Hacker News new | past | comments | ask | show | jobs | submit login
How an International Hacker Network Turned Stolen Press Releases into $100M (theverge.com)
358 points by sus_007 on Aug 24, 2018 | hide | past | favorite | 65 comments

"Their algorithms are designed to pick up on stock prices fluctuating before major corporate announcements, indicating that those buying or selling have insider knowledge..."

As someone who has coded high frequency algos that tracked orders and fill rate velocity, I love this little tidbit of knowledge that FINRA utilizes it's own types of analysis. It intrigues me to imagine the accuracy and dismissal of false positives. sorry nerding out on the tech

What I always thought to be interesting is by analyzing those pre-announcement movements. We all know there are always people trading on insider information so it would be possible to use those pre-announcement movements to your advantage. If you see the stock price dropping before the announcement, then best to unload your shares or vice versa.

This doesn’t work because there is no insider trading in most cases, and even if there were, you might be fooled by mass idiots trading the opposite directon of the insider.

As an example why it might drop (or rise) with high volume: firms could be "derisking" before earnings.

> It intrigues me to imagine the accuracy and dismissal of false positives. sorry nerding out on the tech

Probably not tech for false positives.

You probably don't have to winnow too far before humans can handle the remainder.

There absolutely has to be tech analysis of a trader's entire portfolio or majority of their trades in order to really investigate before it passes off to human review.

The real beauty in this statement is the merging of fundamental analysis (news releases, ect.) with tech analysis. I don't mean tech analysis in the context of pivot points, sma's, rsi's, ect...I mean tech analysis on the evaluation of the winners of a significant price movement and their entire trades and current portfolio. THAT is the mind boggling algo.

Just b/c a trader makes x amount on a move doesn't mean they had privileged info. A tech eval has to eval their entry and exits to see if they were prime/ideal moves and most importantly their order size and order type, but it ultimately comes down to pattern evaluating their order history across multiple assets and see if their transaction history is generally successful and positions are taking prior to news release...then flag for human review and substantiate evidence.

They're probably reviewing these things ex-post, quarterly or something. It's pretty straightforward to do this analysis, i'd say. Look for people that consistently long/short shortly before a substantial favorable dislocation. People doing HF are going to be picking up small dislocation, so a move-magnitude filter weeds them out. No discretionary traders are going to be as consistently correct and consistently well-timed. IMO it'd be a pretty straightforward filter to write.

Would there be any way of securing a conviction if there was no proof of insider knowledge, other than the actual buys & sells?

It’s legal to use other people’s insider information. It’s only when you’re the source directly or indirectly that it’s illegal.

I don't think this is accurate (in the US), and very dangerous advice if you are wrong.

Not only does it contradict every post-hire training I've ever sat through, but Martha Stewart didn't go to prison for the fun of it-- she was a recipient of insider information three or four degrees removed from the source. It was very much illegal for her to use other people's insider information.

The standing definition is that if you are trading on knowledge not available to the public regardless of how it was sourced or laundered, it's insider trading. I'd genuinely like to see any references you have that can attest to this more lenient interpretation-- it seems entirely self-defeating.

> Martha Stewart didn't go to prison for the fun of it-- she was a recipient of insider information three or four degrees removed from the source. It was very much illegal for her to use other people's insider information.

Martha Stewart went to jail for lying to the Feds, not insider trading, IIRC.

> It’s legal to use other people’s insider information. It’s only when you’re the source directly or indirectly that it’s illegal.

This is dangerously incorrect in the US.

You may not use ANY material business information that is not available to other traders.

Now, you may do your own analysis of the business or the market and act on that. You can hire private investigators to dig through public trash to monitor pizza consumption and act on that. You can even use public web APIs to calculate actual customer acquisition numbers (shady, but probably just on the technically legal side of the line) and act on that.

But, if you have any information about a company not generally available to the public, you may not act on it.

Here is the relevant section.

The “manipulative and deceptive devices” prohibited by Section 10(b) of the Act ( 15 U.S.C. 78j) and § 240.10b-5 thereunder include, among other things, the purchase or sale of a security of any issuer, on the basis of material nonpublic information about that security or issuer, in breach of a duty of trust or confidence that is owed directly, indirectly, or derivatively, to the issuer of that security or the shareholders of that issuer, or to any other person who is the source of the material nonpublic information.

The list is long but not total. If you happen to overhear something at lunch one day that’s fair game. The chain can be long and thin but it needs to exist. Aka A lawyer who’s client is the husband of an accountant for a company trying to do a takeover and your out of luck. Now it’s safer to shorten that to non public information = off limits, but not accurate. https://www.americanbar.org/content/dam/aba/administrative/l...

