capyield Systems, Ltd. (owned by Olefir)
• Spirit Trade Ltd.

In a parallel action, the U.S. Attorney’s Office for the District of New Jersey today announced related criminal charges.

The SEC’s complaint charges each of the defendants with violating the federal securities antifraud laws and related SEC antifraud rules and seeks a final judgment ordering the defendants to pay penalties, return their ill-gotten gains with prejudgment interest, and enjoining them from committing future violations of the antifraud laws. The SEC also named and is seeking relief from four relief defendants who profited from the scheme when defendants used the relief defendants’ brokerage accounts to place illicit trades.

The SEC’s investigation, which is ongoing, was conducted by Market Abuse Unit and Cyber Unit staff David Bennett, Arsen Ablaev, Michael Baker, Jason Burt, Laura D’Allaird, Adam Gottlieb, James Scoggins, David Snyder, Jonathan Warner, Darren Boerner, and John Rymas, and IT Forensics staff Ken Zavos, Douglas Bond, Stephen Haupt, Gi Nguyen, and Jennifer Ross. The Division of Economic and Risk Analysis and the Office of Information Technology provided substantial assistance. The investigation was supervised by Robert Cohen, Joseph Sansone, and Carolyn Welshhans. Cheryl Crumpton and Stephan Schlegelmilch are leading the SEC’s litigation. The SEC appreciates the assistance of the U.S. Attorney’s Office for the District of New Jersey, the Federal Bureau of Investigation, and the U.S. Secret Service.