
Silicon Valley IT Administrator and Friends Charged in Insider Trading Ring - chmaynard
https://www.sec.gov/news/press-release/2019-261
======
lioeters
The allegation:

> ..A former IT administrator then at Palo Alto Networks Inc., was at the
> center of the trading ring, using his IT credentials and work contacts to
> obtain highly confidential information about his employer’s quarterly
> earnings and financial performance.

How they were caught:

> This case highlights [SEC's] use of enhanced data analysis tools to spot
> suspicious trading patterns and identify the traders behind them.

Total estimated profit from this scheme, between 2015~17:

> Defendants’ trades in advance of the announcement generated profits that
> exceeded $3 million.

EDIT: Oops, I found this line from the same source: "At the peak of their
scheme in 2017, [the defendants] achieved more than $7 million in illegal
trading profits."

(Source: [https://www.sec.gov/litigation/complaints/2019/comp-
pr2019-2...](https://www.sec.gov/litigation/complaints/2019/comp-
pr2019-261.pdf))

~~~
Aaronstotle
Feel like they were trying to get caught, communicating over text/email for
insider trading isn't the brightest move. Then again, criminals usually aren't
the smartest.

~~~
orf
> criminals usually aren’t the smartest

Selection bias.

~~~
tradertef
I was thinking exactly the same thing. I wonder how much is being made using
insider trading and never got caught.

~~~
malux85
Ah, most of it? You know that dark pools of communication exist too right?

They even have code words for the names of well known insider traders, e.g.
Jacob Rees-Mogg, the UK politician is known as the “profiteering ghoul”
because his massive short on the pound, why else was he pushing Brexit so
much? The will of the people? Get real

Which makes sense, do you think that given the financial amounts involved, and
the only thing stopping most people is ethics (and knowledge that it’s illegal
but easy to get away with) that it wouldn’t happen??

~~~
throwGuardian
Citation needed. One can accuse anyone of anything without the burden of proof

~~~
DyslexicAtheist
_> Citation needed_

aehm, no it's not.

just google Somerset Capital, e.g.
[https://ftalphaville.ft.com/2018/02/08/2198570/jacob-rees-
mo...](https://ftalphaville.ft.com/2018/02/08/2198570/jacob-rees-moggs-huge-
personal-windfall-after-brexit/)

------
campee
> After the FBI interviewed Nellore about the trading in May, he purchased
> one-way tickets to India for himself and his family and was arrested at the
> airport.

How does the FBI get notified in advance when a suspect buys a plane ticket?
You read about it all the time in stories like this. Is the FBI being sent
passenger manifests for every commercial flight and are they being cross-
referenced against a list of names of potential flight risks?

~~~
cortesoft
No, they flag a name and then get notified when that person buys a ticket.

~~~
campee
I wonder if Mexico and Canada notify the FBI as well. Maybe Canada, but I
doubt Mexico does. Drive there for the day, fly out of there with minimal
luggage/possessions.

~~~
iudqnolq
This is completely wrong.

It's very difficult to drive across the border without passing through US
border security. And, being sneaky near the border is a good way to get
arrested by either side.

US law enforcement works closely with Mexican law enforcement and both
countries have an agreement to extradite to the other people who aren't their
own citizens semi-automatically.

[https://mx.usembassy.gov/our-relationship/policy-
history/law...](https://mx.usembassy.gov/our-relationship/policy-history/law-
enforcement/)

US law enforcement operate much more in Mexico than in Canada. A lot of the
time it's DEA agents working with Mexican police and military on operations
funded and supported technically by the US, but the FBI also gets involved.

At many levels individuals in the Mexican government will corruptly hide
criminals from the US. But you can't just show up and say you want to join the
club. That takes connections.

~~~
jjulius
>It's very difficult to drive across the border without passing through US
border security.

Well that's just not true. Have you ever driven across the border into either
country from the US? You pass through Mexico or Canada's customs checkpoint.
It's not until your return that you pass through the US' checkpoint.

~~~
iudqnolq
You're right. That part of my answer was dumb.

------
elliekelly
“Baby” has got to be one of the worst insider trading code words of all time.
“Enter few baby” is a really weird thing to write in a work email no matter
the context.

~~~
addisonl
And who's bright idea was it to send anything related to this on a work email.
You'd think someone in this space would understand encrypted communication.

~~~
unlinked_dll
well the easiest way to not get caught is to not commit crimes. In general,
criminals aren't especially smart. Or the ones that get caught at least.

~~~
vermilingua
"Criminals aren't smart" is the textbook example of anti-survivorship bias.

~~~
divbyzer0
Dumb criminals are dumb, and get caught more readily.

Smart criminals have sophisticated networks, trust funds, art deals and
charities to obscure their activities, and do not get caught as frequently.

for ref: Mossack Fonseca.

~~~
jcslzr
Fucking Epstein had his own Internet network

that is really covering your ass

------
anon9001
If anyone here has ever prepared earnings reports, how is that process usually
handled?

I'm guessing it's just a spreadsheet on some finance person's computer until
it's certified for release?

Are there best practices for making sure data doesn't leak ahead of the
official earnings report?

~~~
mike_d
Take a look at Intralinks and Diligent. They are basically Dropbox + embedded
Office 365 but with ultra tight security controls. No SSO, no IT/security
access, no local storage. Generally only your head of finance, a few people
from legal, and board members will have accounts.

I know of a major investment firm that has a separate GSuite instance that
execs from their investments are given accounts on for sharing data.

