Slashdot Mirror
Hacker Could Keep Money from Insider Trading
Reservoir Hill brings us a New York Times story about a man who will be allowed to keep the money he gained through hacking into a computer system in order to gain early access to a company's earnings statement. From the Times:
"On Oct. 17, 2007, someone hacked into a computer system that had information on an earnings announcement to be made by IMS Health a few hours later. Minutes after the breach of computer security, Mr. Dorozhko invested $41,671 in put options that would expire worthless three days later unless IMS shares plunged before that. The next morning the share price did plunge, and Mr. Dorozhko made his money by selling the puts. 'Dorozhko's alleged "stealing and trading" or "hacking and trading" does not amount to a violation' of securities laws, Judge Naomi Reice Buchwald of United States District Court ruled last month. Although he may have broken laws by stealing the information, the judge concluded, 'Dorozhko did not breach any fiduciary or similar duty "in connection with" the purchase or sale of a security.' She ordered the S.E.C. to let him have his profits."
It is stock market after all, nobody can guarantee the outcome even with insider news. What if the company suddenly decided to delay the announcement?
Virtual Betting on Facebook for non-geeks.
If he were to say that I told him, them we would have the book thrown at us ... but if he cracks a machine then all is OK
Stupid!
"I am invincible!" -Boris Grishenko
The judge's ruling seems pretty reasonable to me. What the hacker did was not insider trading, because he was not an insider, so the various regulations governming insider trading should have been found not to apply here.
Of course, as the judge also noted, that doesn't mean he broke any other laws. A fine equal to the profit he made on the options plus the original cost of buying them in the first place plus the cost of security work to ensure the systems are no longer vulnerable, combined with a jail sentence equal to what would have been handed down to an insider who made the same deal, seem like a fair punishment for the hacking to me.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Of course he was welcome, they told him, welcome to the money. And he was going to need it. Because- still smiling- they were going to make sure he never worked again.
Gamertag: WyleType
He *may* get to keep it. Basically what has happened is that the courts have ruled that the SEC can't take away his money, because what he did isn't insider trading. Remember that the SEC just regulates stock trading. So since this isn't insider trading, they don't have the authority to seize his funds.
However, he still could lose them. If the government tries and convicts him of a crime for actually hacking in to the system, then the money can be taken. You aren't allowed to profit from crimes, and as such the government can seize assets you gained through crime. So, if they manage to convict him of breaking in to the systems, the money he made in the trades will be fair game since it was a result of the break in.
However at this time he's not been charged, so that isn't on the table yet. However that doesn't mean this ruling says you get to keep your money no matter what in a case like this. It just means that it doesn't quality as insider trading so the SEC can't take it.
A similar case would be something like robbing a bank and then using the money to make more in the stock market. Even though the money was stolen, it isn't a violation of securities laws, so the SEC couldn't take it from you. However if you get convicted of robbery, the court could then seize the profits you got from that crime.
While not insider trading, this person has presumably broken other laws. The government should have prosecuted him under the laws that covered his actions, and not the laws they would like to cover his actions. If those laws are insufficient they should try and fix the laws, not prosecute him for breaking laws he hasn't.
Considering Phlebas, whoever the hell he is.
Seriously, all share trading works on the basis of one party thinking they know something that either makes a stock worth selling or worth buying. When they are right they make a profit and when wrong they make a loss.
If you don't have any privileged (either by insider or through your own analysis) information, you're effectively just making a bet - you might as well buy a lottery ticket.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
Reminds me about a Swedish group called Hack'n'Trade...
I think they meant some other kind of trading though.
c++;
Most people who are caught being sneaky hackers get sixfigure jobs as analysts. In fact one of the running jokes in security is that you have to do time to break the sixfig cap! Mitnick.
The dangers of knowledge trigger emotional distress in human beings.
I have some karma to burn, so I am going to go off topic / troll here.
Will whoever modded the parent a troll please share his or her logic? I will admit that it is not brilliant, so offtopic, maybe, overrated, maybe, but troll? That's just an insult. Personally, I am happy to see a first post that is not an AC "fp bitches!" and I think the effort should be rewarded.
I meta moderate about every other day, and I almost always rate the troll mods as "unfair". I don't know if this has any effect, but just so you know.
weirdest thing I ever saw: scientology advertising on slashdot.
