London brokering firms used in newswire cyber hacking case

US court papers show accounts at City of London firms held by insider traders

Click to follow
The Independent Online

UK share brokers were allegedly used by a cyber hacking and insider trading ring to make more than $20 million in illegal profits, court documents reveal.

Five US-based traders were arrested when Securities and Exchange Commission investigators smashed what they described as one of the most sophisticated insider trading rings ever seen.

The traders allegedly paid Ukrainian computer hackers to break in and steal price sensitive confidential information about scores of publicly-listed companies. They then used the information to trade shares and other securities reaping them profits of more than $100m over a five year period according to the US indictment. The shares of companies including Caterpillar and computer giants Oracle and Hewlett-Packard were among those targeted, according to the documents.

Trading accounts at London-based firms Cantor Fitzgerald Europe, GFT UK Global Markets and ADM Investor Services ltd were used to rake in the alleged conspirators more than $20m profits according to the Securities and Exchange Commission (SEC). Several US brokerage firms were also involved. The UK and US brokers were unwittingly involved in the alleged conspiracy and are not accused of any wrongdoing.

The scheme was “unprecedented in terms of the scope of the hacking, the numbers of traders, the numbers of securities traded and the profits generated,” according to SEC chair Mary Jo White.

The hackers allegedly infiltrated the computer servers of three companies – Business Wire, PR Newswire and Marketwired – which issue thousands of corporate press releases worldwide every day.

By hacking the servers of all three companies they were able to access press releases prior to their publication and then trade on the information before it was revealed to the rest of the world. Many of the stolen releases contained vital data about quarterly and annual earnings as well as key mergers and acquisition information.

US officials identified Ukrainians Ivan Turchynov and Oleksandr Eremenko as the key figures in the hacking operation. Neither Eremenko, 23, or Turchynov, 28, who are both based in Kiev, have been arrested. The SEC claimed the two men hid their identities behind multiple email accounts, online “handles” and a variety of aliases.

According to the SEC they used malware, phishing as well as stealing passwords to gain access to the newswire computers and steal the information. The first hacks took place in 2010 and continued until May this year. US investigators estimate that more than 100,000 press releases were stolen during this time.

The information gathered by the hackers proved enormously valuable according to the SEC. One trade alone involving construction equipment maker Caterpillar netted them $1m in 2012. So successful was the scheme the hackers advertised their skills via an online video.

According to court documents the two men were sometimes paid a share of the profits and were even given access to brokerage accounts so they could monitor the trading and double-check they received their correct cut of the profits.

At times they had a tiny window to steal and exploit price sensitive information from the computers. In May 2013, 10 minutes after a company sent one newswire company a confidential press release announcing it was revising its earnings downwards, traders allegedly working with the hackers began selling its shares short as well as contracts for difference. The operation reaped the traders more than $500,000 when the share price fell as the release became public knowledge.

Traders are said to have drawn up a “wish-list” of company press releases for the hackers to steal and accordingly bought and sold shares on the information obtained.

Emails uncovered by prosecutors revealed that in 2012 traders could typically make $50,000 profit a month. Traders in Russia, Ukraine, Malta, Cyprus, France and the US are said to have used the hacked information. The profits were funnelled back to the hackers and the traders through a series of offshore firms based in Bermuda, the Caymans and the British Virgin Islands. Records show that many of the firms, which purport to be hedge funds, share employees and often traded on the same stolen releases in unison.

Investigators said one Bahamian-registered company, Bering Explorer Fund ltd, which operated from Moscow, made $6.6m profits through the hacked information, using London brokerages.

The SEC said they used “innovative analytical tools” to identify the suspicious trading patterns. Andrew Ceresney, the SEC’s Enforcement chief, said: “This cyber hacking scheme is one of the most intricate and sophisticated trading rings we have ever seen, spanning the globe and involving dozens of individuals and entities.”

US Justice officials said the hacked companies frequently detected the hacking attacks and either successfully resisted them or subsequently expelled the intrusions. The three companies said they were co-operating with prosecutors and were examining their security systems.