Cybercrime , Fraud Management & Cybercrime

Russian Found Guilty of Insider Trading in Hacking Case

$90 Million in Proceeds Illegally Netted by Using Pre-Public Earnings Information
Russian Found Guilty of Insider Trading in Hacking Case

A U.S. jury returned a guilty verdict against a man who ran a criminal hacking scheme that earned $90 million via insider trading while running a Moscow-based IT services firm associated with the Russian government.

See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk

After a 10-day trial, a federal jury in Boston on Tuesday found Vladislav Klyushin, 42, guilty of obtaining unauthorized access to computers, as well as wire fraud and securities fraud. The Russian national, who faces more than 50 years in prison and a fine equal to double the $38 million of personal profit he gained from the scheme, is due to be sentenced in May.

"For nearly three years, he and his co-conspirators repeatedly hacked into U.S. computer networks to obtain tomorrow's headlines today. They used that nonpublic information to trade illegally in the shares of hundreds of publicly traded companies," said U.S. Attorney Rachael S. Rollins of the District of Massachusetts.

Prosecutors said Klyushin personally earned $38 million from the scheme, including $23 million from his own trades and over $13 million from trades he made for others, using their money, in return for his keeping 60% of the resulting profits.

Klyushin's attorney, Boston-based Maksim Nemtsev, could not be immediately reached for comment. But he told The Associated Press that prosecutors had employed "novel theories" in the case that remain untested by higher courts. Klyushin will appeal, he said.

Prosecutors said the hacking scheme ran from at least January 2018 through September 2020 and involved more than 2,000 different earnings events.

Klyushin's journey to a U.S. courtroom started in Switzerland, where police arrested him at the behest of American authorities in March 2021 while he was vacationing with family. As is typical when a Russian national is detained abroad, Moscow filed a competing extradition request. Swiss authorities found in Washington's favor, extraditing Klyushin in December 2021. During his first appearance in Boston federal court, a judge rejected his request for bail, saying he presented "a substantial risk of flight" (see: Russian Denied Bail in Insider Trading Hacking Case).

An indictment unsealed in January 2022 charged five Russian men, including Klyushin, aka Kliushin, with perpetrating the scheme, which used hacking to steal pre-public information pertaining to hundreds of companies listed on the New York Stock Exchange and Nasdaq.

Companies whose information the men obtained included Capstead Mortgage, Horizon Therapeutics, IBM, Microsoft, Roku, Snap, SS&C Technologies and Tesla, according to information presented at the trial.

Moscow Firm Accused of Criminal 'Penetration Testing'

Klyushin's four alleged co-conspirators - Ivan Ermakov, Nikolai Rumiantcev, Mikhail Vladimirovich Irzak and Igor Sergeevich Sladkov - have also been charged, but all remain at large. The U.S. Securities and Exchange Commission filed a separate complaint against the five men in December 2021.

The hacking and theft of pre-public financial information was carried out by Moscow-based IT service and media monitoring firm M-13, which Klyushin founded and led, according to information presented at the trial. On its website, the firm claimed to count among its customers "the administration of the president of the Russian Federation, the government of the Russian Federation, federal ministries and departments, regional state executive bodies, commercial companies and public organizations."

Among the services advertised by M-13 were penetration testing and "emulation of a full-fledged targeted attack (red team APT)."

Prosecutors said M-13 used its attack capabilities and "malicious infrastructure" to steal login information for systems used by employees of two unnamed service providers. Companies use the providers to submit to the SEC quarterly and annual earnings reports that contain pre-public information about whether a company's earnings were due to exceed or fall short of market expectations. The suspects have been charged with using this information to predict whether a company's stock price would rise or fall and with making trades designed to capitalize on that information.

Prosecutors told the jury that 97% of the trades made by Klyushin and his co-conspirators correlated with earnings event information handled by the two hacked service firms that handled SEC filings. "Testimony at trial indicated that the odds of this trading pattern occurring in the absence of a relationship between the trading and the identity of the filing agent was less than one in a trillion," the DOJ said.

The scheme was incredibly lucrative, with returns of 900% when the market was returning just over 25%. "Klyushin and his co-conspirators earned close to $100 million in earnings trading from roughly $9 million in investments using inside information, even as they lost close to $10 million in non-earnings trading," the DOJ said.

Prosecutors said the men's trading activity was distributed across banks and brokerages in Cyprus, Denmark, Portugal, Russia and the United States and that the group "misled brokerage firms about the nature of their trading activities."

At-Large Suspect Is Alleged GRU Officer

One of the suspects in this case, Ermakov - aka Yermakov, whom prosecutors describe as a friend of Klyushin and fellow director of M-13 as well as a Russian military officer, faces other hacking charges not tied to this case.

Indictments filed against Ermakov accuse him of working with the Russian military intelligence group's GRU hacking team - known as Fancy Bear and APT28 - to steal information from the Democratic National Committee as part of Russia's 2016 U.S. election interference.

Ermakov was also charged with being one of the alleged GRU agents whom prosecutors describe as having engaged in "the use of hacking to spread the personal information of hundreds of anti-doping officials and athletes as part of an effort to distract from Russia's state-sponsored doping program."


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.