Hacker Could Keep Money from Insider Trading

Reservoir Hill brings us a New York Times story about a man who will be allowed to keep the money he gained through hacking into a computer system in order to gain early access to a company's earnings statement. From the Times: "On Oct. 17, 2007, someone hacked into a computer system that had information on an earnings announcement to be made by IMS Health a few hours later. Minutes after the breach of computer security, Mr. Dorozhko invested $41,671 in put options that would expire worthless three days later unless IMS shares plunged before that. The next morning the share price did plunge, and Mr. Dorozhko made his money by selling the puts. 'Dorozhko's alleged "stealing and trading" or "hacking and trading" does not amount to a violation' of securities laws, Judge Naomi Reice Buchwald of United States District Court ruled last month. Although he may have broken laws by stealing the information, the judge concluded, 'Dorozhko did not breach any fiduciary or similar duty "in connection with" the purchase or sale of a security.' She ordered the S.E.C. to let him have his profits."

Fair enough

[biocute]

It is stock market after all, nobody can guarantee the outcome even with insider news. What if the company suddenly decided to delay the announcement?

Re:Fair enough

[myth_of_sisyphus]

My brother works at a major pharmaceutical company. I was asking him recently about stocks and he said the following:

"I don't understand the stock market at all. We get a good FDA report and a promising drug is released, and the stock goes down. We kill 10 people and the stock goes up. Who the fuck knows?"

That opens the doors

[Alain+Williams]

Suppose I work for large corporate X, I know that the shares will move, so I tell my mate how to crack a machine to find something to support that view, he does so & invests appropriately and if caught just says he hacked a machine.

If he were to say that I told him, them we would have the book thrown at us ... but if he cracks a machine then all is OK

Stupid!

Re:That opens the doors

[debrain]

If he were to say that I told him, them we would have the book thrown at us ... but if he cracks a machine then all is OK Negatory - the ruling is that if you do not have insider information and hack into it, you are not in breach of any fiduciary duty, and therefore not subject to the penalties that insider traders are (whom are an especially heinous group of people, and whom we particularly want to deter by excess punishment).

If a mate hacks a machine based on insider information, both the informant and the hacker are breaching a fiduciary duty. They're more likely to get useful information, and more likely to cause serious harm to the financial system. In my opinion, we want to deter hacking based on insider information more than random hacking.

That's not to say the fellow should get to keep the money. That will only serve to encourage random hacking pointedly in the absence of (traceable) insider information. However, trading on insider information should result in more significant consequences.

Re:That opens the doors

Though the cracker may be able to keep his profits, it may not be for long, depending on what other laws apply. A law may apply that prevents profiting as a result of criminal activity. He is still likely to be charged and found guilty of crimes that won't allow him to keep the money.

Re:That opens the doors

[ucblockhead]

If you told him to crack the machine, then *that* is insider knowledge.

Re:That opens the doors

[unitron]

Won could make the argument that if he broke into the system, his access ...placed him in a trusted position...

Tell that argumentative Won guy that one who breaks into a system is pretty much de facto not trusted. :-)

Seems reasonable to me

[Anonymous+Brave+Guy]

The judge's ruling seems pretty reasonable to me. What the hacker did was not insider trading, because he was not an insider, so the various regulations governming insider trading should have been found not to apply here.

Of course, as the judge also noted, that doesn't mean he broke any other laws. A fine equal to the profit he made on the options plus the original cost of buying them in the first place plus the cost of security work to ensure the systems are no longer vulnerable, combined with a jail sentence equal to what would have been handed down to an insider who made the same deal, seem like a fair punishment for the hacking to me.

Re:Seems reasonable to me

[vertinox]

The judge's ruling seems pretty reasonable to me. What the hacker did was not insider trading, because he was not an insider, so the various regulations governming insider trading should have been found not to apply here.

I guess a good analogy would if you broke into someones home to read their wallstreet journal and then used their phone to make a call to your broker to make a trade.

Calling a broker to make the trade isn't the sticking point, but rather you broke into someone's home.

