In mid August I told you about the SEC civil action against thirty-two people charged in the largest hacking and securities fraud enterprise in American history. The group of defendants is made up of rogue stock traders including hedge fund manager and former Morgan Stanley employee Vitaly Korchevsky along with computer hackers based in the Ukraine. The hackers used simple phishing tactics to gain access to more than 150,000 press releases issued by Marketwired, PR Newswire in New York and Business Wire of San Francisco on behalf of numerous American companies including Panera, Caterpillar, Inc and Align Technology that contained earnings and other corporate information prior to their public release. This enabled the stock traders to make trades based on this inside information before it became known to the public. It is estimated that between 2010 and 2015, the defendants made profits of 100 million dollars on 800 trades during this time.
Now, the SEC has settled the claims against two of the defendants, Jaspen Capital Partners Limited a Ukrainian company and its CEO Andrly Supranonok who, the SEC alleged made 25 million dollars in illegal profits from this enterprise. It is interesting to note, however, that not only did the SEC determine to prosecute this case civilly rather than criminally, but in its settlement, the SEC were not required to admit responsibility. In effect, what the defendants did is deny that they did anything wrong and promise not to do it again. They also, however paid a fine of 30 million dollars, which is 5 million dollars more than they earned through their improper actions.
The topic of when the SEC and the Justice Department prosecute white collar crimes as civil violations and when as criminal violations is a major topic of discussion with many people believing that white collar crime is not prosecuted criminal enough to serve as a disincentive to would-be white collar criminals.
However, for all of us as individuals, one of the biggest takeaways from this case is how easy it is to still use phishing emails to lure people into clicking on links tainted with malware that permits hackers to steal a person’s or company’s data. Apparently corporations still have not learned to train their employees to recognize phishing emails nor have they learned to encrypt and segregate sensitive data from hackers. This lesson is one that each of us as individuals should also learn in our own lives because identity thieves and hackers use the same phishing technique to steal the identities of individual victims. Never click on links in emails regardless of from whom they appear to come unless you are absolutely sure that the link is legitimate. It well could contain keystroke logging malware that will steal all of the information from your computer. Also, it is important to remember that you cannot rely on your anti-malware software to protect you because the best anti-malware software is always at least a month behind the latest malware.