A 28 year old hacker from Ukraine pleaded guilty to a $30 mil. scheme involving hacking & stealing unreleased press releases, and using the obtained information to make illegal trades. Over 30 others were involved in the scheme and are now facing criminal charges.
Wall Street to many is synonymous with the words “money, wealth, power,” but grabbing a piece of the pie is no easy task – especially not if you’re an Ukrainian man living in Kiev. One such man, Vadym Iermolovych, 28, has figured out a way to do just that. Unfortunately, along with his accomplices, Iermolovych went about doing so by criminal means.
Iermolovych pleaded guilty and admitted to personally be involved in the actual hacking activities in what the U.S. Department of Justice calls the “largest known computer hacking and securities fraud scheme.”
Between 2010 and 2015, Iermolovych and 32 others involved, hacked the systems of major press release firms, gaining insider information about upcoming events that will affect the stock market. The hacked companies included Marketwired LP, PR Newswire Association LLC, and Business Wire. BBC claims that about 150,000 press releases were accessed before being released to the public. According to the court files, it appears the group has targeted hundreds of companies traded on the NYSE and NASDAQ, which resulted in profits of about $30 million over the 5 year period. Iermolovych now faces up to 20 years in prison.
Hacking & Social Engineering
The hacking was highly targeted and accomplished by the use of social engineering in the form of spear phishing and exploiting vulnerabilities such as SQL injection, to which millions of websites are still susceptible today. Upon infiltration of the companies’ systems, the hackers would proceed to obtain information about upcoming events, primarily financial information, such as profits, losses, revenues, and other confidential data.
Related article: Hacker Group Anonymous Declares War on Global Banks and the NYSE
According to the Department of Justice, the hackers were operating in collaboration with stock traders who would use the information obtained to profit on the stocks involved. The court files even mention having shopping lists of sorts provided to the traders to allow them to select the specific press releases they were after.
The entire process would usually take less than a day from the hacking to trading, usually very soon after the closing of the stock markets. Companies included in the court papers include Hewlett Packard, Home Depot, Align Technology, and Caterpillar, among others.