Hackers Broke Into An SEC Database and Made Millions From Inside Information, Says DOJ

Federal prosecutors unveiled charges in an international stock-trading scheme that involved hacking into the Securities and Exchange Commission's EDGAR corporate filing system. "The scheme allegedly netted $4.1 million for fraudsters from the U.S., Russia and Ukraine," reports CNBC. "Using 157 corporate earnings announcements, the group was able to execute trades on material nonpublic information. Most of those filings were 'test filings,' which corporations upload to the SEC's website." From the report: The scheme involves seven individuals and operated from May to at least October 2016. Prosecutors said the traders were part of the same group that previously hacked into newswire services. Carpenito, in a press conference Tuesday, said the thefts included thousands of valuable, private business documents. "After hacking into the EDGAR system they stole drafts of [these] reports before the information was disseminated to the general public," he said.

Those documents included quarterly earnings, mergers and acquisitions plans and other sensitive news, and the criminals were able to view it before it was released as a public filing, thus affecting the individual companies' stock prices. The alleged hackers executed trades on the reports and also sold them to other illicit traders. One inside trader made $270,000 in a single day, according to Carpenito. The hackers used malicious software sent via email to SEC employees. Then, after planting the software on the SEC computers, they sent the information they were able to gather from the EDGAR system to servers in Lithuania, where they either used it or distributed the data to other criminals, Carpenito said.

My data, my way.

So this is where we get to put forth a lawsuit to establish legal president for the liability organizations have when collecting and holding onto user data who then lose that data to theft, right?

Anyone can collect any amount of info on me they want. If they lose it, it puts my wellbeing in jeopardy, so I should have the right (/responsibility) to sue them for every penny they have.

Re:My data, my way.

[FormOfActionBanana]

Mildly interesting, but what does your point have to do with EDGAR or Lithuania?

Shareholders

[UperPoti]

Will get nothing from this and continue to bear the cost of public price discovery except for the institutional traders that do not use the public exchanges.

Re:Shareholders

[UperPoti]

The criminals and profits in Russia are not seizable and given the public prosecution will likely never appear in an extraditable country. If the feds were serious, then they should have fixed the problem at the SEC and arrested and seized the criminals under sealed court orders and only announce the case details after that was complete. The SEC has not learned the lesson and does not need to continue to have a database with the Social Security numbers, dates of birth, and other personal details of all traders that is just waiting to be abused.

Re:Shareholders

[rtb61]

Who is saying SEC agents have not learned their lessons, they probably have learned them all to well, there are many organised crime groups who are more than willing to pay for network security information, millions to be made and bribes in the tens of thousands.

So the US controls the Ukraine but there is no extradition treaty with the Ukraine, what the fuck is going on there, you send them weapons and don't at least get criminals in return what kind of fucking idiots are you. Successful phishing attacks, hmm, pay me fifty thousand dollars and I also would also be tempted to click the email, whoopsie.

It's called parrallel networks, an external communications one and an internal data one. Traffic only travels from the external to the internal, via operator data input or as actual data transfer in the data security office by a data security officer. Otherwise expect people to make mistake on purpose when they are pay tens of thousands of dollars to do so.

Did they start in orange juice futures?

[Walter+White]

Manipulating the futures market on the morning when the report was to be released by providing a fake report to a competitor. And in the process ruining Mortimer and Randolph Duke.

THESE are the cryptocurrency gatekeepers?! HA!

The SEC can't even safeguard and regulate what they've already got. And for some reason, everyone's waiting with baited breath for this same group of morons to provide regulations around cryptocurrency. These people are a joke, and the reason cryptocurrency was created; to bypass the power brokers who are as fallible and/or corrupt as everyone else, who through their continual ineptitude, prop the financial systems up like the precarious house of cards they are.

There is an easier way

[chispito]

Short the stock on a company, then reveal you--I mean, someone--hacked them. Rinse repeat. You can even do it legally. Well, maybe wait until the lawsuit plays out first before trying that maneuver.

EDGAR... Seen that system before...

[ClarkMills]

https://youtu.be/rcLcxAwdjmo?t=5040

Impressive

[jpaine619]

Gotta admit, it's a pretty impressive scheme. Probably going to be low priority for law enforcement since the victims are mostly just faceless bank accounts, retirement funds, and related financial instruments.

Re:Impressive

[FormOfActionBanana]

What I don't get it how could you have this access, and only make $4M? Only RTFS but it doesn't seem to connect. Unless they were purposely holding back on the amounts to avoid getting caught.

Re:Impressive

[jpaine619]

Maybe they didn't have sufficient start up capital to leverage the data effectively.

Very good point... The data just says which stocks to buy.. It doesn't provide you with the money you need to buy the stocks initially and most of the stocks probably aren't swinging around wildly.. A few points in one direction or the other, I would guess, after this SEC stored data was made public.. I suppose it's possible that some stocks could generate significant profits, but that's if you can afford to buy enough of them initially..

Re:Impressive

[DarkOx]

Well if you have insider info than you'd be pretty safe buying with margin. So you could leverage your brokers money to an extent. Even E-Trade will let you buy on margin. However you have to have a sizeable set of funds or securities holding in the account before you will be extended to much credit.

That said even starting with only 5 or 10K I would think you could with solid insider data on lots of companies blow that up to a good chunk of changes by the end of earnings season.

Re:Impressive

[jbmartin6]

They were probably trying to avoid tipping their hand. Repeated huge wins like that would set off a lot of alarms. That's how the same group was caught before hacking newswire services.

Re: The SEC's bizarre focus on insider trading

[jpaine619]

Literally the worst behavior eh?

I'd argue murder is literally worse than stealing money via insider trading, but then again I know what the fucking word literally means.... *shrug*

Law makers

[NewYork]

And Insider trading is not illegal to Law makers;
http://cnbc.com/id/43471561

Re:Law makers

[jbmartin6]

It is now.

The STOCK Act is an original bill to prohibit members of Congress and employees of Congress from using private information derived from their official positions for personal benefit, and for other purposes. With this bill in place, members of Congress are no longer allowed to use information garnered through official business for personal reasons. The Stop Trading on Congressional Knowledge (STOCK) Act prohibits members and employees of Congress from using "any nonpublic information derived from the individual's position ... or gained from performance of the individual's duties, for personal benefit".

Re:The SEC's bizarre focus on insider trading

[FormOfActionBanana]

Troll, write in English. WTF?

Re:US pols are allowed to LEGALLY inside trade

[FormOfActionBanana]

Russian trolls, you are tempting me to filter AC posts entirely.

Re:US pols are allowed to LEGALLY inside trade

[FormOfActionBanana]

Oh interesting, there is something to this but it is not exactly insider trading.
https://www.cnbc.com/id/434715...

Government allows itself insider trading

[3seas]

learn of trillion dollar bet of 90's draining southeast Asia economies leading to 9/11 coverup of SEC investigation of bet, war on Iraq distractions & wave of world economic fails we're still dealing w/ today. Who's in jail for it? Nobody! Gov allows itself insider trading.

Re:Government allows itself insider trading

[3seas]

Oh yeah, what did come out of the Trillion dollar bet besides losers in the bet such as Enron, Worldcome, and more, anthrax threats to the MSM employees to keep quiet about it and the creation of the G20 summit. Go figure.Think about the story above, who is allowed by government to manipulate the world economies via world stockmarket wrongful manipulation.

Kinda slim profits there

[Headw1nd]

I would imagine that hacking the SEC for this kind of info could net you more than 4.1 million. Seems like these hackers either lacked vision, or investigators didn't uncover their real game.