Cybercrime , Fraud Management & Cybercrime , Fraud Risk Management
$1 Million Rewards Offered for Help in Finding SEC HackersState Department and Secret Service Still Hunting for 2 Ukrainian Nationals
The U.S. State Department is offering rewards of up to $1 million for information that could lead to the arrest and conviction of two Ukrainian nationals who allegedly hacked the Security and Exchange Commission's EDGAR system server in 2016.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
The reward money for tips that lead to the apprehension of Ukrainian citizens Artem Viacheslavovich Radchenko and Oleksandr Vitalyevich Ieremenko will be drawn from the State Department's Transnational Organized Crime Rewards Program.
Today we are asking you for help worldwide in the search for two of our most wanted cyber criminals, charged with hacking into the #SEC. This is our story… #TheCyberSearch pic.twitter.com/PdnABXF7Ku— U.S. Secret Service (@SecretService) July 22, 2020
In January 2019, a federal grand jury indicted Radchenko and Ieremenko on 16 criminal charges, including securities fraud conspiracy, wire fraud conspiracy, computer fraud conspiracy, wire fraud and computer fraud, according to the U.S. Justice Department (see: Insider Trading: SEC Describes $4.1 Million Hacking Scheme).
Federal prosecutors and the SEC allege that Radchenko and Ieremenko participated in the hacking of the EDGAR system in 2016 to steal nonpublic corporate information. A group of stock traders and companies later used this information to illegally earn $4.1 million through insider trading, according to the indictment.
EDGAR, which stands for Electronic Data Gathering, Analysis and Retrieval, is an electronic filing repository for company data, including future announcements and corporate financial records. By hacking into one test server, the hackers retrieved "test files" uploaded by companies prior to publicly releasing the information. The traders and companies that received this information from the hackers then made trades based on this information, according to the SEC's original complaint.
Federal prosecutors allege that Radchenko and Ieremenko each played integral roles in the 2016 EDGAR hack.
Ieremenko allegedly hacked the EDGAR server in 2016 after gaining access to the system by bypassing its authentication controls, according to the indictment. He then began giving insider company data to six traders and two companies, who then bought and sold stocks based on that information.
Radchenko is accused of recruiting Ieremenko and other Ukrainian hackers as part of several schemes from February 2016 through March 2017, which included compromising the SEC's EDGAR system, according to the State Department.
While the hacking of the EDGAR server started in February 2016 and continued through at least October of that year, the SEC did not discover the incident until 2017 - the exact date is not clear - and cut off access to the system, according to a previous announcement.
The SEC eventually revealed the hacking incident in September 2017, but the criminal case was not announced until January 2019.
The State Department announcement this week did not indicate where authorities believe that Radchenko and Ieremenko are currently residing. A 2018 report in The Verge indicated that Ieremenko fled to Russia.
In April, the SEC settled cases with two of the traders accused of profiting from the theft of the inside information. Cases against the other stock brokers and companies are still pending (see: SEC Settles With 2 Traders Over EDGAR Hacking Case).
In addition to the EDGAR hacking case, the SEC and Justice Department also believe that Ieremenko was responsible for hacking into U.S. newswires to steal confidential, nonpublic information on businesses as part of an international insider-trading scheme (see: Feds Charge 9 with $30M Insider Trading, Hacking Scheme).