Two men share securities regulation news

Breaking news and expert analysis on legal and compliance issues

[Back To Home][Back To Archives]

From Securities Regulation Daily, January 15, 2019

SEC charges Ukrainian hacker and various traders in connection with misappropriating EDGAR data

By Brad Rosen, J.D.

The SEC brought a five-count complaint in federal court in the District of New Jersey against nine defendants for participating in a scheme to hack into the SEC’s EDGAR system and extract nonpublic information to use for illegal trading. Specifically, the agency charged Oleksandr Ieremenko, a Ukrainian hacker, in addition to six individual traders in California, Ukraine, and Russia, as well as two corporate entities. The scheme generated over $4.1 million in illegal profits (SEC v. Ieremenko, January 15, 2019).

The SEC publicly announced the intrusion into its EDGAR back in September 2017. The SEC also noted in its release that Ieremenko and some of the traders were previously charged in a similar scheme to hack into news wire services and trade on information that had not yet been released to the public.

Trading on non-public information. The SEC’s complaint alleges that after hacking the newswire services, Ieremenko turned his attention to EDGAR and, utilizing deceptive hacking techniques, gained access in 2016. Ieremenko extracted EDGAR files containing nonpublic earnings results. The information was passed to the trader defendants who used it to trade in the narrow window between when the files were extracted from SEC systems and when the companies released the information to the public. In total, the traders traded before at least 157 earnings releases from May to October 2016 and generated at approximately $4,135,000 in ill-gotten gains.

Hack accomplished by circumventing user authentication controls. According to the SEC’s complaint, Ieremenko circumvented EDGAR controls that require user authentication and then navigated within the EDGAR system. Ieremenko obtained nonpublic "test files," which issuers can elect to submit in advance of making their official filings to help make sure EDGAR will process the filings as intended. Issuers sometimes elected to include nonpublic information in test filings, such as actual quarterly earnings results not yet released to the public. Ieremenko extracted nonpublic test files from SEC servers, and then passed the information to various trader defendants.

The defendants and their illegal gains. The SEC’s complaint alleges that the defendant traders received and traded on the basis of the hacked EDGAR information and sets forth their illegal profits as follows:

  • Sungjin Cho, Los Angeles, California ($679,862);
  • David Kwon, Los Angeles, California ($404,243);
  • Igor Sabodakha, Ukraine ($69,120);
  • Victoria Vorochek, Ukraine ($108,637);
  • Ivan Olefir, Ukraine ($449,010);
  • Andrey Sarafanov, Russia (1,094,435);
  • Capyield Systems, Ltd. which was owned by defendant Olefir, Ukraine ($832,967); and
  • Spirit Trade Ltd., Hong Kong ($496,740).

Claims for relief and remedies sought. The SEC’s complaint charged each of the defendants with violating the federal securities antifraud laws and related SEC antifraud rules. The agency seeks a final judgment ordering the defendants to pay penalties, return their ill-gotten gains with prejudgment interest, and seeks to enjoin them from committing future violations of the antifraud laws. In a related proceeding, the U.S. Attorney’s Office for the District of New Jersey brought criminal charges against defendant Oleksandr Ieremenko.

The SEC also named and is seeking relief from four relief defendants who profited from the scheme when defendants used the relief defendants’ brokerage accounts to place illicit trades.

SEC leadership weighs in. Enforcement Division Co-Director Stephanie Avakian stated "Today’s action shows the SEC’s commitment and ability to unravel these schemes and identify the perpetrators even when they operate from outside our borders." Meanwhile, her Co-Director Steven Peikin noted "Our staff’s sophisticated analysis of the defendants’ trading exposed the common element behind their success, providing overwhelming evidence that each of them traded based on information hacked from EDGAR."

Finally, SEC Chairman Jay Clayton observed that "This action illustrates that the SEC faces many of the same cybersecurity threats that confront exchange-listed companies, other SEC-registered entities and market participants of all types. These threats to our marketplace are significant and ongoing and often involve threats from actors outside our border." He added, "No system can be entirely safe from a cyber intrusion. Here at the SEC, we recognize that we must continuously use the resources available to us efficiently and effectively to bolster our cybersecurity defenses and reduce our cyber risk profile."

The case is No. 19-cv-505.

Attorneys: Cheryl L. Crumpton and Stephan J. Schlegelmilch for the SEC.

MainStory: TopStory CyberPrivacyFeed FraudManipulation InternationalNews SECNewsSpeeches NewJerseyNews

Back to Top

Securities Regulation Daily

Introducing Wolters Kluwer Securities Regulation Daily — a daily reporting service created by attorneys, for attorneys — providing same-day coverage of breaking news, court decisions, legislation, and regulatory activity.


A complete daily report of the news that affects your world

  • View full summaries of federal and state court decisions.
  • Access full text of legislative and regulatory developments.
  • Customize your daily email by topic and/or jurisdiction.
  • Search archives for stories of interest.

Not just news — the right news

  • Get expert analysis written by subject matter specialists—created by attorneys for attorneys.
  • Track law firms and organizations in the headlines with our new “Who’s in the News” feature.
  • Promote your firm with our new reprint policy.

24/7 access for a 24/7 world

  • Forward information with special copyright permissions, encouraging collaboration between counsel and colleagues.
  • Save time with mobile apps for your BlackBerry, iPhone, iPad, Android, or Kindle.
  • Access all links from any mobile device without being prompted for user name and password.