‘The Court, however, determined that, for a tippee to be liable, “the insider personally [must] benefit, directly or indirectly, from his disclosure.”35 In the Dirks case, the insider who provided the confidential information did so to expose a fraud in the company, not for any personal benefit. Therefore, the Court held, the insider had not breached his duty to the company’s shareholders, so the defendant (tippee) in Dirks could not be liable for insider trading.‘

the bigger irony is that the SEC and FINRA were doing exactly what one of the hackers said they were doing, but got them - Ukranian and Russian trading firms - to settle over $10m just because they happened to know the other traders and would try to prove it in court that way if they didn't settle.

okay, knows prominent traders and hackers who trade US equities from Russian timezones, small world?

I don't like that story

I don't see that implication in the article. I think you're referring to this part "your guys were detected. They were trading with very big money and there was a lot of fuss about them, about how it’s not the season and when it was the season they traded."

This excerpt most likely implies that the inside trades were for commodities (future contracts) and was sent to one of the relative people involved in the hack.

What would be irony (but of course is speculation) is if any of the brokerages that the hackers submitted trades thru did front-running (matching their trades at entry).

"I don't see that implication in the article." - quackerhacker

> Since 2010, the SEC’s Analysis and Detection Center has joined Wall Street’s self-regulator, the Financial Industry Regulatory Authority (FINRA), in monitoring the markets for signs of insider trading. Their algorithms are designed to pick up on stock prices fluctuating before major corporate announcements, indicating that those buying or selling have insider knowledge

> One defendant in the civil case, David Amaryan, whose company Copperstone Capital won an award for best Russian hedge fund in January 2015, claimed that one of his employees devised an algorithm to pick up early trades occurring on the market and mimic them. The logic being that the early trades were made on the basis of someone else’s insider information. ... Amaryan and his three companies agreed to pay $10 million to the SEC.

IANAL but this is an interesting legal precedent if true. Since this was an out of court settlement I assume there are no public records of the decision?

it wasn't out of court, this is the SEC's modus operandi

there's no precedent here, the government always does stuff like this

they got bullied in a civil case, the prosecutor caught them in a lie as they misjudged how the US government will nail them, and then they accepted a settlement deal


The SEC's problem is that their interpretation of laws are very nuanced and they need to avoid jury trials and appeals courts at all costs. Financial crimes are hard to prove and it is hard to determine if they are actually crimes. Yes the executive branch (SEC) says "acting like this is criminal wrongdoing so we will try you in civil court and also tell the Department of Justice", and this is reflected in the social contract that people imagine to be so, but the judicial branch and the constitution doesn't necessarily have a way to agree with the SEC. The jury in the lower trial courts are also hard to convince, because proving intent and proving which law was broken is extremely hard, all while going up against the wealthiest defendants on the planet.

see: Chickenshit Club https://www.nytimes.com/2017/07/05/books/review/the-chickens...

The SEC does no-admit no-deny settlements because of this. The negotiation amounts are very informal between lawyers. So just kickback and relax, emphasis on kickback.

That Ukrainian voluntarily came to clear their name and got tripped up during cross examination. Stay opened up to a perjury charge or advance towards "settling" with the US just like their "perpetual settlement" with Ukranian authorities.

Could be the earning season (the times of the year where every company publishes their financial statements).

My favorite part is when the Ukrainian officials start their own version of the plot instead of prosecuting. Something to be said about intellectual honesty.

Not surprised a bit. Usually the reason crime is flourishing in those parts is because there is protection from withing the judicial and executive branches of the government. The police and judges are often part of, if not the ones running many of the crime rings.

There is also the part where the Ukrainians then went on to blackmail Ieremenko, threatened to extradite him and asked him for a bribe. He paid up. Of course the go-between guy doubled the blackmail price (think big, right?), got his 50% share then forwarded the rest to the intel agency. And then Ieremenko realizes he couldn't be extradited anyway because Ukraine doesn't do that with its citizens! The article then says "the pair fell out when Ieremenko discovered he had been duped". I am surprised they hadn't had a boating accident of some sort, or fell on a knife, backwards a few times.

> in those parts

Not an Ukranian, but boy, does that horse look high!

Given the string of banking frauds, rating frauds, international price fixing, rigging and bailouts back home this kind of sweeping statement about 'these parts' paints a black and white picture that minimizes the 'white' in 'these parts' and the 'black' in other parts.

