U.S. officials have accused an international group of hackers and stock traders of stealing insider information and making as much as $100 million in illegal profits.
Federal authorities in New Jersey said Tuesday it is the biggest scheme of its kind ever prosecuted, and one that demonstrated yet another way in which the financial world is vulnerable to cybercrime.
Nine people in the United States and Ukraine have been indicted for alleged fraud. More than 20 other individuals and companies face related civil complaints.
The case "illustrates the risks posed for our global markets by today's sophisticated hackers," SEC chief Mary Jo White said. "Today's international case is unprecedented in terms of the scope of the hacking at issue, the number of traders involved, the number of securities unlawfully traded and the amount of profits generated."
Authorities said that beginning in 2010 and continuing as recently as May, the group allegedly gained access to more than 150,000 press releases that were about to be issued by Marketwired in Toronto; PR Newswire in New York; and Business Wire of San Francisco.
The press releases contained earnings figures and other corporate information.
Members of the group were able to make trades in stocks and options before the information was made public, giving them an unfair, illegal and highly profitable advantage in trading.
The participants also are accused of money laundering by using several shell companies to try to hide their activities.
The indictment in Brooklyn charged four traders: Vitaly Korchevsky, 50, a former hedge fund manager from Pennsylvania; Vladislav Khalupsky, 45, of Brooklyn and Odessa, Ukraine; and Leonid Momotok, 47, and Alexander Garkusha, 47, of the U.S. state of Georgia.
The indictment made public in New Jersey charged Ivan Turchynov, 27, and Oleksandr Ieremenko, 24, alleged hackers who live in Ukraine; Pavel Dubovoy, 32, a trader from Ukraine; and Arkadiy Dubovoy, 51, and his son Igor Dubovoy, 28, traders from Georgia.
The charges included securities fraud, wire fraud and money laundering conspiracy.
The breaches could put more pressure on the information distribution business, which was founded decades ago and depends on clients trusting the distributors with sensitive information.
In recent years, prominent U.S. companies including Google, Microsoft, Wal-Mart Stores and Tesla have started to release important information on their own websites or social media platforms, reducing their dependence on the business wires.
In response, Business Wire said it has hired a cybersecurity firm to test its systems and make sure they are protected. PR Newswire said it is cooperating with the investigation, and added: "We take security very seriously and are dedicated to protecting our information and systems."
Marketwired issued a press release, saying it is protected by world-class security, monitoring and prevention practices.
A more alarming assertion in the case by prosecutors was that much of the group's ability to illegally tap into the news services' computer systems came via "phishing," a practice in which hackers send an email with a seemingly innocuous link that, if clicked on, can eventually lead to the divulging of the user's login and password information.
The case should sound a warning for anyone who uses email in a work setting, Paul Fishman, U.S. attorney for New Jersey, said Tuesday.
"Every employee of every company has to be vigilant about the emails they get from people who look like their friends or acquaintances, urging them to click on a link," Fishman said. "They should say to themselves every time that happens, 'That seems like a really bad idea.' "
Jim Randle contributed to this report. Some material for this report came from AP and Reuters.