As I first reported to you this past August and numerous times thereafter as the story developed, forty-three people were charged both civilly and criminally in the largest hacking and securities fraud enterprise in American history. The defendants were made up of rogue stock traders including hedge fund manager and former Morgan Stanley employee Vitaly Korchevsky along with computer hackers based in the Ukraine. The hackers used simple phishing tactics to gain access to more than 150,000 press releases issued by Marketwired, PR Newswire in New York and Business Wire of San Francisco on behalf of numerous American companies including Panera, Caterpillar, Inc and Align Technology that contained earnings and other corporate information prior to their public release. This enabled the rogue stock traders to make trades based on this inside information before it became known to the public. Trades using this stolen information were made by traders in Russia, Ukraine, Malta, Cyprus, France and here in the United States in Georgia, New York and Pennsylvania It is estimated that between 2010 and 2015, the defendants made profits of as much as 100 million dollars on 800 trades during this time. In December, Alexander Garkusha, one of the defendants pleaded guilty to making trades based upon the stolen information that personally gained him $125,000. Garkusha is cooperating with the government at this time. His sentencing is scheduled for May 6th. In January, Igor Dubovoy also pleaded guilty to conspiracy to commit wire fraud and agreed to forfeit more than 11 million dollars.
Now the SEC has announced that it has settled civil charges against Moscow-based hedge fund manager David Amaryan and his funds Copperstone Alpha Fund, Copperstone Capital, Ocean Prime, Inc and Intertrade Pacific SA through which Amaryan earned more than eight million dollars in profits through the illegal scheme. Pursuant to the settlement, Amaryan and his companies will pay the SEC ten million dollars. Of course, as is typical in such settlements, Amaryan neither admitted nor denied any wrongdoing, however pursuant to the settlement he is prohibited from using such tactics in the future, which is akin to Amaryan saying he didn’t do anything wrong and he promises not to do it again while also agreeing to pay ten million dollars to the SEC.
One of the biggest takeaways from this case is how easy it is to still use phishing emails to lure people into clicking on links tainted with malware that permits hackers to steal a person’s or company’s data. Phishing and the more targeted spear phishing is also the way that the ransomware used against the Hollywood Presbyterian Medical Center was implanted in its computers. Apparently corporations still have not learned to sufficiently train their employees to recognize phishing emails nor have they learned to encrypt and segregate sensitive data from hackers. This lesson is one that each of us, as individuals, should also learn in our own lives because identity thieves and hackers use the same phishing techniques to enable criminals to hack into the computers of individuals and steal their personal information. Never click on links in emails regardless of from whom they appear to come unless you are absolutely sure that the link is legitimate. It well could contain keystroke logging malware that will steal all of the information from your computer. Also, it is important to remember that you cannot rely on your anti-malware software to protect you because the best anti-malware software is always at least a month behind the latest malware. However, it is still important to have security software on all of your electronic devices and keep that software up to date with the latest security patches because many scammers use older versions of malware for which there are defenses.