Paul J. Fishman
U.S. Attorney for New Jersey Paul J. Fishman (2nd L) speaks during a news conference in Newark, New Jersey August 11, 2015. REUTERS/Eduardo Munoz

An alliance of mainly U.S.-based stock traders and computer hackers in Ukraine made as much as $100 million in illegal profits over five years after stealing confidential corporate press releases, U.S. authorities said on Tuesday.

Prosecutors announced charges against nine people in an insider-trading case that marks the first time criminal charges have been brought for a securities fraud scheme involving hacked inside information, in this instance 150,000 press releases from distributors Business Wire, Marketwired and PR Newswire.

"This is the story of a traditional securities fraud scheme with a twist - one that employed a contemporary approach to a conventional crime," FBI Assistant Director-in-Charge Diego Rodriguez said at a news conference.

Prosecutors said Ukraine-based hackers improperly accessed press releases before the distributors planned to release them to the public. The traders gave the hackers "shopping lists" of releases, prosecutors said.

The hackers created a "video tutorial" to help traders see the stolen releases, and were paid a portion of the profits from trades based on the information in them, prosecutors said.

Nine people were indicted by grand juries in Brooklyn, New York, and in Newark, New Jersey, on charges that they made $30 million in illegal profits starting around February 2010.

Five were arrested on Tuesday, and international arrest warrants were issued for the other four.

A related U.S. Securities and Exchange Commission civil lawsuit charged 17 people and 15 corporate entities, and said that thefts of inside information resulted in more than $100 million in illegal profit.

The SEC said the network included traders in New York, Cyprus, France, Malta andRussia. It is seeking civil penalties, and has already obtained court-ordered asset freezes.

Law enforcement officials have warned companies for years about securing their computer networks against hackers, whose victims over the past two years have included leading retailers and U.S. government personnel.

"This case illustrates how cyber criminals and those who commit securities fraud are evolving and becoming more sophisticated," U.S. Attorney Paul Fishman in New Jersey said at the news conference. "The hackers were relentless and they were patient."

Fishman said the distributors, who were not charged with wrongdoing, provided "fabulous cooperation" in the probe.

The breaches could put more pressure on the business, which was founded decades ago before the ubiquity of the Internet and which depend on clients trusting them with sensitive information. In recent years, major U.S. companies including Google, Microsoft, Wal-Mart and Tesla have started to publish important information on their own websites or social media platforms, reducing their dependence on the wires.

The three companies all released statements touting their cooperation with authorities and their security measures.

Business Wire, a unit of Warren Buffett's Berkshire Hathaway Inc (BRKa.N), said it hired a security firm to test its systems.

"Despite extreme vigilance and commitment, recent events illustrate that no one is immune to the highly sophisticated illegal cyber-intrusions that are plaguing every aspect of our society," it said in a statement.

PR Newswire, a unit of UBM Plc (UBM.L), said it also takes security very seriously, while Marketwired said it is protected by world-class security, monitoring and prevention practices.


The indictments said the news releases included sensitive corporate information such as financial results that would later become public. Foreign shell companies were used to share the money made from the insider trading, officials said.

"The traders were market-savvy, using equities, options and contracts for differences to maximize their profits," SEC Chair Mary Jo White said at the news conference.

Authorities said the scheme involved trades on such companies as Acme Packet Inc, Align Technology Inc (ALGN.O), Caterpillar Inc (CAT.N), Dealertrack Technologies Inc (TRAK.O), Dendreon Corp, Edwards Lifesciences Corp (EW.N), Hewlett-Packard Co(HPQ.N), Home Depot Inc (HD.N) and Panera Bread Co (PNRA.O).

The indictment in Brooklyn charged four traders: Vitaly Korchevsky, 50, a former hedge fund manager from Pennsylvania; Vladislav Khalupsky, 45, of Brooklyn and Odessa,Ukraine; and Leonid Momotok, 47, and Alexander Garkusha, 47, of the U.S. state of Georgia. The charges included securities fraud, wire fraud and money laundering conspiracy.

Korchevsky appeared without a lawyer in Philadelphia federal court. He was released on a $100,000 bond and told to surrender his passport.

A prosecutor told the court that Korchevsky was a flight risk with $5 million at his disposal and that he had traveled abroad 42 times since 2010. Korchevsky's wife told the judge that 99 percent of her husband’s travel was in his role as a pastor. Later, prosecutors asked another judge to revoke the first judge's release of Korchevsky.

A separate indictment made public in New Jersey charged Ivan Turchynov, 27, and Oleksandr Ieremenko, 24, two purported hackers who live in Ukraine; Pavel Dubovoy, 32, a trader from Ukraine; and Arkadiy Dubovoy, 51, and his son Igor Dubovoy, 28, traders from Georgia.

Arkadiy and Igor Dubovoy appeared in Atlanta federal court, and will appear there again on Thursday, including over whether they should defend themselves in New Jersey.

One indictment quotes online chats in which Ieremenko told Turchynov on March 25, 2012, that he had "bruted" the log-in credentials of 15 Business Wire employees, and told an unidentified recipient in Russian on Oct. 10, 2012, that "I'm hacking"

SEC investigators found the traders by using technology that identified both suspicious trading and relationships among traders, White told reporters.

She said those charged "went to great lengths to evade detection" and the SEC sorted through millions of traders, thousands of earnings announcements and gigabytes of data on IP addresses.