Re:Seems reasonable to me

[rjhubs]

I disagree. This ruling is very confusing to me. He traded with insider information which makes him guilty under a clause in US law called the Misappropriation theory

anyone who misappropriates (steals) information from their employer and trades on that information in any stock (not just the employer's stock) is guilty of insider trading

Can anyone explain why this wasn't the case?

Re:Seems reasonable to me

[PeterBrett]

I disagree. This ruling is very confusing to me. He traded with insider information which makes him guilty under a clause in US law called the Misappropriation theory

anyone who misappropriates (steals) information from their employer and trades on that information in any stock (not just the employer's stock) is guilty of insider trading

Can anyone explain why this wasn't the case?

You said it yourself, as highlighted above.

Re:Seems reasonable to me

[CajunArson]

If he got the information from the employee or from any other fiduciary of the company, that would be considered insider-trading under the "tipper" - "tippee" theory. The tipper has to be some insider (usually an employee) who gives information to the tippee (an outsider who would normally not be subject to insider trading rules). The main requirements IIRC are that the tippee actually has to know that the information is insider (non-publicly known) info, and know that the tipper is breaching his fiduciary duty in disclosing the information. This is a form of classical insider trading, as opposed to misappropriation theory that the Gov. was probably trying to pin on the defendant in this case.

Shortly after that

[GammaKitsune]

Of course he was welcome, they told him, welcome to the money. And he was going to need it. Because- still smiling- they were going to make sure he never worked again.

Re:Shortly after that

[pipatron]

I got it! I got it! Neuromancer, William Gibson, 1984!

Where's my prize?

Well slow down here

[Sycraft-fu]

He *may* get to keep it. Basically what has happened is that the courts have ruled that the SEC can't take away his money, because what he did isn't insider trading. Remember that the SEC just regulates stock trading. So since this isn't insider trading, they don't have the authority to seize his funds.

However, he still could lose them. If the government tries and convicts him of a crime for actually hacking in to the system, then the money can be taken. You aren't allowed to profit from crimes, and as such the government can seize assets you gained through crime. So, if they manage to convict him of breaking in to the systems, the money he made in the trades will be fair game since it was a result of the break in.

However at this time he's not been charged, so that isn't on the table yet. However that doesn't mean this ruling says you get to keep your money no matter what in a case like this. It just means that it doesn't quality as insider trading so the SEC can't take it.

A similar case would be something like robbing a bank and then using the money to make more in the stock market. Even though the money was stolen, it isn't a violation of securities laws, so the SEC couldn't take it from you. However if you get convicted of robbery, the court could then seize the profits you got from that crime.

Re:Well slow down here

[Jah-Wren+Ryel]

exactly, although if they had a case against him for hacking, it would seem they would have used that already as a slam-dunk case. I would really like to hear the details of "hack" - sounds like it might have been one of those where he just twiddled the URL based on the format of already "public" URLs. IMO, that should not count as illegal hacking, its so trivial, obvious and common practice.

Re:Well slow down here

Umm... except that he's UKRAINIAN. Did anyone read the whole article? The DoJ isn't pursuing him because they perceive it to be fairly difficult to extradite from ex-Soviet bloc nations, especially on a hacking charge. Russian & Ukrainian crackers are frequently ID's violating US electronic theft and data tampering laws (mostly because we make it so easy for them, but, I suspect also because they make so much money doing it), and have been notoriously hard to prosecute. So, good luck on that one.

I'm thinking the guy's hard day doesn't come when we haul him off to an American jail. Rather, it happens real soon, now that the Ukrainian mafia knows he has nearly $300 grand...

Troll?

[an.echte.trilingue]

I have some karma to burn, so I am going to go off topic / troll here.

Will whoever modded the parent a troll please share his or her logic? I will admit that it is not brilliant, so offtopic, maybe, overrated, maybe, but troll? That's just an insult. Personally, I am happy to see a first post that is not an AC "fp bitches!" and I think the effort should be rewarded.

I meta moderate about every other day, and I almost always rate the troll mods as "unfair". I don't know if this has any effect, but just so you know.

Re:Troll?

