Israeli Hacker-For-Hire Sentenced To 80 Months In Prison For Involvement In Massive Spearphishing Campaign
Joon H. Kim, the Acting United States Attorney for the Southern District of New York, and William F. Sweeney Jr., the Assistant Director-in-Charge of the New York Field Office of the Federal Bureau of Investigation (“FBI”), announced today that DMITRY SAZONOV was charged with attempted theft of trade secrets for his alleged attempted theft of proprietary computer code for a trading platform from his employer, a financial services firm with an office in New York, New York, that trades securities and other financial products (“Firm-1”). SAZONOV was arrested yesterday afternoon and presented today before U.S. Magistrate Judge Andrew J. Peck in federal court.
Acting U.S. Attorney Joon H. Kim said: “As alleged, Dmitry Sazonov attempted to steal valuable proprietary computer code that took his employer years to develop. Sazonov allegedly took elaborate steps to conceal his attempted theft, including camouflaging pieces of source code within harmless-looking draft emails on his work computer. Thanks to the FBI, Sazonov has been stopped and is now in custody.”
FBI Assistant Director-in-Charge William F. Sweeney Jr. said: “As we allege, Sazonov went to great lengths to conceal source code for a trading platform in order to steal it from his former employer. He researched and ultimately used the technique of steganography to hide the code within other PDF files like personal tax and immigration documents on his work computer. He also uploaded encrypted zip files to a third-party website to complete his heist. Stealing from an employer is a serious offense especially when it comes to proprietary source code that companies have invested heavily in, and that they rely on to generate revenue. The FBI is committed to enforcing laws that protect U.S. companies from the theft of trade secrets.”
According to the allegations contained in the Complaint unsealed today:
Firm-1 acts as a market maker, facilitating trading and liquidity in a variety of financial markets. A substantial portion of the trading done by Firm-1’s employees is facilitated by a proprietary computer trading platform (the “Trading Platform”), which deploys a computer program to take in many different pieces of market data, to use that data to develop trading strategies, and then to generate orders and automatically submit those orders to an exchange or market center. Firm-1’s use of the Trading Platform accounts for a substantial volume of Firm‑1’s total trading activity. For example, Firm-1 executes approximately $300 million in options trades through the Trading Platform every day. The strategies and efficiency resulting from Firm-1’s use of the Trading Platform contribute substantially to Firm-1’s market share in the financial markets in which Firm-1 trades and to its overall trading profits.
For at least approximately five years, Firm 1 has been in the process of developing an updated and improved version of the Trading Platform (the “Updated Trading Platform”). Firm‑1 has, to date, invested more than approximately $5 million in the development of the Updated Trading Platform. The Updated Trading Platform is expected by representatives of Firm-1 to continue to enhance the position of Firm-1 in the markets in which it participates and to contribute substantially to Firm-1’s market share and profits. Accordingly, Firm-1 has put in place measures designed to protect the computer source code (the “Source Code”) underlying the Updated Trading Platform.
From July 2004 through February 6, 2017, SAZONOV was employed as a software engineer by Firm-1. In that role, SAZONOV was involved in the development of trading strategies to be implemented in conjunction with the deployment of the Updated Trading Platform; as a result, SAZONOV had access to the Source Code. On February 2, 2017, SAZONOV learned that his immediate supervisor at Firm-1 had resigned and began looking for a new job outside of Firm-1. On Friday, February 3, 2017, SAZONOV learned that he would be meeting with another supervisor about the future of his role at Firm-1 the following Monday.
Before that meeting took place, SAZONOV took various steps to attempt to steal the Source Code. On the morning of February 6, 2017, SAZONOV downloaded the Source Code to his Firm-1 computer. He ran Internet searches and viewed websites related to steganography, the practice of concealing messages or data within other files, among other things. SAZONOV then deployed a computer program that appears to have used steganography, in order to break up a PDF file believed to contain the Source Code, and append pieces of the PDF file to various apparently innocuous documents and files contained in a folder on SAZONOV's desktop computer, including personal tax and immigration documents and images taken from the Internet, among others (the “Payload Documents”). The program also appears to have produced a manifest, permitting the reassembly of the Source Code from the various Payload Documents. SAZONOV used his Firm-1 computer to upload an encrypted zip file containing the manifest to a third-party website. He also saved two draft emails to his Firm-1 email account, attaching the encrypted zip file containing the manifest to one email and a zip file containing the Payload Documents to the other email; the draft emails were addressed to an email address associated with SAZONOV. SAZONOV did not send the emails before reporting to the meeting with the supervisor. In the course of that meeting, SAZONOV was fired by Firm-1. After being fired, SAZONOV repeatedly asked to be permitted to return to his desk to retrieve files from his computer. Pursuant to Firm‑1 policy, however, SAZONOV was not permitted to return to his desk prior to being escorted out of Firm-1’s New York, New York, office.
On multiple occasions following his termination by Firm-1, SAZONOV contacted individuals employed by Firm-1 by telephone and by email seeking the return of computer files on his Firm-1 desktop computer, which he claimed were personal documents. Indeed, SAZONOV repeatedly requested that Firm-1 return to him the documents contained in the file in which the Payload Documents were saved. On April 12, 2017, SAZONOV reported to the lobby of the building in which the New York, New York, office of Firm-1 is located and retrieved a disk he believed contained those files. He was subsequently arrested.
* * *
SAZONOV, 44, of Rockland County, New York, is charged with one count of attempted theft of trade secrets, which carries a maximum sentence of 10 years in prison and a maximum fine of $250,000 or twice the gross gain or loss from the offense. The maximum potential sentence in this case is prescribed by Congress and is provided here for informational purposes only, as any sentencing of the defendant will be determined by the judge.
Mr. Kim praised the outstanding investigative work of the FBI.
The case is being prosecuted by the Office’s Complex Frauds and Cybercrime Unit. Assistant U.S. Attorney Katherine Reilly is in charge of the prosecution.
The charges contained in the Complaint are merely accusations, and the defendant is presumed innocent unless and until proven guilty.
 As the introductory phase signifies, the entirety of the text of the Complaint, and the description of the Complaint set forth herein, constitute only allegations, and every fact described should be treated as an allegation.