Skip to content

Enforcement Highlights

  • About Us
  • Contact
  • Cookie Policy
Enforcement
Highlights

Covering SEC, CFTC, FINRA, PCAOB, States, Exchanges, & FCA Enforcement Activities

DOJ and SEC Announce Charges Connected to Hack of SEC’s EDGAR System

Last week, the Department of Justice (“DOJ”) and the Securities & Exchange Commission (“SEC”) announced charges connected to a large-scale, international conspiracy to hack into the SEC’s Electronic Data Gathering, Analysis and Retrieval (“EDGAR”) system and profit by trading on stolen material, non-public information. The conduct underlying these cases was one of the principal reasons that the SEC created its Division of Enforcement “Cyber Unit” to target cyber-related securities fraud violations.

In a 16-count indictment unsealed in the United States District Court for the District of New Jersey, two Ukrainian citizens, Artem Radchenko and Oleksander Ieremenko, were charged with securities fraud conspiracy, wire fraud conspiracy, computer fraud conspiracy, wire fraud, and computer fraud. The SEC’s complaint charged nine defendants – Ieremenko, six traders in California, Ukraine, and Russian, and two entities – with antifraud violations of the federal securities laws.

The charging documents allege that Ieremenko and Radchenko hacked into the EDGAR system and stole thousands of files, including annual and quarterly earnings reports containing non-public financial information. The defendants gained access to the SEC’s networks by using a series of targeted cyberattacks, including directory traversal attacks, phishing attacks, and infecting computers with malware. The defendants extracted thousands of filings from the EDGAR system to a server they controlled in Lithuania. The defendants then profited by selling access to the stolen, confidential information and by trading on the stolen information prior to its distribution to the public. In total, the defendants and their co-conspirators are alleged to have traded before at least 157 separate earnings releases, and they generated over $4 million in illegal proceeds.

Some of the individuals charged in these cases were previously charged in connection with a similar scheme to hack into the computer systems of multiple newswire organizations and steal press releases containing financial information that had not yet been released to the public. Several of the same methods used to hack the newswire organizations were also employed to hack the EDGAR system.

The criminal and civil charges in these cases are a reminder that both DOJ and the SEC have prioritized combatting cybercrime and, in particular, network intrusions. They also serve as a stark reminder that any organization, even a U.S. government agency, can be targeted and victimized by cybercriminals. Companies and firms would be wise to examine the techniques used by the defendants in these cases and ensure that their own cyber defenses are sufficient to protect against and thwart similar attacks. For additional guidance, companies and firms can look to SEC guidance and actions issued since the creation of the SEC’s Cyber Unit.

Subscribe and Receive Alerts to New Articles

SUBSCRIBE
January 22, 2019
Written by: Peter Baldwin and James G. Lundy
Category: Compliance and Supervision, Hedge Funds and Private Equity, Insider and Manipulative Trading, Investment Advisers and Broker Dealers, Public Companies, Accounting, and Auditing
Tags: DOJ

Post navigation

Previous Previous post: U.S. Attorney’s Office for the Southern District of New York Announces First-Ever Criminal Bank Secrecy Act Charges Against a U.S.-Based Broker-Dealer
Next Next post: Alert: FINRA’s 529 Plan Share Class Initiative to Self-Report

Subscribe to Email Alerts

Categories

  • Compliance and Supervision
  • Futures and Derivatives
  • Hedge Funds and Private Equity
  • Insider and Manipulative Trading
  • Investment Advisers and Broker Dealers
  • Public Companies, Accounting, and Auditing

©2021 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

  • About Us
  • Contact
  • Cookie Policy
We use cookies to improve your experience with our website. By browsing our site, you are agreeing to the use of cookies. For more information about how we use cookies, please review our privacy policy and cookie policy. OK
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.