[Main+Gauche]

"Will whoever modded the parent a troll please share his or her logic?"

I did not/would not have modded him troll, but I can guess the simple logic at doing so.

He appears to have the all-too-common opinion that there is no such thing as a profitable but risky opportunity. I teach intro probability and decision making (among other things), and you would not believe how many people reason that, if there is uncertainty, it's "impossible" to make a good decision. The reasoning is "Well, since something bad might happen, you might end up regretting your decision." Ugh. Those are people for whom "probability", "expected value", etc., will forever remain magical, abstract terms with no application in the real world.

Before my rant goes too far off topic, back to the GP, who said:

"It is stock market after all, nobody can guarantee the outcome even with insider news."

So insider information should be ok?! After all, "there are no guarantees"?! Nonsense! And I can imagine there being at least a few mods who would consider it so obvious that this is nonsense, that they modded him troll, thinking there could be no other excuse.

Now I'm the one wondering how he got so many insightful mods!

Re:Troll?

[Miseph]

See, I read it a different way altogether: the hacker was neither an employee nor a friend of an employee at the firm, and therefore [i]could not have committed insider trading[/i]. Keep in mind that the decision in question applied only to the SEC's attempt to confiscate his money for that particular crime, which he was technically unable to commit, but not to any other financial or computer crimes he may have committed. The FBI and Secret service will almost certainly find a way to confiscate everything he owns. It also does nothing to shield him from the company suing for damages related to the security breech, although they only get a crack after the agencies mentioned earlier, so there's a good chance they couldn't get anything even if they tried.

The point being that, while he clearly had solid and profitable information, he obtained it in a way that, theoretically, any outsider could have and that did not fit the definition of insider trading as currently used. He also couldn't have known if, perhaps, he had accidentally found an inaccurate draft report or if the press conference wherein the report was to be released would be delayed.

I'm inclined to say

[evanbd]

That this is actually quite appropriate. Since he didn't have any fiduciary duty, the SEC shouldn't take his money away. That said, since it's profit from an illegal act, I would hope that the money would be taken away -- if and when he is convicted for the crime of stealing the data.

Too often in this country we seem to be throwing every law available at people and making up new ones to go with them, when the acts we're trying to punish are already illegal. If he didn't break securities laws, he shouldn't be punished under them. Since he did (we assume, but it hasn't yet been proven) break unauthorized access laws, he should be punished under those.

We don't need more laws against things that are already illegal, and we don't need to make a mockery of existing laws by applying them to things they don't apply to. On a related note, why do we need separate "identity theft" and "atm card fraud" laws, when anyone being charged with them is already also being charged with uttering false instruments and fraud? Our legal code needs to be smaller and simpler; making it so would make it more effective and efficient, not less.

Re:I'm inclined to say

[kpansky]

The more corrupt the republic, the more numerous the laws. ~Tacitus, Annals

Re:why buy shares unless you know something ...

[pla]

why buy shares unless you know something ... that others don't?

Well, dividend-paying stocks give you a regular return - As long as you feel fairly confident that the company won't go under, you'll make a hell of a lot more than you would leaving the money in your savings account (and if you chose well and occasionally reallocate your portfolio, without requiring otherwise-unknown data, you can do a good bit better than a CD or even investment-grade bonds.



you're effectively just making a bet - you might as well buy a lottery ticket.

In many cases, you have it correct - With two (obvious) exceptions.

First, the market as a whole tends to go up or down for long periods at a time. If, in a bull market, you buy something reasonably big and safe (or better, ETFs covering the most bullish segments), your investment will tend to grow; If, in a recession, you short the same (and again, ETFs exist that will let you do that without the hassle and risk of actually holding a short position), you will make money, on average.

Second, unlike a lottery ticket, playing the market very rarely counts as an all-or-nothing bet. You may lose money on a given trade, but with some care (and the magic of trailing stops) you can limit your losses while allowing your gains to grow unbounded - Kinda like a $1 lottery ticket with a minimum payment of $0.95.

