
How an International Hacker Network Turned Stolen Press Releases into $100M - sus_007
https://www.theverge.com/2018/8/22/17716622/sec-business-wire-hack-stolen-press-release-fraud-ukraine
======
quackerhacker
"Their algorithms are designed to pick up on stock prices fluctuating before
major corporate announcements, indicating that those buying or selling have
insider knowledge..."

As someone who has coded high frequency algos that tracked orders and fill
rate velocity, I love this little tidbit of knowledge that FINRA utilizes it's
own types of analysis. It intrigues me to imagine the accuracy and dismissal
of false positives. _sorry nerding out on the tech_

~~~
anonymous5133
What I always thought to be interesting is by analyzing those pre-announcement
movements. We all know there are always people trading on insider information
so it would be possible to use those pre-announcement movements to your
advantage. If you see the stock price dropping before the announcement, then
best to unload your shares or vice versa.

~~~
AznHisoka
This doesn’t work because there is no insider trading in most cases, and even
if there were, you might be fooled by mass idiots trading the opposite
directon of the insider.

~~~
GoMonad
As an example why it might drop (or rise) with high volume: firms could be
"derisking" before earnings.

------
ebullientocelot
My favorite part is when the Ukrainian officials start their own version of
the plot instead of prosecuting. Something to be said about intellectual
honesty.

~~~
rdtsc
Not surprised a bit. Usually the reason crime is flourishing in those parts is
because there is protection from withing the judicial and executive branches
of the government. The police and judges are often part of, if not the ones
running many of the crime rings.

There is also the part where the Ukrainians then went on to blackmail
Ieremenko, threatened to extradite him and asked him for a bribe. He paid up.
Of course the go-between guy doubled the blackmail price (think big, right?),
got his 50% share then forwarded the rest to the intel agency. And then
Ieremenko realizes he couldn't be extradited anyway because Ukraine doesn't do
that with its citizens! The article then says "the pair fell out when
Ieremenko discovered he had been duped". I am surprised they hadn't had a
boating accident of some sort, or fell on a knife, backwards a few times.

~~~
ffmegpeg
> in those parts

Not an Ukranian, but boy, does that horse look high!

------
anonu
The SEC complaint from 2015 is also a fun read:
[http://www.sec.gov/litigation/complaints/2015/comp-
pr2015-16...](http://www.sec.gov/litigation/complaints/2015/comp-
pr2015-163.pdf)

------
itake
I knew Igor a few months before his arrest. He worked as a general contractor
for renovating houses. I was told he was on the cheaper end for contractors,
but I was surprised to see him driving an Audi/ sports car when my previous
contractor had a beat up ford.

------
happywage
... in your newswire database.

"GE To Declare Bankruptcy", "Lockheed Sold to Chinese", etc. Sit back and
watch idiots buy fake info and lose billions.

~~~
troels
Somewhat related. I wonder how often someone would plant false information
that would cause a panic sell-off, then buy on the dip, before everyone
realise that it was a lie? It's like the opposite of inside information. (Does
this particular scheme have a name?)

* Edit:

A quick googling suggests this is fairly prevalent. Must be keeping the SEC
busy.

~~~
Cthulhu_
A recent one is Musk going "I'm thinking of making Tesla private at $420 per
share" \- regardless of whether he's going through with it or not, it bumped
the price of Tesla stock up by 10%, and people made a lot of money off of
that.

------
gesman
So did anyone studied SEC insider trading convictions and then went back to
trading records to train AI/DL networks to learn to detect insider trading
patterns in close-to-real time?

~~~
anonu
Not gonna say its not possible... but its going to be very very hard. Only
looking at market data is insufficient to determine whether there was insider
trading. You need to know who was trading (the markets are anonymous) and many
times insiders will direct their friends and family to trade for them... so
you might need to plug a social network into your AI to filter out the false
positives from using market data alone.

------
anonu
"The logic being that the early trades were made on the basis of someone
else’s insider information"

This was one guy's defense. I love this - partly because so much of trading
and investing is what I call "self fulfilling". There's only a trade to be
done because other people are doing a trade.

------
onetimemanytime
They are dumb criminals and smart criminals. A _certain_ amount of respect
goes to these guys...and this is FU money we're talking about

------
wodenokoto
Why do we keep a newswire database that stores these things before being
published? Why don't companies and officials not hold on to these documents
themselves?

You could say newswire are better at protecting, but the companies who write
the press releases will likely have a copy stores both before and after it
enters newswire

~~~
anonu
If you are a registered company (like any publicly listed company in the USA)
you need to release important information to as many people as possible in a
timely manner. Newswire makes sense since it goes out to 1000s of newspapers
and websites. It also makes sense to queue it up before release. Otherwise,
that would give people listening to your earnings conference call or checking
the EDGAR filings an unfair advantage over more accessible resources.

------
mirimir
I wonder why these people were so careless about keeping their meatspace
identities private.

~~~
anonymous5133
"we won't get caught"

~~~
mirimir
Yeah, I suppose. And probably because "we're in [some former Soviet block
country] where we can do as we like, as long as we don't mess with our
countrymen".

------
auslander
> profits made public by the SEC stands at over $100 million, but that
> represents only a fraction of the money authorities believe was made

I wonder, if they gained this much, who lost this much? Or nobody lost?

~~~
YPCrumble
Everyone who didn't have this information and invested in the same stocks
lost.

EDIT: "invested" here could mean purchased the stock, held the stock, or even
sold the stock without the information. Depends on the information (e.g., is
it good or bad news?).

------
EnFinlay
Anyone else find this bit kinda creepy?

> The Dubovoys used the same brokerage accounts repeatedly, and they owned
> some of them directly or through immediate family members with shared
> surnames. Their association could also be easily confirmed through the fact
> that they were part of the same church community.

Is there a database out there where you can search "SELECT * FROM PEOPLE WHERE
communities INCLUDES (SELECT communities WHERE lastName = "Dubovoys");" If you
know what I mean.

------
rajacombinator
Funny they should have caught them on Dendreon trading. Main takeaway ... if
you’re going to do insider trading make sure you are really on the inside.
(ie. Wall St and US govt)

------
chmike
I don't understand that the press release center couldn't be definitely
secured once the problem was known.

~~~
stef25
When GCHQ hacked the Belgacom servers they had a real hard time discovering
and getting rid of the backdoors.

------
SenHeng
So a Borg is in charge of the US Cyber Consequences Unit. Resistance is
futile?