"Mr. Dorozhko invested $41,671 in put options that would expire worthless three days later unless IMS shares plunged before that. The next morning the share price did plunge, and Mr. Dorozhko made his money by selling the puts."
I don't understand this. He was buying, waiting for the share price to plunge, and then selling. Doesn't that mean he was selling lower than he bought? How did he make money?
That this is actually quite appropriate. Since he didn't have any fiduciary duty, the SEC shouldn't take his money away. That said, since it's profit from an illegal act, I would hope that the money would be taken away -- if and when he is convicted for the crime of stealing the data.
Too often in this country we seem to be throwing every law available at people and making up new ones to go with them, when the acts we're trying to punish are already illegal. If he didn't break securities laws, he shouldn't be punished under them. Since he did (we assume, but it hasn't yet been proven) break unauthorized access laws, he should be punished under those.
We don't need more laws against things that are already illegal, and we don't need to make a mockery of existing laws by applying them to things they don't apply to. On a related note, why do we need separate "identity theft" and "atm card fraud" laws, when anyone being charged with them is already also being charged with uttering false instruments and fraud? Our legal code needs to be smaller and simpler; making it so would make it more effective and efficient, not less.
2. Get the necessary information...
3. goto court and...
4. Profit.
like most answers, it's been right under our noses all along, I guess that goto's are not so bad after all :-)
My ism, it's full of beliefs.
My company was publically traded for two years, and was recently bought by a large multi-national. Somehow, magically, mysteriously, the week before the announcement of the buyout offer was made, our stock jumped 2.50 out of nowhere, which is pretty big for a 5 dollar stock.
I asked the CFO about it at the company meeting, in front of a sea of shocked faces, and smirked at his "uhh some guys were shorting the stock its a coinkydink" answer.
Why regular folks would even invest is beyond me. The whole stupid fucking system is rigged to take from the poor, and give to the rich.
I don't need no instructions to know how to rock!!!!
Well...he got the money from a by-product of a fringe benefit of the hack (Hack->useful information (insider info)->steal). Would a similar argument be applicable if he was able to siphon money from individuals' accounts had he gained some passwords (Hack ->useful information(passez) -> steal). I wouldn't think so.
Agreed, that he was not an insider so he can't be convicted for insider trading...but there should have been at least one more lawsuit going against him!
Insider trading will loosely be seen by most people as trading with information that only insiders would have.
In a long series of situations this is illegal:
- Any employee of the company does it
- Anyone who has gained access to it as part of their job
- Professional organisations will typically have strict rules against insider trading (the CFA institute for example) and while they don't put you in jail they will kick you out for disgraceful conduct
For some reason however the following will NOT land you in jail:
- You stand on a street corner, a drunken guy comes up to you and identifies himself as the CEO of a company and tells you his company will announce fantastic earnings tomorrow. You trade on it and make a dime. In this case HE will be deemed to have broken the law - YOU will not. Probably out of purely pragmatic concerns - most people would be very surprised if they acted on a tip from someone to buy share X and this happened to land them in prison for five years.
Apparently the judge rightfully recognised that the law at the moment does not appear to (IANAL) distinguish between non-professionals who get that kind of tip from legal means and from illegal means.
He was buying, waiting for the share price to plunge, and then selling. Doesn't that mean he was selling lower than he bought? How did he make money?
They're called PUTS dammit!
The fact that he hasn't already been charged with criminal trespass or breaking into a computer system or whatever likely means the evidence they have isn't sufficient to sustain a criminal charge where the standard of proof is "beyond a reasonable doubt". So the government went after him for violating rules where the standard is far weaker - possibly the same if not weaker than the "preponderance of evidence" standard in a civil case.
Now that the judge has shot that down (I have no idea whether this was a good decision since I have no knowledge of precedent-setting cases in this general area) they'll have to try something else. My offhand guess is they'll now try for asset forfeiture, because that way once again they can get civil rather than criminal standards of proof. (For those that are unaware, the way civil forfeiture works is the government sues the property itself, not the person. In fact once the government shows probably cause that the asset should be forfeited it then up to the owner to prove under the preponderance of evidence standard that it is not.)
The problem with too loose a definition is then lots of people end up being considered insiders...
