Nine stock traders and computer engineers 'made $100 MILLION by hacking news wires to see earnings forecasts before their release then trading on the information'

  • International hacking group 'made $100 million between 2010 and 2015'
  • Ukrainian hackers 'accessed news wires for forecasts before their release'
  • They 'sent the information to stock traders who started selling off shares'
  • When the news came out, they bought it back for millions of dollars' profit
  • The SEC says it is one of the worst cybercrime cases ever prosecuted
  • They each face up to 20 years in jail for the heaviest charge - fraud 

Nine people in the US and Ukraine have been charged with hacking computers to steal confidential forecasts about stocks in one of the biggest cases of cybercrime and fraud ever prosecuted.

The defendants, including two Ukrainian computer hackers and six stock traders, allegedly made $30 million from the $100 million international scheme between 2010 and 2015.

They face up to 20 years in jail for cybercrime and fraud.  

In one landmark case, the group made $17 million worth of trades and orders betting that Panera Bread Co.'s stock would dive on October 22, 2013. 

It was not a hunch. 

Scroll down for video 

Nine people  have been charged with hacking computers to steal forecasts about stocks in one of the biggest cases of cybercrime and fraud ever prosecuted. The charges were announced on Tuesday (pictured)

Nine people have been charged with hacking computers to steal forecasts about stocks in one of the biggest cases of cybercrime and fraud ever prosecuted. The charges were announced on Tuesday (pictured)

HOW THEY ALLEGEDLY HACKED THE NEWS WIRES TO SEE FORECASTS

Two Ukrainian computer hackers used Structured Query Language (SQL) injections to access the news wires, the charge states.

An SQL injection is a way of injecting code into a data-driven web server that allows the hacker access to its entire database.

They are also accused of using phishing, a very simple hacking technique that involves sending a link in an email. When clicked, it gives the hacker access to the recipient's login details. 

According to the SEC, the defendants accessed more than 150,000 news releases between 2010 and 2015. 

According to a criminal indictment unsealed on Tuesday, the men had hacked Toronto-based news agency Marketwired at 2pm to see embargoed earnings expectations.

They then started shorting their shares - selling them off in the hope of buying them back cheaper when the stock dived - and made bets on the news that they knew would come at 4pm, the charge states.

By 5pm, they had made $1 million profit.

Five defendants were arrested in the U.S. on Tuesday, and warrants were issued for four others in Ukraine. 

The Securities and Exchange Commission also brought civil charges against the nine plus 23 other people and companies in the U.S. and Europe.

The case 'illustrates the risks posed for our global markets by today's sophisticated hackers,' SEC chief Mary Jo White said. 'Today's international case is unprecedented in terms of the scope of the hacking at issue, the number of traders involved, the number of securities unlawfully traded and the amount of profits generated.' 

Authorities said that beginning in 2010 and continuing as recently as May, they gained access to more than 150,000 press releases that were about to be issued by Marketwired; PR Newswire in New York; and Business Wire of San Francisco. The press releases contained earnings figures and other corporate information.

The defendants then used roughly 800 of those news releases to make trades before the information came out, exploiting a time gap ranging from hours to three days, prosecutors said.

Perhaps even more alarming was the assertion by prosecutors that much of the group's ability to illegally tap into the news services' computer systems came via 'phishing,' a well-known practice in which hackers send an email with a seemingly innocuous link that, if clicked on, can eventually lead to the divulging of the user's login and password information.

The case should sound a warning for anyone who uses email in a work setting, Paul Fishman, U.S. attorney for New Jersey, said Tuesday.

In one case, they made $17m worth of trades and orders betting that Panera Bread's stock would dive on October 22, 2013. It came after Panera told newswires they would be setting earning guidance down

In one case, they made $17m worth of trades and orders betting that Panera Bread's stock would dive on October 22, 2013. It came after Panera told newswires they would be setting earning guidance down

'Every employee of every company has to be vigilant about the emails they get from people who look like their friends or acquaintances, urging them to click on a link,' Fishman said. 'They should say to themselves every time that happens, 'That seems like a really bad idea.''

A strong earnings report or other positive news can cause a company's stock to rise, while disappointing news can make it fall. The conspirators typically used the advance information to buy stock options, which are essentially a bet on the direction a stock will move, authorities said.

The hackers were routinely paid a cut of the profits, prosecutors contended.

Five defendants were arrested in the U.S. on Tuesday, and warrants were issued for four others in Ukraine.

THE PANERA BREAD CO HACK

Panera Bread Co. issued a statement to news wires on October 22, 2013, saying it was going to revise its earnings expectations down for the last quarter. The news would be released just after stocks closed at 4pm.  

At 2pm on October 22, 2013, a Ukrainian hacker sent this information to a group of stock traders, including Georgia-based Pavel, Igor and Arkadiy Dubovoy.

They then started shorting stocks - selling them off in the hope of buying them back cheaper when the stock dived - and making bets on the news. 

At 4.05pm, the news was released and Panera's stock plummeted, meaning the group made $17 million - about $1 million profit. 

Among those charged were Pavel, Igor and Arkadiy Dubovoy. Authorities said they are related but didn't say how. Arkadiy and Igor were arrested at their homes in Alpharetta, Georgia. Pavel was believed to be in Ukraine.

It wasn't immediately known whether the defendants had attorneys.

Business Wire said it has hired a cybersecurity firm to test its systems and make sure they are protected. 

PR Newswire said it is cooperating with the investigation, and added: 'We take security very seriously and are dedicated to protecting our information and systems.' Marketwire did not immediately respond to a request for comment.

The hacker group made more than $600,000 by trading the stock of Caterpillar Inc. in 2011 after getting an advance look at a news release that said the heavy-equipment maker's profits were up 27 percent, according to the indictment.

Similarly, the group made more than $1.4 million trading stock in Silicon Valley's Align Technology in 2013 ahead of a press release that said revenue had climbed more than 20 percent, the indictment said.

The most serious charges in the indictment, wire fraud and securities fraud, carry up to 20 years in prison.

The SEC lawsuit named 17 individuals and 15 companies in the U.S. and abroad, in such places as Russia, France, Malta and Cyprus. The agency is seeking unspecified fines and restitution against the 32 defendants.

 

The comments below have not been moderated.

The views expressed in the contents above are those of our users and do not necessarily reflect the views of MailOnline.

We are no longer accepting comments on this article.

Who is this week's top commenter? Find out now