Two Ukrainian Nationals Indicted For Hacking EDGAR Reports

By January 25, 2019Data Breach

The U.S. Attorney’s Office for the District of New Jersey announced on January 15, 2019 that two Ukrainian men have been charged for their roles in a large-scale, international conspiracy to hack into the Securities and Exchange Commission’s (SEC) computer systems and profit by trading on critical information they stole.

The 16-count indictment alleges that from February 2016 to March 2017, the defendants and others conspired to gain unauthorized access to the computer networks of the SEC’s Electronic Data Gathering, Analysis and Retrieval (EDGAR) system, which is used by publicly traded companies to file required disclosures, such as annual and quarterly earnings reports. These filings contained detailed information about the financial condition and operations of the companies, including their earnings. Such information can, and often does, affect the stock price of the companies when it is made public, and is therefore highly confidential prior to its disclosure to the general public.

The EDGAR system allows companies to make test filings in advance of a public filing. These test filings often contain information that is the same or similar to the information in the final filing. The defendants allegedly stole thousands of test filings before they were released to the public, and sought to profit from their theft by using the information in the test filings to trade before the investing public learned the information.

The indictment alleges that in order to gain access to the SEC’s computer networks, the defendants used a series of targeted cyber-attacks, including directory traversal attacks, phishing attacks, and infecting computers with malware. Once the defendants had access to the test filings on the EDGAR system, they allegedly stole them by copying the test filings to servers they controlled. For example, between May 2016 and October 2016, the defendants extracted thousands of test filings from the EDGAR servers to a server they controlled in Lithuania.

The wire fraud conspiracy and substantive wire fraud counts with which the defendants are charged carry a maximum potential penalty of 20 years in prison and a $250,000 fine, or twice the gain or loss from the offense. The securities fraud conspiracy, computer fraud conspiracy, and substantive computer fraud counts with which the defendants are charged carry a maximum potential penalty of five years in prison and a $250,000 fine, or twice the gain or loss from the offense.

Source

If your business is presently or may soon be involved in data breach litigation in the United States, email us at info@businesslitigationcontingencylawyers.com or telephone us toll-free in the United States at 800-756-2143 to find business litigation contingency lawyers who may handle your data breach litigation matter on a contingency basis.

BusinessLitigationContingencyLawyers.com – The Practical Solution For Business Litigation