;).
;).
For example, say X does Y classes for the wives of big bosses, and X might be able to tell whether the various companies are doing well or not just from observing the wives
Even if the husbands aren't telling the wives that their companies just had record profits, the new cars/vacation/etc they bought for their wives might reveal stuff.
Sure it's not 100%, but apparently it worked well enough for someone I know
I know the article makes it seem like he got away with it. Far from it.
There are only 2 situations here:
1) He had legal access to the documents. If true, that is insider trading. The SEC is the proper governing body and they will punish him.
2) He did not have legal access to the documents and stole them through whatever means he used to do so. If true, then he will also be punished, but by prosecution in a criminal court. Upon conviction, the money will be confiscated.
All the article really says is that the SEC determined that it is not proper for them to make a decision since he did not have legal access to the documents. That's it.
Now if the criminal court let's him go, then maybe people can get upset about that.
P.S - The company can also file a civil suit against him.
Wow hacking really does pay off!
This is just a botched prosecution, not a decision with major implications. The attacker is a Ukrainian resident. He could have been prosecuted under some computer crime statute, but that would require investigative resources and cooperation from the State Department and the government of Ukraine. An "insider trading" case probably looked easier to some lawyer at Justice, even though this is clearly "outsider trading". They didn't expect that an admitted criminal would actively contest a seizure of the money.
So a judge let him have his ill-gotten gains. He still broke into computer systems to gain the information he used in this exploit. What's to stop a criminal judge from prosecuting him for that, sending him to jail, and fining him all the profits he made on this plus what he invested in the first place plus some on top of that to drive the point home?
What the heck? It was a specific gain as a result of a crime. Is that still legal in the U.S.?
As soon as he has the info, he cannot trade on it as he is an insider. Simple.
The judge is an idiot.
The legal system messed up here. Was it the prosecutors going for the wrong crime? Did the judge also have blinders on?
If I cheat and steal something then all derivatives of that something are tainted.
Thanks,
Jim
This is awesome. Don't be a player hater. You need to recoginze this DG as elite.
There is no 'insider trading' regulations on options market. SEC rules do not apply, since SEC do not regulate options market. The guy did buy puts _options_ not stock, right? So, even if the net result of buying puts is similar to selling stock, it's not the same. So he did not break any regulation.
Now, apparently he did break quite few laws regarding unauthorized intrusion into computer systems, but that's completely different ballgame.
Computer [to Hacker]: Stop! Access to information on this computer is only entrusted to a specific few. Are you one of them?
Hacker: Yes, I am. Here are my credentials.
Computer: Ah, yes. I am duly fooled. Access granted. Come inside and be entrusted.
[User enters, is entrusted with information, later abuses information he has been entrusted with to his personal benefit.]
Legal System: Stop! You are charged with trading on insider information.
Hacker: I'm sorry. Although while it worked for me earlier to claim I was one of the entrusted few, now that I have entered and abused your information, I find it convenient to claim I am not trustworthy, have never been inside, and that my source of income is not related to this company.
While I admit there is some wiggle room here for making arguments on both sides, the role of a judge is to inject some common sense in the gray areas. Otherwise, we'd have a robot there.
I'm not a lawyer and I haven't read the relevant law (no one seems to have cited the specific statutes, and tracking them down is beyond my skill to do in the time I have handy), but it seems to me there is at least a case to be made that the information was inside, that the person had to go inside and become an insider to get it, and that although they may have gained that access and trust on false pretenses, the information was obtained as a direct consequence of having established a trust relationship with an agent of the company (the computer). The system thought it had asked the appropriate questions of trust. It's unlikely that the hacker did not know he was answering in a manner that would mislead. And so, having affirmatively elected himself an insider and worthy of trust in order to obtain the information, the hacker could be prosecutable now for breaching that trust.
Kent M Pitman
Philosopher, Technologist, Writer
he is profiting from something he has stolen.. how is this not a crime and therefore illegal to let him profit from?
If you mod me down, I will become more powerful than you can imagine....
Ok, So I suppose the fact that some guy from the Ukraine bought roughly 50K worth of put options minutes after the hack tipped them off, but I wonder how they proved he hacked the computer and didn't just guess lucky?
You would think that he would cover his tracks better if he was going to go ahead with this.
