On December 20, 2021, the SEC[1] and DOJ[2] each announced fraud charges against five Russian nationals. The five defendants are charged with a multiyear scheme of hacking into service providers that help public companies make quarterly and annual filings with the SEC through the EDGAR filing system. By hacking the service providers, the defendants allegedly obtained material nonpublic information (MNPI) regarding earnings releases before those releases were made public. The defendants then allegedly traded ahead of the release of the MNPI, reaping profits of some $82 million in the process.
When the MNPI consisted of positive news, the defendants bought shares of the companies at issue. When the MNPI was negative, they sold shares of those companies short. The statistical odds that the defendants could have obtained these trading results through random chance is approximately one in one trillion, according to the SEC.
The defendants allegedly obtained unauthorized access to the service providers’ networks by using malicious infrastructure capable of harvesting employees’ usernames and passwords. Then they used stolen usernames and passwords to pose as employees and access the service providers’ information. They also tried to conceal their activities by leasing proxy computer networks outside of Russia and subscribing to email addresses and payment systems used in furtherance of the attacks in others’ names.
They also allegedly used multiple brokerage accounts to carry out their scheme. According to the SEC, from 2018 through 2020, the traders used 20 different brokerage accounts located in Denmark, the UK, Cyprus and Portugal to generate profits of at least $82 million using the stolen information to make trades before over 500 corporate earnings announcements.
One of the defendants, Ivan Ermakov, is a former officer in the GRU, a Russian military intelligence agency. This is not Ermakov’s first federal criminal indictment. He was charged in July 2018 for his alleged role in a hacking and influence scheme related to the 2016 U.S. elections. And he was charged in October 2018 for his alleged role in hacking and disinformation aimed at international anti-doping agencies, sporting federations, and anti-doping officials.
Another defendant, Vladislav Klyushin, was arrested in Switzerland in March of this year and extradited to the United States on December 18. The other four defendants remain at large.
The SEC’s charges include violations of the antifraud provisions of the federal securities laws. The SEC seeks disgorgement of their ill-gotten gains, civil penalties, and injunctions against further violations.
The criminal indictment charges the defendants with obtaining unauthorized access to computers, wire fraud, and securities fraud. They have also been charged with criminal conspiracy to engage in those prohibited acts. Each count of wire fraud and securities fraud carries a maximum sentence of 20 years in prison, along with restitution and forfeiture.