Skip to main content
Press Release

Trader Pleads Guilty To Largest Known Computer Hacking And Securities Fraud Scheme

For Immediate Release
U.S. Attorney's Office, District of New Jersey
More Than 150,000 Press Releases Stolen from Three Major Newswire Companies, Used to Generate Approximately $30 Million in Illegal Trading Profits

NEWARK, N.J. – Igor Dubovoy, 28, Alpharetta, Georgia, today admitted his role in an international scheme to hack into three business newswires and steal yet-to-be published press releases containing non-public financial information that was then used to make trades that allegedly generated approximately $30 million in illegal profits, New Jersey U.S. Attorney Paul J. Fishman announced.           

Igor Dubovoy pleaded guilty before U.S. District Judge Madeline Cox Arleo to Count One of an indictment charging him with conspiracy to commit wire fraud. He was arrested on Aug. 11, 2015, in connection with a federal indictment brought by the District of New Jersey (DNJ) charging five individuals – two computer hackers and three securities traders – in a large-scale, international conspiracy to hack and steal press releases containing confidential nonpublic financial information relating to hundreds of companies traded on the NASDAQ and NYSE from three newswires.

In addition to Igor Dubovoy, the 23-count DNJ indictment charges Ivan Turchynov, 27, Oleksandr Ieremenko, 24, and Pavel Dubovoy, 32, all of Ukraine, and Arkadiy Dubovoy, of Alpharetta, Georgia. The defendants are all charged with wire fraud conspiracy, securities fraud conspiracy, wire fraud, securities fraud, and money laundering conspiracy.  Additionally, Ivan Turchynov and Oleksandr Ieremenko are charged with computer fraud conspiracy, computer fraud, and aggravated identity theft.

The Eastern District of New York (EDNY), in a related indictment charged four securities traders: Vitaly Korchevsky, 50, of Glen Mills, Pennsylvania, Vladislav Khalupsky, 45, of Brooklyn, New York and Odessa, Ukraine, Leonid Momotok, 47, of Suwanee, Georgia, and Alexander Garkusha, 47, of Cummings and Alpharetta, Georgia. The EDNY defendants are charged with wire fraud conspiracy, securities fraud conspiracy, securities fraud, and money laundering conspiracy.  On Dec. 21, 2015, Alexander Garkusha pleaded guilty to Count One of the EDNY indictment, charging him with conspiracy to commit wire fraud.

According to documents filed in this case and statements made in court:

Between February 2010 and August 2015, Turchynov and Ieremenko, computer hackers based in Ukraine, gained unauthorized access into the computer networks of Marketwired L.P. (Marketwired), PR Newswire Association LLC (PRN), and Business Wire.  They used a series of targeted cyber-attacks, including “phishing” attacks and SQL injection attacks, to gain access to the computer networks. The hackers moved through the computer networks and stole press releases about upcoming announcements by public companies concerning earnings, gross margins, revenues, and other confidential and material financial information.

At one point, one of the hackers sent an online chat message in Russian to another individual stating, “I’m hacking prnewswire.com.”  In another online chat, Ieremenko told Turchynov that he had compromised the log-in credentials of 15 Business Wire employees.

The hackers shared the stolen releases with the traders using overseas computer servers that they controlled. In a series of emails, the hackers even shared “instructions” on how to access and use the overseas server where they shared the stolen releases with the traders, and the access credentials and instructions were distributed amongst the traders.  In an email, which was sent by one of the traders, the instructions for accessing the overseas server suggested that users conceal their Internet Protocol address when accessing the server as a precaution to avoid detection.  For traders created “shopping lists” or “wish lists” for the hackers listing desired upcoming press releases for publicly traded companies from Marketwired and PRN for publicly traded companies.  Trading data obtained over the course of the investigation showed that, after the shopping list was sent, the traders and others traded ahead of several of the press releases listed on it. 

The traders generally traded ahead of the public distribution of the stolen releases, and their trading activities shadowed the hackers’ capabilities to exfiltrate stolen press releases. In order to execute their trades before the releases were made public, the traders sometimes had to execute trades in extremely short windows of time between when the hackers illegally accessed and shared the releases and when the press releases were disseminated to the public by the newswires, usually shortly after the close of the markets.  Frequently, all of this activity occurred on the same day.  Thus, the trading data often showed a flurry of trading activity around a stolen press release just prior to its public release.

The traders traded on stolen press releases containing material nonpublic information about the following publicly traded companies that included, among hundreds of others: Align Technology, Inc.; Caterpillar Inc.; Hewlett Packard; Home Depot; Panera Bread Co.; and Verisign, Inc.

The traders paid the hackers for access to the overseas servers based, in part, on a percentage of the money the traders made from their illegal trading activities. The hackers and traders used foreign shell companies to share in the illegal trading profits. 

At today’s plea hearing, Igor Dubovoy admitted that when he and others purchased stolen press releases from the computer hackers operating in Ukraine, he knew they contained earnings announcements for publicly trading companies that had not yet been made public. Igor Dubovoy also admitted that he sent the releases to Korchevsky so that he could review them and determine which trades would be profitable based on the stolen material information.

Based on Korchevsky’s recommendations, Igor Dubovoy then executed trades using a number of different brokerage accounts in his name and in Arkadiy Dubovoy’s name, as well as any entities they owned. He also admitted that he provided the hackers with access to at least one trading account held by Arkadiy Dubovoy so that they could confirm how much money was being made from the stolen information. According to Igor Dubovoy, the hackers were paid 50 percent of any profits made in the stock market based on the stolen press releases they provided.

The maximum potential penalties for Count One, conspiracy to commit wire fraud, is 20 years in prison and a fine of $250,000 or twice the gross gain or loss from the offense.

U.S. Attorney Fishman credited the special agents of the U.S. Secret Service, Criminal Investigations Division, under the direction of Director Joseph P. Clancy, and special agents from the Newark Field Office, under the direction of Acting Special Agent in Charge Kenneth Pleasant, with the ongoing investigation leading to today’s plea.

The government is represented by Assistant U.S. Attorneys Andrew S. Pak, Daniel Shapiro, David M. Eskew, and Nicholas Grippo of the Economic Crimes Unit, Computer Hacking & Intellectual Property Section, Assistant U.S. Attorney Svetlana M. Eisenberg of the General Crimes Unit, and Assistant U.S. Attorney Sarah Devlin of the Asset Forfeiture and Money Laundering Unit.

Defense counsel: Lawrence S. Lustberg, Esq., Mary Frances Palisano, Esq., Gibbons PC

Updated January 20, 2016

Topic
Cybercrime
Press Release Number: 16-024