Georgia Trader Pleads Guilty To Largest Known Computer Hacking And Securities Fraud Scheme

More Than 150,000 Press Releases Stolen from Three Major Newswire Companies, Used to Generate Approximately $30 Million in Illegal Trading Profits

NEWARK, N.J. – Arkadiy Dubovoy, 51, of Alpharetta, Georgia, today admitted his role in an international scheme to hack into three business newswires and steal yet-to-be published press releases containing non-public financial information that was then used to make trades that allegedly generated approximately $30 million in illegal profits, New Jersey U.S. Attorney Paul J. Fishman announced.

Arkadiy Dubovoy pleaded guilty before U.S. District Judge Madeline Cox Arleo to Count One of an indictment charging him with conspiracy to commit wire fraud. He was arrested on Aug. 11, 2015, in connection with a federal indictment brought by the District of New Jersey charging five individuals – two computer hackers and three securities traders – in a large-scale, international conspiracy to hack and steal press releases containing confidential nonpublic financial information relating to hundreds of companies traded on the NASDAQ and NYSE from three newswires.

“Today, another defendant pleads guilty to his role in an international plot to loot non-public press releases from three major newswire companies and exploit them for millions in illicit proceeds,” U.S. Attorney Fishman said. “The conviction of Arkadiy Dubovoy, who admitted trading on the stolen information and splitting the profits with hackers in Ukraine, was made possible by the hardworking prosecutors and agents who unraveled this unprecedented scheme.”

“For more than three decades, the Secret Service has been a leader in investigating cybercrimes and protecting the U.S. financial infrastructure,” Joseph P. Clancy, Director of the U.S. Secret Service, said.  “This case embodies a vital part of the agency’s integrated mission and the success that we have achieved in investigating these highly complex crimes. There will always be inherent challenges in investigating cybercrime, but the Secret Service is committed to working with our law enforcement and global partners to safeguard the Nation’s financial infrastructure.”

In addition to Arkadiy Dubovoy, the 23-count New Jersey federal indictment charges Ivan Turchynov, 27, Oleksandr Ieremenko, 24, and Pavel Dubovoy, 32, all of Ukraine, and Igor Dubovoy, 28, of Alpharetta, Georgia. The defendants are all charged with wire fraud conspiracy, securities fraud conspiracy, wire fraud, securities fraud, and money laundering conspiracy. Additionally, Ivan Turchynov and Oleksandr Ieremenko are charged with computer fraud conspiracy, computer fraud, and aggravated identity theft. Igor Dubovoy pleaded guilty to his role on Jan. 20, 2016.

The U.S. Attorney’s Office for the Eastern District of New York (EDNY), in a related indictment charged four securities traders: Vitaly Korchevsky, 50, of Glen Mills, Pennsylvania, Vladislav Khalupsky, 45, of Brooklyn, New York and Odessa, Ukraine, Leonid Momotok, 47, of Suwanee, Georgia, and Alexander Garkusha, 47, of Cummings and Alpharetta, Georgia. The EDNY defendants are charged with wire fraud conspiracy, securities fraud conspiracy, securities fraud, and money laundering conspiracy.  On Dec. 21, 2015, Alexander Garkusha pleaded guilty to Count One of the EDNY indictment charging him with conspiracy to commit wire fraud.

According to documents filed in this case and statements made in court:

Between February 2010 and August 2015, Turchynov and Ieremenko, computer hackers based in Ukraine, gained unauthorized access into the computer networks of Marketwired L.P. (Marketwired), PR Newswire Association LLC (PRN), and Business Wire. They used a series of targeted cyber-attacks, including “phishing” attacks and SQL injection attacks, to gain access to the computer networks. The hackers moved through the computer networks and stole press releases about upcoming announcements by public companies concerning earnings, gross margins, revenues, and other confidential and material financial information.

At one point, one of the hackers sent an online chat message in Russian to another individual stating, “I’m hacking prnewswire.com.”  In another online chat, Ieremenko told Turchynov that he had compromised the log-in credentials of 15 Business Wire employees.

The hackers shared the stolen releases with the traders using overseas computer servers that they controlled. In a series of emails, the hackers even shared “instructions” on how to access and use the overseas server where they shared the stolen releases with the traders, and the access credentials and instructions were distributed amongst the traders.  In an email, which was sent by one of the traders, the instructions for accessing the overseas server suggested that users conceal their Internet Protocol address when accessing the server as a precaution to avoid detection.  The traders created “shopping lists” or “wish lists” for the hackers listing desired upcoming press releases for publicly traded companies from Marketwired and PRN. Trading data obtained over the course of the investigation showed that, after the shopping list was sent, the traders and others traded ahead of several of the press releases listed on it. 

The traders generally traded ahead of the public distribution of the stolen releases, and their trading activities shadowed the hackers’ capabilities to exfiltrate stolen press releases. In order to execute their trades before the releases were made public, the traders sometimes had to execute trades in extremely short windows of time between when the hackers illegally accessed and shared the releases and when the press releases were disseminated to the public by the newswires, usually shortly after the close of the markets.  Frequently, all of this activity occurred on the same day.  Thus, the trading data often showed a flurry of trading activity around a stolen press release just prior to its public release.

The traders traded on stolen press releases containing material nonpublic information about the following publicly traded companies that included, among hundreds of others: Align Technology, Inc.; Caterpillar Inc.; Hewlett Packard; Home Depot; Panera Bread Co.; and Verisign, Inc.

The traders paid the hackers for access to the overseas servers based, in part, on a percentage of the money the traders made from their illegal trading activities. The hackers and traders used foreign shell companies to share in the illegal trading profits. 

At today’s plea hearing, Arkadiy Dubovoy admitted that when he purchased the stolen press releases from the computer hackers operating in Ukraine, he knew they contained earnings announcements for publicly trading companies that had not yet been made public. Arkadiy Dubovoy also admitted that he sent the releases to either Korchevsky or Khalupsky so that they could review them and determine which trades would be profitable based on the stolen material information.

Arkadiy Dubovoy also admitted that he directed others, including Igor Dubovoy and Korchevsky, to manage the brokerage account he used as part of the scheme. He also admitted that he provided the hackers with access to at least one of his trading accounts so that they could confirm how much money was being made from the stolen information. According to Arkadiy Dubovoy, his arrangement with the hackers gave them approximately 50 percent of any profits resulting from the stolen press releases they provided.

The conspiracy charge to which Arkadiy Dubovoy pleaded guilty carries a maximum potential penalty of 20 years in prison and a $250,000 fine, or twice the gross gain or loss from the offense.

U.S. Attorney Fishman credited the special agents of the U.S. Secret Service, Criminal Investigations Division, under the direction of Director Joseph P. Clancy, and special agents from the Newark Field Office, under the direction of Acting Special Agent in Charge Jeffrey Wood, with the ongoing investigation leading to today’s plea.

The government is represented by Assistant U.S. Attorneys Andrew S. Pak, Daniel Shapiro, David M. Eskew, and Nicholas Grippo of the Economic Crimes Unit, Computer Hacking & Intellectual Property Section, Assistant U.S. Attorney Svetlana M. Eisenberg of the General Crimes Unit, and Assistant U.S. Attorney Sarah Devlin of the Asset Forfeiture and Money Laundering Unit.

Defense counsel: Michael Critchley, Sr., Esq., Michael Critchley, Jr., Esq., Critchley, Kinum & Vazquez, LLC