32 charged over 'insider trading hack' scheme
- 11 August 2015
- From the section Technology
US authorities have now charged 32 members of an alleged international hacking and insider trading ring.
The group, operating in the US and Ukraine, allegedly netted more than $100m (£64m) in illegal profits.
Nine members had already been charged by district attorneys in New York and New Jersey.
Hackers are accused of accessing data being processed by financial "wires" in order to obtain information about companies before it was made public.
The information was then used to buy and sell shares, according to indictments.
The total of 32 fraud charges was made by the Securities and Exchange Commission (SEC) and relate to individuals in several countries including the US, Russia, Ukraine, France and Cyprus.
"This international scheme is unprecedented in terms of the scope of the hacking, the number of traders, the number of securities traded and profits generated," said Securities and Exchange Commission Chair Mary Jo White, in a statement.
The New Jersey filing reported that the ring allegedly made over $30m in illegal profits, but the SEC's announcement brings that figure to more than $100m.
Five individuals have been arrested and are in custody in the United States, an FBI spokeswoman confirmed.
The releases were allegedly accessed on the servers of financial wire firms Business Wire, Marketwired and PR Newswire.
In the indictment filed at the district court of New Jersey, prosecutors alleged that "the defendants accessed more than 150,000 stolen releases and executed profitable trades based on the material nonpublic information contained in the stolen releases".
The New Jersey indictment also includes allegations of malware covertly installed on PR Newswire's servers and of login details stolen from Business Wire.
A statement from the FBI noted there were at least 1,000 alleged insider trades over the course of three years.
In its statement, the SEC said that on one occasion members of the ring allegedly traded on shares just 10 minutes after a wire company received financial news from one of its clients and before the news was made public.
This move alone was said to have resulted in over half a million dollars in profits.
In a statement, Business Wire said it was working closely with the US Department of Justice and had hired a cybersecurity firm to conduct "additional forensic testing" of the company's systems.
"We devote substantial resources annually to security, including multiple security audits by leading industry consultants," said chief executive Cathy Baron Tamraz,
"Despite extreme vigilance and commitment, recent events illustrate that no one is immune to the highly sophisticated illegal cyber-intrusions that are plaguing every aspect of our society."
"Now we're seeing the actual detection of this activity by law enforcement being able to bring it to light," she said.
"Law enforcement may be getting a little more savvy than they were in the past and detecting this a little more often."
A spokesman for Marketwired added: "Protecting our customers' information is one of our highest priorities. We found and fixed the issue at the heart of this matter and we are confident that Marketwired is protected by world-class security, monitoring and prevention practices."
Hacking attacks related to insider trading are difficult to spot, explained FireEye's threat intelligence manager Laura Galante, but authorities are beginning to crack down on such activity.