I didn't qualify or mention anything about US, or say UK. It was about Eastern Europe. "Those parts" meant Easter Europe, sorry for not being more specific.

"banking frauds, rating frauds, international price fixing,"

But since we are comparing things, I'll take banking frauds and price fixing over murder, routine torture, ability to buy your freedom following murder from judges, prosecutors and even DNA lab tester grunts. And by torture I do not mean "we pretended to drop the person on the concrete floor", but putting a gas mask on their head and closing the breathing hole until they are ready to confess.

Did you ever feel bombs going off while sitting at home, feeling seemly safe? I have. I was doing homework after school waiting for my parents to come home and the local mafia was trying to kill a rival bank CEO who didn't submit to their "protection", so they blew up his apartment, including 4 other surrounding apartments.

I was on the other side of the door in a police station and heard people screaming in pain while being tortured. I saw murderers and rapists getting off with a slap of a wrist. Judges who didn't "get in line" disappearing overnight. I'll take price fixing any day over all that.

This was quite frankly astonishing. Given that so much of our pensions and wealth are tied up in the markets, it's astonishing to hear that every Tom, Dick and Pavel is massively invested in destabilising the whole thing. And these are only the guys who got caught! What about the ones who aren't.

Insider trading doesn't "destabilise the whole thing", it actually makes the market converge on correct prices more quickly.

Some people just don't like it because they don't think it's fair.

Insider trading isn't illegal because it's unfair to retail investors--it's illegal because it's unfair to _existing shareholders_ , which is a much more defensible position.

Imagine you're an executive with inside information that you think will make the stock go up. So you buy some stock (from an existing shareholder, obviously), and then the stock goes up. That shareholder rightly will feel stiffed.

Conversely if you sell stock and it goes down, the person you sold it to--now a shareholder to whom you have a fiduciary responsibility--is left holding the bag.

But the person on the other side of the trade would have been on the other side of the trade regardless!

The fact that it's an insider rather than an outsider that they're trading with doesn't make any difference to whether they win or lose.

Can you elaborate on what you'd consider fair? Or do you think it would be acceptable to allow trading on inside information in the current system?

The only fair system I can imagine (fairer than the status quo by my estimation) would be complete transparency updated on a continual basis. But I can imagine it would be difficult to keep that up while making productive business relationships.

Is it "fair" that quant hedge funds have hundreds of PhDs developing algorithms to trade the markets efficiently, or that fundamental hedge funds spend millions on research? While there are a few restrictions around insiders trading, it is very much not the case that fairness in the sense of everyone having equal access to all information is or should be the goal of financial regulation.

Matt Levine has written about this many times, here's one:


I think its fair for people who spend time getting a PhD and refining algorithms to have an edge. What is the argument for why it is not fair?

My point is that in the markets, like in sports, a "fair contest" does not mean that both parties are equally likely to be successful. "Fairness" means that the rules were followed. Right now a PhD with a model is allowed to use his information advantage if he's trading against someone less informed, but an insider to the company is not. It may be the case that insider trading laws as they currently exist are good and help financial markets work better, but if that's true it's not because no one with an information advantage should be allowed to trade.

For this reason I believe insider trading should be legal. It's already widespread and difficult/impossible to police. Keeping it illegal gives retail investors a false sense of security when in reality this is how the vast majority of hedge funds/sophisticated market players are making their money.

Duh! Sergei Ivanovich, we know what you're doing. But because we know your father (or 4th degree uncle) let's just split it and we'll just forget it.

Russia is successful against CIA because the Russian mafia does its dirty work...go kill /threaten /maim these 5 people and you have a "get out of jail free card" on x,y, and z that you did.

>Russia is successful against CIA because the Russian mafia does its dirty work...go kill /threaten /maim these 5 people and you have a "get out of jail free card" on x,y, and z that you did.

Nothing sound more ultimately true about the whole situation that this.

Current Russian mafia is former KGB.

Current Russian mafia is FSB

The SEC complaint from 2015 is also a fun read: http://www.sec.gov/litigation/complaints/2015/comp-pr2015-16...

I knew Igor a few months before his arrest. He worked as a general contractor for renovating houses. I was told he was on the cheaper end for contractors, but I was surprised to see him driving an Audi/ sports car when my previous contractor had a beat up ford.

... in your newswire database.

"GE To Declare Bankruptcy", "Lockheed Sold to Chinese", etc. Sit back and watch idiots buy fake info and lose billions.