Plus, if you did just guess lucky, does the SEC come after you anyway trying to prove insider trickseyness?
-The more you learn, the more things you realize you don't know-
Comment removed based on user account deletion
Same thing happened many years ago in a case called Chiarella, the low-tech version of this case. A printer was stealing corporate information and trading on it. The court found him not guilty based on the same statute. Congress did nothing. Who can blame them? They're busy doing important stuff like investigating the Patriots and asking Roger Clemens if he's a vegan.
What if the information was sitting on a public web server waiting for its official release 3 days later.
Then our intrepid day trader finds that, due to a scripting error, that information is viewable with just a little manipulation of a URL.
Is that stealing the information? Is it a crime or just good fortune?
Ad 1., The attacker was a foreigner of a non-allied country. He attacked the economy of the USA. If the judge rules for him, then the judge is guilty of capital treason and should be promptly arrested, then tried in court martial.
.. if this guy is let run with the money, this is a clear sign that USA is fair game for all slavic hackers. Think with your wallet oh fellow yankee and say his cannot happen.
Air Force Cyber Command (P) lead Major General William Lord and national spy boss Michael McConnell have recently expressed grave concern for the info-security of Wall Street, they think a competent cyber attack against US financial institutions can cause more economic harm that Sep 11th did. If this ukranian (who is quite possibly not an ukranian, but a russian living in ukraina, the country is very much ethnically divided)
Ad 2., Therefore the SEC should get CIA or DHS to help them claim executive privilege, so that Bush Jr. government can trample upon the judicary's decision. It would be easy to claim this Dorozhenko or whatnot guy is in fact an FSB agent and the FISA would rubber-stamp the asset freeze. Then render the guy off ukranian sidewalk and have him turn up at Gitmo, not to be released until he tells every bit he knows about electronic banking security and its shortcomings in the USA. Use the info to strenghten systems. If non-cooperative, let the shark have a good dinner.
God bless America and please stop whining about the rights of godless communists turned crooks!
If he told the hacker to give back the money then he would also have to apply those same principles to congressmen who abuse things like carnivore, or those yakuza/mafia/russian mafia types who use DRM/backdoors for its real purpose; the hacker was simply joining the crowd.
The hacker had no duty not to use his foreknowledge for his own gain, so isn't covered until SEC regs. Let's face a few facts.
The SEC has changed its classification of the NYSE to a 'fast market' due to the high volume of trades that occur electronically ("day trades", "minute trades"). According to the WSJ, the new classification means that the SEC will be either looser with its regulation of that market or will be more relaxed in its pursuit of suspected offenders. They are far more concerned about the highly visible Enrons and M.Stewarts that "send a message" than they are about the average market trader, or the many thousands of small-time market crooks.
The first chairman of the SEC, Joseph Kennedy Sr., was one of wall street's original crooksters. Eventually it was he who decided what's a crime and how they should be punished. His grandson eventually came to run the country for some time. Even today, despite all of its formulaic shortcomings, the NYSE is regarded as "the world's fastest exchange of free capital". Though the same description applies to the world's leading money laundering networks and history's largest robbery sums, in the case of Wall Street it just means more money, faster. Wall Street, for all intents and purposes, is a much higher percentage of criminal activity than any outsider would comprehend, and it will probably always be that way, in the spirit of true capitalism.
Whether this person was from the Ukraine or not ultimately doesn't matter, but those saying that it does matter are in essence saying that Joe American could have done the same thing and it would have been less of an offense -- which is frankly true, though "less" in this case relative not to nationality but rather relative to the understanding that these people have of the prideworthiness of American capitalists overall; in other words, it's "less of an offense -- than they may think it really is".
Stealing and justifying it publically albeit subversively is how the protective-class system works. It's entirely what has America in its current mess. If we ever get back to the elitist-class system, then maybe we'll pull out of our current economic slump, but if the tide ever turns that way, we'll see a rise of the minority class of information brokers on the way there, and more public understanding of the value of information as a commodity -- just before it becomes something far too valuable for them to get their hands on (unlike today, where information comes relatively cheap, but most people simply don't know how to trade in it).
"Stratigraphically the origin of agriculture and thermonuclear destruction will appear essentially simultaneous" -- Lee