~~~
eckesicle
Yeah, The market is called 'board portals' and it's a comparatively niche
product offering. There's a couple of other companies beyond Diligent and
Interlinks that offer the service. Board Intelligence is probably the best one
imho.

~~~
asdf21
So you're saying to figure out what stocks employees at Board Portals are
trading and jump on board.

------
kryogen1c
>The SEC’s complaint alleges that the defendants sought to evade detection,
with Nellore insisting that the ring use the code word “baby” in texts and
emails to refer to his employer’s stock, and advising they “exit baby,” or
“enter few baby.”

Security through obfuscation. One wonders how good of IT administrators they
were.

~~~
chii
if only they just used something like end-to-end encryption, then there'd be
no evidence to charge them with!

~~~
rolltiide
unless they nabbed literally any participant's phone while unlocked, or ran an
exploit that got a client side dump without it being unlocked

~~~
trthomps
Signal (or Keybase), with expiring messages.

I've become quite paranoid about my digital communication, I've worked in the
field long enough to know all of them are being scanned. I'm not even doing
anything illegal, I'm just uncomfortable with it.

Or just never talk digitally, only talk IRL. All these guys lived near each
other and worked at the same company, could have easily just dropped by each
others desk with a wink or a nod.

~~~
rolltiide
There was a ring 6 years ago that was run over snapchat - expiring client side
but not e2ee - and it got busted by a 50 year old that had a screenshot in his
email

For my sensitive communications I’ve concluded not talking digitally too

------
yotamoron
So an IT admin of an internet security company is caught trading on insider
info, and texting with his co-conspirators about it? He should go to jail on
the grounds of being totally stupid and incompetent. And so are the people who
hired him. I know 3 year olds who have more brains.

------
cryptozeus
Just say Palo Alto Networks ...what does Silicon Valley has to do with one
company?

~~~
skyyler
"Silicon Valley" is used in the title to describe where the IT Administrator
that the article is about is located.

Similar to "Florida man"

~~~
nullc
"Florida man" is largely due to Florida's extremely aggressive open records
laws making the tawdry details of every nutball's minor arrest instantly
public.

What's Silicon Valley's excuse?

~~~
skyyler
You misunderstand my comment.

Using a location before the words "man" or "woman" implies that the man or
woman is from that location.

When I say "Chicago woman makes thirty pizzas for homeless shelters", you
wouldn't ask about the relevance of the word 'Chicago' because it adds to your
understanding of the woman.

------
frostyj
Curious how SEC decides which of his friends was part of the insider trade?
What if they never tipped him anything?

~~~
vkou
The SEC has a few tools for catching insider traders.

1\. They look at suspicious trades that made a lot of money. Putting all your
money into shorting a stock, right before earnings come out qualifies. Doing
it multiple times gets them very interested in you.

2\. They start asking questions, conducting interviews, and getting search
warrants. If nothing suspicious comes up, they drop it. Occasionally, traders
get lucky, right?

3\. They get wiretap warrants for their core suspects, and place a few
friendly phone calls to those people, to ask a few friendly questions about
some stock trades.

At this point, they have two branching options.

4.1. Tap the phone lines, and wait to see who the core suspects call.

4.2. Drop by the core supects' homes, slap some handcuffs on them, pretend to
thumb through a seven-hundred page thick binder, and ask them very nicely, if
they would be willing to share the names and roles of their accomplices, in
exchange for a lesser prison sentence. It would also be great if they could
call said accomplices, and inconspicuously get them to chat about the
financial crimes that the group has been doing in the past few months.
(Admitting to financial crimes over the phone makes the subsequent convictions
much easier.)

Repeat, recursively, until step 3 fails to add new nodes to the graph.

------
godelmachine
>> _use of enhanced data analysis tools to spot suspicious trading patterns
and identify the traders behind them_

Very curious to know about the tools and tech which they use.

Would someone apprise on research paper/ blog where I can read it?

~~~
philjohn
HMRC (UK equivalent of the IRS) has an interesting system called "Connect"
which pulls together a myriad of data both that held by government, to
corporate data, bank data and more to spot anomolous patterns. Could be
something similar.

------
yalogin
This is just one that got caught. Wonder how much insider trading happens.

------
jcslzr
I believe you have my stapler.

------
asdf21
enter baby

------
paggle
I thought they were insider trading the stock of Ring, the doorbell company,
by sniffing their traffic if they were using Palo Alto Networks security
systems. Now THAT would be a big fucking scandal.

------
thewileyone
Not much of a scandal since they were only profiting off their own company's
stock value by analyzing the financial reports.

Could have surmised a similar trend by monitoring purchase and shipment orders
versus staffing headcount, quarter to quarter, month to month, etc.

What I'm getting at is that if they are trading on their own company stock,
what's the big deal? Stock markets are volatile anyway.

~~~
harry8
Not legal advice. IMNAL.

The test for inside information is that it is "material, non-public
information used to inform the trade decision."

This is supposed to mean that the information is not available to normal
market investors (nonpublic) and if it were published, eg via stock exchange
announcement, it would move the market price more than "noise" (material) so
you buy (inform a trade decision).

e.g. we just closed a billion dollar deal with recurring revenue that nobody
trading our securities knows about increasing our expected after tax profit by
300%. You work as a lawyer on that deal and buy short dated out of the money
call options you're doing an illegal thing.

Hiring is up by 5% this year, some of them were logistics experts. From this
and other pieces of small knowledge none of which are by themselves marke
moving you infer things are going well and buy. This is ok. The material
information was inferred not provided. This is what good investors are
supposed to do.

You probably need to be pretty careful trading the stock of a company you work
for. Definitely get legal advice.

~~~
MandieD
My employer sends out a notice about 35 days before quarterly results are
expected to be out reminding us about Germany's Capital Markets Law, advising
all of us against trading shares in our company within 30 days before the
earnings are published just to make sure we don't get into trouble.

I'm in Germany, so insider trading rules are different from the US.