If not for those two facts, your 401k would also amount to nothing more than a lottery ticket - Though since July, some people might have started considering it just that. ;-)

Re:Buying high, selling low, making money how?

He bought options, specifically puts, which are options to sell at a specified price called the strike. Suppose a stock is trading around $10. If I buy puts with a stike of $7.50, and the stock falls to $5, then I can buy stock at $5 and exercise my puts to sell at $7.50, netting a profit of $2.50/share.

Re:Buying high, selling low, making money how?

[Ihlosi]

He was buying,

He was not buying the shares, he way buying put options, which basically give you the right to sell ("put") the shares at a predetermined price. If the share price suddenly drops, you can make money by just buying the shares on the open market and exercising your put options (which give you a fixed selling price that is now higher than what you're paying for the shares on the stock market). Alternatively, you can just sell the options themselves, which is less of a hassle.

Welcome to securities 101.

Re:Buying high, selling low, making money how?

[blasterz]

He didn't buy stock, he bought put options and exercised them.

Here's how they work, more or less:

Stock A is currently selling for $100 per share. A trader a couple of months ago felt confident that the stock would never drop below $80 per share, so he sold put options - guarantees that he would buy the stock from you at a given price - in this case $80 - for a given date. If the price of the stock remains at $100/share, the options will be worthless, because owning shares valued at $100 there's no way I will sell them for $80. However, if the stock price drops to $60, I'd be more than happy to sell for $80/share. The person selling the options has no choice - if I come to him with the contract, he has to buy them at $80/share.

Those options can be traded up to the exercise date. So I buy them three days before the exercise date at a low price, as no one expects the stock to drop that much - the options themselves are worthless. I know the stock will plummet; I buy up all the options I can afford - let's say a buck a pop. Stock price is $60, suddenly those options are worth $20 apiece - difference between the market price and what the trader is obligated to pay.

Re:Buying high, selling low, making money how?

[Flavio]

If the put option expires and the price is >= $90, then he loses money, because he now has to buy the stock for the "seller" of the put option for more than he payed for the contract.

He only loses the money he paid for the contract. In this case he'll just let the option expire and not exercise it. This is an OPTION, so he's not obligated to sell for $90.

Profits, yes, however:

[Duncan+Blackthorne]

So a judge let him have his ill-gotten gains. He still broke into computer systems to gain the information he used in this exploit. What's to stop a criminal judge from prosecuting him for that, sending him to jail, and fining him all the profits he made on this plus what he invested in the first place plus some on top of that to drive the point home?

Re:Profits, yes, however:

[Lehk228]

because judges don't usually just get to pull numbers out of their ass when fining or pull convictions out of their ass without a jury decision.

By definition, you are an insider if you have...

[mexicanpizza]

...any "material, non-public information".

As soon as he has the info, he cannot trade on it as he is an insider. Simple.

The judge is an idiot.

Re:Proceeds of crime bill ?!

[dq5+studios]

Probably, but he's in the Ukraine. The SEC not releasing his money for insider trading wouldn't require the support of the Ukraine government, prosecuting him for hacking would.

Re:Fruit of a poisoned tree?

[Todd+Knarr]

Yes, the prosecutors messed up. They charged him with insider trading, which has a very specific definition under the law. In this case the guy doesn't meet any of the requirements to be an insider under the rules. What got him off is probably that he had no help from anyone who was an insider. That's actually a deliberate "loophole" in the law so that, for example, if the CFO is dumb and leaves a copy of his company's next quarterly report on the table at a restaurant a week before it's due to be published, the regular joe who picks it up, notices that the company's earnings have tanked and sells his stock before the rest of the market finds out can't be prosecuted as an insider (unless the regulators can prove some collusion between him and the CFO).

Of course, that aside, the guy's breaking into the computers is a crime, and he can and should be prosecuted for that. But if the prosecutors charged him with something he didn't do, then the charges should properly be thrown out.

And yes, the legal system should be picky about definitions like that. It serves nobody's interests for the courts to begin going "Well, you didn't actually do what you were charged with. But that's OK, since you did something else illegal we'll convict you of what you didn't do anyway.".