9 Accused Of Making $30 Million Using Hacked Press Releases

NEWARK, N.J. (CBSNewYork/AP) -- An international web of hackers and traders was charged by U.S. authorities Tuesday with making $100 million by breaking into the computers of business newswire services, reading corporate press releases before they came out, and then trading on that information ahead of the pack on Wall Street.

Federal authorities said it was the biggest scheme of its kind ever prosecuted, and one that demonstrated yet another way in which the financial world is vulnerable to cybercrime.

Nine people in the U.S. and Ukraine were indicted in Brooklyn and Newark on federal criminal charges, including securities fraud, computer fraud and conspiracy. And the U.S. Securities and Exchange Commission brought related civil charges against the nine plus 23 other individuals and companies.

The case "illustrates the risks posed for our global markets by today's sophisticated hackers,'' SEC chief Mary Jo White said. "Today's international case is unprecedented in terms of the scope of the hacking at issue, the number of traders involved, the number of securities unlawfully traded and the amount of profits generated.''

The nine charged with criminal offenses include two people described as Ukrainian computer hackers and six stock traders, all but one of them in the United States. Prosecutors said the defendants made $30 million from their part of the scheme.

At the same time, the SEC brought a lawsuit that lays out a sprawling network of hackers and traders stretching from the U.S. to Russia and Ukraine, France, Malta and Cyprus, all accused of using the stolen advance information to make illegal trades.

Authorities said that starting in 2010 and continuing as recently as May, the hackers gained access to more than 150,000 news releases that were about to be issued by Marketwired of Toronto; PR Newswire in New York; and Business Wire of San Francisco. The news releases contained earnings figures and other information from a multitude of corporations.

"The traders actually gave shopping lists of companies who's information they wanted," Paul Fishman, U.S. attorney for New Jersey, said.

The defendants then used roughly 800 of those news releases to make trades before the information came out, exploiting a time gap ranging from hours to three days, prosecutors said.

Acting Brooklyn U.S. Attorney Kelly Currie calls the alleged scheme "an unholy alliance of shadowy hackers and criminal securities traders."

In one day in 2013, for example, the group traded more than 75,000 shares of Panera Bread Co. stock in a little over an hour and made $900,000, authorities said.

A strong earnings report or other positive news can cause a company's stock to rise, while disappointing news can make it fall. The conspirators typically used the advance information to buy stock options, which are essentially a bet on the direction in which a stock will move, authorities said.

The hackers were paid based on how much profit the traders made, prosecutors alleged.

"This is the story of a traditional securities fraud scheme with a twist -- one that employed a contemporary approach to a conventional crime,'' said Diego Rodriguez, head of the FBI's New York office.

Five defendants were arrested on Tuesday, and arrest warrants were issued for four in Ukraine.

Fishman said the case exemplified the "intersection of hacking and securities fraud'' and called the defendants "relentless and patient.''

At various times, the indictment alleges, the hackers were locked out of the news services' computer systems. According to Fishman, they eventually managed to get back in, often using simple "phishing,'' or sending bogus emails with links that, if clicked on, can eventually lead a hacker to a computer user's login and password.

Fishman said every employee of every company should watch out for emails that might look like they're from friends of relatives, WCBS 880's Alex Silverman reported.

"I know that they're saying that they were my college roommate and they want me to look at some photo on Facebook of us when we were in our freshman year in a dorm and we were doing something we shouldn't have been doing, but no one should click on those links without checking," Fishman said.

The thefts show how hackers are expanding their efforts beyond typical moneymaking information such as credit card and Social Security numbers.

It's also another example of how companies are often at the mercy of those they do business with. Many major hackings have been pulled off through third-party companies that have access to sensitive information.

Business Wire said it has hired a cybersecurity firm to test its systems and make sure they are secure. Marketwired and PR Newswire did not immediately return emails seeking comment.

The hacker group made more than $600,000 by trading the stock of Peoria, Illinois-based Caterpillar Inc. in 2011 using a news release that said the company's third-quarter profits had climbed 27 percent, according to the indictment.

Similarly, the group made more than $1.4 million trading stock in San Jose, California-based Align Technology in 2013 ahead of a press release that said annual revenue was up more than 20 percent, the indictment said.

The most serious charges in the indictment, wire fraud and securities fraud, carry up to 20 years in prison.

The SEC lawsuit named 17 individuals living in the U.S., Russia and Ukraine, and 15 companies in Georgia, Pennsylvania, Russia, France, Cyprus and Malta. The SEC is seeking unspecified fines and restitution against the 32 defendants.

(TM and © Copyright 2015 CBS Radio Inc. and its relevant subsidiaries. CBS RADIO and EYE Logo TM and Copyright 2015 CBS Broadcasting Inc. Used under license. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed. The Associated Press contributed to this report.)