REUTERS/Brendan McDermid
The scheme ran from 2010 to 2015 and generated over $30 million (£20.8 million) in illegal profits, according to the US Attorney's Office in New Jersey.
So far 32 people have been charged in connection with the global scheme, which involved hacking into three business newswires, stealing up to 150,000 yet-to-be published press releases containing non-public financial information, and using the information to trade on the stock markets.
The hackers broke into the networks of Marketwired L.P. (Marketwired), PR Newswire Association LLC (PRN), and Business Wire. Once inside the networks, the hackers had access to unpublished press releases for hundreds of companies traded on the NASDAQ and NYSE. They took this confidential information and passed it on to traders who capitalised on it for their own financial gain.
Of the 150,000 news releases the hackers gained access to, 800 were used to make trades, according to the BBC.
Iermolovych and other Ukrainian citizens thought to have participated in the hacking passed the information in the press releases to traders in the US before the information was made public. The traders would then trade on that information.
The US Department of Justice explains how the insider trading scheme worked:
They used a series of targeted cyberattacks, including "phishing" attacks and SQL injection attacks, to gain access to the computer networks. The hackers moved through the computer networks and stole press releases about upcoming announcements by public companies concerning earnings, gross margins, revenues, and other confidential and material information. The hackers shared the stolen releases with the traders using overseas computer servers that they controlled.
In a series of emails, the hackers even shared "instructions" on how to access and use the overseas server where they shared the stolen releases with the traders, and the access credentials and instructions were distributed amongst the traders.
In an email, which was sent by one of the traders, the instructions for accessing the overseas server suggested that users conceal their Internet Protocol address when accessing the server as a precaution to avoid detection. The traders created "shopping lists" or "wish lists" for the hackers listing desired upcoming press releases for publicly traded companies from Marketwired and PRN. Trading data obtained over the course of the investigation showed that, after the shopping list was sent, the traders and others traded ahead of several of the press releases listed on it.
The traders generally traded ahead of the public distribution of the stolen releases, and their trading activities shadowed the hackers' capabilities to exfiltrate stolen press releases. In order to execute their trades before the releases were made public, the traders sometimes had to execute trades in extremely short windows of time between when the hackers illegally accessed and shared the releases and when the press releases were disseminated to the public by the newswires, usually shortly after the close of the markets.Frequently, all of this activity occurred on the same day. Thus, the trading data often showed a flurry of trading activity around a stolen press release just prior to its public release.
The traders paid the hackers for access to the overseas servers based, in part, on a percentage of the money the traders made from their illegal trading activities. The hackers and traders used foreign shell companies to share in the illegal trading profits.
The traders illegally traded on Hewlett Packard, Home Depot, Verisign, Caterpillar, and hundreds of others.
Iermolovych pleaded guilty to US District Judge Madeline Cox Arleo on three counts: conspiracy to commit wire fraud, conspiracy to commit computer hacking, and aggravated identity theft. He will be sentenced in August and could face up to 20 years in jail.
Ivan Turchynov, 28, Oleksandr Ieremenko, 24, and Pavel Dubovoy, 33, all of Ukraine, were also charged, as were Arkadiy Dubovoy, 51, and Igor Dubovoy, 29, of Alpharetta, Georgia.