Nine charged with hacking into newswire services to obtain info prior to it hitting the market

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://siliconangle.com/blog/2015/08/12/nine-charged-with-hacking-into-newswire-services-to-obtain-info-prior-to-it-hitting-the-market/

Nine people were charged on Tuesday with various offenses related to the
hacking of various newswire services to obtain information from unpublished
press releases to use to their advantage in share trades.

The U.S. Attorney’s Office, District of New Jersey, said in a statement
that the indictments charge the defendants with hacking into the newswires
and stealing confidential information about companies traded on the NASDAQ
and NYSE, in what is claimed to be the largest scheme of its kind ever
prosecuted.

Those charged were not mucking around with some casual hacking to their
advantage on the side, standing accused of stealing approximately 150,000
confidential press releases from the servers of the newswire companies.

Using that ill gotten information, they then traded ahead of more than 800
stolen press releases before their public release, generating a figure The
New York Times puts at over $100 million.

“The defendants were a well-organized group that allegedly robbed the
newswire companies and their clients and cheated the securities markets and
the investing public by engaging in an unprecedented hacking and trading
scheme,” U.S. Attorney Paul J. Fishman said.  “The defendants launched a
series of sophisticated and relentless cyber attacks against three major
newswire companies, stole highly confidential information and used to
enrich themselves at the expense of public companies and their
shareholders.”

Eastern European connection

Between February 2010 and August 2015, two Ukranian computer hackers are
alleged to have gained unauthorized access into the computer networks of
the top three newswire services: Marketwire, PR Newswire and Business Wire.

After using what is only described as the use of “a series of sophisticated
cyber attacks” to gain access, the hackers then stole press releases about
upcoming announcements by public companies concerning earnings, gross
margins, revenues, and other confidential and material financial
information.

Those hackers then shared the information with traders in the United
States, and are even alleged to have gone as far as sharing instructions on
how to access and use an overseas server where they shared the stolen
releases with the traders, and information on how to access credentials and
instructions were shared.

“This is the story of a traditional securities fraud scheme with a
twist—one that employed a contemporary approach to a conventional crime,”
Assistant Director-in-Charge Rodriguez said. “But just as criminals
continue to develop relationships with one another in order to advance
their objectives, the law enforcement community has developed a
collaborative approach to fighting these types of crimes.”

All nine defendants are facing a slew of charges, including wire fraud
conspiracy and substantive wire fraud counts which each charge carrying
upto a 20 year prison and a $250,000 fine, or twice the gain or loss from
the offense, while the securities fraud conspiracy count which all nine are
charged carries a penalty of up to five years in prison and a $250,000
fine, or twice the gain or loss from the offense.

Rather than list all counts in full detail, other charges include standard
securities fraud (<20 years, $5 million fine,) money laundering (<20 years,
$500,00 fine,) computer fraud counts (<5 years, $250,00 fine,) and
aggravated identify theft counts with carry a mandatory consecutive term in
jail of 24 months.

Suffice as to say if they’re found guilty, they may not be seeing an awful
lot of freedom in their old years of life, if any at all.

A date for the next hearing before the court was not scheduled.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!