Somewhat related. I wonder how often someone would plant false information that would cause a panic sell-off, then buy on the dip, before everyone realise that it was a lie? It's like the opposite of inside information. (Does this particular scheme have a name?)

* Edit:

A quick googling suggests this is fairly prevalent. Must be keeping the SEC busy.

A recent one is Musk going "I'm thinking of making Tesla private at $420 per share" - regardless of whether he's going through with it or not, it bumped the price of Tesla stock up by 10%, and people made a lot of money off of that.

Part of the plot of the Count of Monte Cristo

sounds like honeypot

This is actually the quasi-solution to a lot of problems. e.g. If you've got a database full of your employee's info, populate it with made-up info for a bunch of fake employees. When you use the database, use some secret method to distinguish which employees are real (maybe the sum of their employee ID number and birthdate is divisible by 197). If you ever get hacked and the database is stolen, good luck to the hackers selling a database where 99.5% of the info is fake. If you're a defense contractor, add a bunch of made-up project files for fake programs, complete with plans, designs, drawings, etc. If a foreign government manages to break in and steal them, they'll still have to try to figure out what's real and what's fake. For press releases, it's a lot simpler. You compose the press release and pre-upload it for release after an embargo date. But the salient details are obfuscated. "Our net income for this quarter were [ $1 million dollars | $100,000 | a loss of $500,000 ]." "We will be [ constructing a new facility in Phoenix, AZ | purchasing and renovating a facility in Boise, ID | demolishing our warehouse in Denver, CO ]" etc. When the embargo is up, instead of just automatically releasing the pre-prepared press release, you simply edit out the fake info then give the OK to release it. Security through obscurity isn't true protection. But it can make the thieves' jobs a lot harder.

Yes, it's the good ole "trap street". Works for combating scrapers too.

So did anyone studied SEC insider trading convictions and then went back to trading records to train AI/DL networks to learn to detect insider trading patterns in close-to-real time?

Not gonna say its not possible... but its going to be very very hard. Only looking at market data is insufficient to determine whether there was insider trading. You need to know who was trading (the markets are anonymous) and many times insiders will direct their friends and family to trade for them... so you might need to plug a social network into your AI to filter out the false positives from using market data alone.

"The logic being that the early trades were made on the basis of someone else’s insider information"

This was one guy's defense. I love this - partly because so much of trading and investing is what I call "self fulfilling". There's only a trade to be done because other people are doing a trade.

They are dumb criminals and smart criminals. A certain amount of respect goes to these guys...and this is FU money we're talking about

Why do we keep a newswire database that stores these things before being published? Why don't companies and officials not hold on to these documents themselves?

You could say newswire are better at protecting, but the companies who write the press releases will likely have a copy stores both before and after it enters newswire

If you are a registered company (like any publicly listed company in the USA) you need to release important information to as many people as possible in a timely manner. Newswire makes sense since it goes out to 1000s of newspapers and websites. It also makes sense to queue it up before release. Otherwise, that would give people listening to your earnings conference call or checking the EDGAR filings an unfair advantage over more accessible resources.

I wonder why these people were so careless about keeping their meatspace identities private.

"we won't get caught"

Yeah, I suppose. And probably because "we're in [some former Soviet block country] where we can do as we like, as long as we don't mess with our countrymen".

> profits made public by the SEC stands at over $100 million, but that represents only a fraction of the money authorities believe was made

I wonder, if they gained this much, who lost this much? Or nobody lost?

Everyone who didn't have this information and invested in the same stocks lost.

EDIT: "invested" here could mean purchased the stock, held the stock, or even sold the stock without the information. Depends on the information (e.g., is it good or bad news?).

This has come up on freakanomics or planet money, but I can't find the episode.

Anyone else find this bit kinda creepy?

> The Dubovoys used the same brokerage accounts repeatedly, and they owned some of them directly or through immediate family members with shared surnames. Their association could also be easily confirmed through the fact that they were part of the same church community.

Is there a database out there where you can search "SELECT * FROM PEOPLE WHERE communities INCLUDES (SELECT communities WHERE lastName = "Dubovoys");" If you know what I mean.

Funny they should have caught them on Dendreon trading. Main takeaway ... if you’re going to do insider trading make sure you are really on the inside. (ie. Wall St and US govt)

I don't understand that the press release center couldn't be definitely secured once the problem was known.

When GCHQ hacked the Belgacom servers they had a real hard time discovering and getting rid of the backdoors.

So a Borg is in charge of the US Cyber Consequences Unit. Resistance is futile?

Applications are open for YC Winter 2023

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact