The $30 Million Stock Market Hack Darknet Diaries Ep. 123: Newswires

the stock market this is where you can go buy part of a company and hope the value of that company goes up so your part is worth more but it's a big risk predicting the future is hard even the most educated and well-researched people who spend their whole life focusing on finance get it wrong a large part of the time some think they have it all figured out though like gordon gekko in the 1987 film wall street here's a clip from the film public's out there throwing darts in a board sport i don't throw darts at a board i bet on sure things read sun tzu the art of war every battle is won before it's ever fought think about it not as smart as i thought you were buddy boy you ever wonder why fun managers can't beat the s p 500 because they're sheep and sheep get slaughtered so what was gordon gekko's secrets so that his stock bets were a sure thing well he was investing using insider information information that wasn't yet available to the public knowing what a company is about to do or announce gave him a big edge that made him a lot of money these are true stories from the dark side of the internet i'm jack resider this is darknet diaries [Music] insider trading is an age-old concept it's been going on for years and it's the bug bear of the stock market this is people getting their hands on the kind of information that trades can be based on to make more money but it's information they shouldn't have this is financial data or corporate secrets obtained by deceptive or illegal means yeah that gives them a distinct unfair advantage over other traders but that's exactly the problem it's not a fair way to trade and it undermines the entire stock market system as gordon gekko famously said in the film wall street the most valuable commodity i know of is information wouldn't you agree what stock market traders aim to do is predict the future if they can buy a stock that goes up in value they will make money sometimes a lot of money but that's the hard part predicting the future so forecasts of a company's profits uh sales overheads analysts reports or market shares these could all be indicators of what may happen in the future so they're all very important to traders and typically a company will put these numbers together then publish them publicly for everyone to see but sometimes when a company publishes a report it makes their stock change wildly [Music] so what if you could see what these internal reports look like before they got published to the public if you're a stock trader and you've got some privileged inside information that your fellow traders don't have well that puts you significantly ahead of the game think about it if you knew that company has far exceeded its quarterly growth that would likely translate to a rise in the stock price as soon as that information became public so if you knew this before everyone else could you use that to your advantage well hell yeah you could you could buy that stock and wait for the announcement and watch your net worth rise then sell it to make a good profit if you had this sort of advanced information it would almost surely mean you could make a fortune in the stock market and it works the other way too if you know a stock is going to go down you can short sell that stock to make a profit if it goes down and that works very well but if you had access to early information like this and used it to make a profit well that's illegal because trading based on inside information is illegal if you get insider information you shouldn't be able to profit from it this makes the market fair for everyone but this doesn't stop people from trying it i bet a lot of people would love to get insider information on how a company is performing before the public knows but the problem is how do you get that insider information in the first place the obvious answer is an employee inside the company they might have this information and use it to make some sort of trade or tell a friend to make a trade it's non-public information like the company is about to merge or they've made insane growths or profits whatever it might be the point is they trade on the back of that information putting them ahead of the game so the insider could try to profit off of what they know or sometimes they could just tell a friend or family member about something going on in the company and they take that information and invest in the stock a family member could make a bunch of money from a casual thing said during thanksgiving dinner or something now an international airport doesn't sound like a great place for an important business meeting there are a lot of people and a lot of noise but i bet there is a lot of business done in airports back in early 2011 atlanta airport was the scene of one of these meetings although to be honest what we're discussing wasn't exactly legal so maybe the airport wasn't the best place to have a meeting like this hartsford jackson atlanta international airport is the busiest airport in the world it's huge i think it has like 100 million people fly through it every year which is like 300 000 people a day crazy numbers but the meeting going on there that day in early 2011 was a carefully timed on-the-hop business meeting arranged by a guy named arkady dubavoy now arkady was a stockbroker from ukraine he's part of a big family who was into stock uh big business deals and real estate and he basically had a lot of money arkady moved to the u.s somewhere in the 1990s and was living in the state of georgia according to research by investigative journalist isabel koshu who dug deep into the story for the verge arcadey owned an ice cream factory in the city of odessa in ukraine but he had settled in a home in alfreda georgia which is just 34 miles away from the atlanta airport his business partner was alexander garcia he was born in russia but had lived in the u.s most of his life and holds a u.s citizenship now the two of them arcade and alexander set up a design and building company in 1997 called apd developers inc they registered it in the state of georgia with the two of them as directors they mainly built family homes and according to records available online they were generating revenue of over one million dollars a year so they were doing okay as real estate developers the guy they had arranged to meet at the airport was vitaly korchevsky he was a hedge fund manager for wall street and a good one vitaly spent most of his time focusing on the stock market and had been doing that for years and years so he was pretty experienced when it comes to the stock market vitaly worked for morgan stanley as a portfolio manager and at one point was given the title of vice president transport yourself inside an investment bank for a second after you're an analyst you then become an associate and the next run up the ladder from that is vice president and there are two more after that senior vice president and managing director vitaly was one of morgan stanley's vice presidents so it's safe to say vitaly knew what he was doing when it came to stock investments and trading and managing stock portfolios he would be in the position to know how the market would react to certain kinds of information vitelli had used his experience to set up his own hedge fund called nts capital fund lp based in the city of glen mills where he lived in pennsylvania on his 2012 sec filing paperwork it was described as a pooled investment fund and a hedge fund that would accept minimum investments from outside investors of 500 million dollars which is quite a big minimum now vitali had a second life outside of his corporate banking on wall street he was a slavic evangelist baptist pastor he had his own church in brookhaven pennsylvania called the slavic evangelical baptist church and he had a congregation loyal to his church and he was the pastor he was also the chairman of the associate of the slavic baptist churches usa and had been since 2003 vitali it seemed was a busy multifaceted guy that many looked up to for advice and support both financially and spiritually so now you understand more about arcadey alexander and vitali which were the three guys that were meeting in this atlanta airport vitaly was passing through waiting for a connecting flight so his time was a little limited somewhere in amongst the monster airport it's two huge terminals and five concourses the three of them sat down for a chat now it was pavel arkady's brother back in ukraine who actually arranged this meeting he made the introductions and made it happen and you can think of pavel as a kind of middleman and all this he's going to pop up a lot in this story so arkady sits down with vitaly and says that he has a foolproof way to get his hands on top level insider financial information on big u.s

companies before anyone else knows about it he was talking about having access to the kind of information that would enable an experienced stock trader to make big trades on that company's stock for insane profits and pretty much never lose money it can be done multiple times with multiple different companies keeping it all under the radar and untrackable it was an insider trading scheme that he was touting to vitali but it was insider trading with a difference the insider wasn't a disgruntled employee or a senior executive spilling secrets to make some money on the side no arcadey had something far bigger than that arcadey had a solid reliable stream of information coming to him which was insider information on dozens of u s companies he was claiming he had access to their financial reports well before the public could see them vitaly was paying attention he knew exactly what to do with early access to financial reports like this and he understood that this could mean he could make a lot of money here's one more clip from the movie wall street i don't know where you get your information done but i don't like it the main thing about money bud makes you do things you don't want to do but how was arkady able to get all this information ahead of the public well arkady's secret was hacking he had a guy who was in his twenties from ukraine called ivan turchniov now he lived in kiev ukraine's capital the largest city and specifically in a posh area of town there's an area there called conchazaspa it's smart expensive and in an area that you'll find top politicians along with some former presidents living the homes there go on sale between three and five million dollars with a river and woodlands on one side and huge gated properties with tens of acres of land on all sides i mean this is an elite area of ukraine and this is where ivan the hacker of this story lived according to the verge he seemed to have a lot of cash and liked to show it off clocks were his particular favorite gold clocks to be more exact and he had scores of them he also had a standard luxury car and a busy social life and nightlife and he loved to flaunt his wealth and show it all off so when you combine arcade's wealth and business sense with vitali's stock market knowledge and ivan's hacking skills and all of them aren't afraid to do illegal things to make more money and you start to get quite a spicy recipe now ivan the hacker had been working with rkd to try to find something that they could do to make more money they were both seeing that when a company publishes a financial report it makes that company's stock swing around so they wondered if there was a way to get those reports ahead of everyone else and that's when they started looking into the world of news wires so this is how news wires work all companies that are trading publicly on the stock exchange are required by the security exchange commission the sec to publicize their financial statements regularly these are reports that pop up every few months and the reports tell investors how the company is performing what their cash flow is the revenue their debts and they usually include some income statements and cash flow statements and finance and profitability ratios boring stuff to most of us but to the right people these little bits of information will translate into millions of dollars in profits or losses in the stock market these companies all need a way of publicizing these reports i mean they have to do it by law they need to tell their investors how they're doing and they need a way to tell everyone at the same time no favorites allowed here everyone needs to be able to access it at the same time or else the company can get in trouble for providing insider information sure they can stick this item on their company website somewhere or do a mass email shots and some of them do just that but many major u.s companies use the services of newswires newswire agencies specialize in distributing financial reports and other news that a company needs to relay to its shareholders and they have networks in place already that can get a press release out to the world at a push of a button for companies this is a quick and convenient way to just make the whole process easier this kind of financial information for big corporate companies can have big impacts on their investors and their stock prices so it's common that they put it together in a press release and send it to a newswire who will then publish it publicly when it's time and a lot of these reports get published just after the market closes on a particular day because they know this information could then just flow out overnight and hit the stock market floor in the morning tried and tested this is the usual flow of how these things work now the top three financial newswire distributors in 2010 were business wire pr newswire and market wire these companies have been around for a while too business wire was founded in 1961 and they've got their headquarters in san francisco pr newswire was founded in 1954 and it's headquartered in chicago now that one was originally run entirely by herbert muscle out of his new york city home and that was before computers and the internet and the ability to send out information electronically instead he used teleprinters to get information out to news outlets in new york but now we are all digital and networked so these newswires all compete with each other to try to get the big company's business it's all very competitive and it means each of them have to have a good selection of companies as clients so when they get a press release they upload it to their servers where it sits under wraps until the agreed upon time and date when it should be released to the public and then it gets published it's all very straightforward but are you seeing the problem yet financial reports for major businesses all sent to the same three places and staged on a server until it's the right time to publish them yeah i think you know where this is going in february 2010 ivan the hacker in ukraine set his sights on market wire he knew somewhere in market wire they must be storing these press releases before they're being published publicly and he wanted to find where they were he scanned the website looking for a vulnerability and found the website was vulnerable to sql injection attacks so um this is where when you fill out any kind of text box or form on a website the data you typed in make it sent to the sql database which is where all the information is stored on the website so like maybe it's a search field and maybe you're on the site searching for press releases for some company okay so when you hit search whatever you typed in that could be sent to the database directly to search it for any hits i mean the site has to know that you're looking for something and has to ask the database if that's something you're looking for is there right but what if instead of typing in some company name to search for instead you just put in all kinds of funky characters that screws up the search and tells the database to do something else altogether like just give me everything in the database not just what i search for this is the kind of behavior i even was trying to get the market wire website to do i even relentlessly attacked marketwire's website trying many different inputs to try to get something valuable back from the database that he could use he spent months on this submitting hundreds and hundreds of form fields all trying to do sql injection over time he got it working and i'm not exactly sure what steps he took here but over the course of five months and 390 sql injections later he found a way into where the unreleased press releases were stored and he scooped up 900 of them then in july 2010 he added pr newswire to his target list this website used the php language to render the page and he was able to exploit this php code that was on the website to gain access to their servers and went to look around he left a php script there that would give him backdoor access to this place so he could just go back in whenever he pleased and look around in pr newswire's network and of course as he looked around there he found exactly where the unreleased press releases were stored in this network ivan knew of the other news agency too business wire of course he wanted to find a way into this one too but he was having a hard time with it we do know that business wire employees received a rash of phishing emails during this time maybe that was ivan trying to trick an employee to install some malware or steal their credentials it does seem like ivan eventually got a user database to the site somehow which gave him usernames and hashed passwords and from there he had to run the hashes through a cracking tool to try to get the password and eventually he was able to brute force his way into business wire this way and once inside he started grabbing dozens of non-public press releases so ivan had successfully broken into all three of the leading newswire agencies and siphoned off copies of press releases before they were published publicly he then sent them directly to arkady and alexander and he's just emailing them over bulk attachments like 70 80 90 press releases at a time and bear in mind this all had to be done in a very short time frame the press releases were often uploaded to these newswires just a few hours before they were due to go public so in that time window is when this scheme had to work the hackers needed to steal the press release and then pass it to the traders and then the traders had to look through these press releases to see if there was anything valuable in there and then decide if they needed to make trades and move themselves into the right positions i imagine it was a frantic sort of operation a lot to do in a short time and then ivan is sending them dozens of press releases at a time so they're having to make sense of a lot of information fast because at any minute that's going to be public and the market may move and they may miss their chance then you have to plan your exit how long do you wait for the market to adjust before you hop out a few hours maybe there's a lot going on for these guys to do and it's no wonder that they wanted to bring vitali into the fold to take a portion of this work and make some money for them too they simply couldn't do it all on their own ivan the hacker was feeling this process was getting tedious having to go in grab press releases download them and email them to the other guys that's a lot of steps that he was doing over and over and over throughout the day so ivan came up with a better way he set up a dedicated web server every time he accessed the new press releases and grabbed them he'd upload them to his server and he had it locked down with a username and password and he gave these credentials to the traders who were involved in the scheme now the traders could log in and just pick off the press releases that they liked the best and it made the process a little bit more automated and easier for the traders to parse the information and easier for ivan too these traders weren't necessarily computer savvy with this sort of thing so i even had to make a little how-to video demo that showed them how to access the press releases on the server and pavel which is arcadey's brother was who took the video and shared it with the traders and he also used this video as a way to persuade other traders to join the fold now ivan also shared tips too on how to use a proxy and a vpn to hide the ip addresses so people would cover their tracks properly in november 2010 powell shared this demo video with arkady who used it in negotiations with vitale it was that demonstration that tipped the balance for vitali seeing for himself in black and white the information that would be available to him if he joined he knew exactly what he could do with that information and that was just too attractive for him to turn down vitale korchevsky hedge fund manager and baptist pastor was in i feel like i've been talking for a while so i'm gonna take a little break here and get a drink of water but i'll be back in a minute to tell you the rest of the story while arcadey was busy expanding this little scheme of his the sec was really revving up at the start of 2010 they were creating new divisions and departments one of the units was called the market abuse unit and it would focus on cases of insider trading the sec is a law enforcement agency which looks for signs of market manipulation with headquarters in washington dc they have between three thousand and four thousand staff across the board and they have to work real hard to unravel some of these illegal trading schemes and gather the evidence that they need to take them down sec is out there looking for people doing schemes exactly like what arcade was doing but it's really hard with all the money that gets transferred every day in and out of the stock market but the sec has a secret weapon called artemis which stands for advanced relational trading enforcement's metrics investigation system what a mouthful that is so this is like an enormous database system that holds trade records from across the sector and it uses mathematical algorithms and advanced analytics to analyze and rank the trades depending on what the sec is looking for it's a powerful tool and is capable of spotting trading patterns that the human eye or brain just can't do in the past the sec was kind of a reactive force when it came to insider trading they'd be informed of an incident or suspicions and then start their investigation sometimes when there was significant news about securities involving a company they would investigate if suspicions were raised looking for trading activity that might have taken place on the back of it but while criminals are using technology to hack into places in order to do insider trading the sec is also using advanced technology to try to detect those illegal trades their tools give them the ability to parse and examine every single trade to try to find indicators of suspicious behavior and their tool was seeing something suspicious with these trades in january 2011 ivan lost his backdoor access into pr newswire the newswire didn't know they had been hacked into no no they just changed their infrastructure and in that process they removed the system where his back door was implanted on so access denied for him it was going to take him a while to find another way in but in the meantime he was just focusing on stealing press releases from market wire instead ensuring the steady flow of releases still got to traders because if the traders didn't get the information and he wasn't going to get paid ivan gave the traders his bank account details which were accounts in estonia and macau and this is where he wanted his cut of the profits paid into now as far as i can work out ivan was raking in somewhere between 40 and 50 of the profits from the trades made using the information in the press releases he stole which i guess is fair without this insider information that he's producing the traders would have nothing to work with so his role was crucial in this whole scheme by july he got back inside pr newswire and again he installed some code on their servers so he could just hop back in whenever he needed great but that was also the month that this group started to inadvertently leave breadcrumbs behind them crumbs that would eventually be noticed and followed at some point one of these brokerage accounts they used to trade with became on the us authority's watch list my guess is that it was sec that identified a trading account looked suspicious and to keep an eye on it well for some reason it was ivan the hacker that logged into that brokerage account to check on things investigators took note of his ip address for later and it was later that they saw this same ip log into marketwire and pr newswire to download press releases this would prove to be a crucial link that would connect a hacker with the traders by this point the scheme was running very well and this group was making a lot of money um take the dendrion corp stock for an example so this is a big biotech and pharmaceutical company uh based out of seattle and on august 3rd 2011 pr newswire uploaded a press release for dendreon onto their server at 3 34 pm at 401 pm less than a half hour later and one minute after the stock market shut down for the day the press release was made public as dendreon wanted but four minutes before it went public at 3 56 pastor vitaly suddenly purchased 1 100 put options of dendrion corp as soon as the press release became public the stock price rose and the following day vitale sold all 1100 options and made a clear profit of more than 2.3 million dollars yes million in less than 24 hours across this period there were more than four direct contacts between vitali and arcadie which lends us to believe that these trades were conducted using insider information in the middle of october they were added again this time the target company was caterpillar inc you know this company they're massive they make construction and mining equipment big turbine engines and natural gas engines and they've been doing it for almost 100 years and they make boots too so caterpillar used pr newswire when they had a press release ready to go out to the public they'd send it along with the date and time for it to be released and pr newswire would upload it onto the server so it was all ready to go and that's exactly what they did on october 21st 2011. the release said that the company's profit after tax for its third quarter was up 27 compared to 2010. that's great news for the company and its investors and it was supposed to go public three days after it was uploaded but not long after it was uploaded the traders began to pounce suddenly shares of caterpillar were bought in multiple brokerage accounts worth 5.9 million dollars that was about 3 800 shares in the company and if you dig a little deeper you find that they purchased them through edg x using a brokerage account registered to arcity when the press release went public on october 24th as planned the price of the stock and caterpillar inc shot up exactly as the traders thought it would on that very same day the traders sold their shares and made a profit of more than 648 thousand dollars the group didn't stop there on january 25th 2012 caterpillar gave another press release to newswire and this one said the company's profits were up 36 from the year before and just like what happened three months earlier after this press release was uploaded to pr newswire the traders appeared and began to move caterpillar stock this time they purchased around 600 shares which was about 8.3 million dollars and the

brokerage account they used was an account that was registered to arcadey while all this was going on away from prying eyes there was some serious unrest going on in the front of house of these news wires in the very same month the arcade was making these insider trades on caterpillar for millions of dollars market wired filed a 25 million lawsuit against pr newswire they were blaming their rival for poaching their staff the concern was that they were trying to get their hands on confidential information and trade secrets from inside the company a senior staff member at market wire their chief technology officer had left and started working for pr newswire and a couple of the staff followed and joined him so everything was not rosy between these two newswires but while they were battling it out in court they didn't know at the very same time ivan was rummaging around in their servers stealing extremely sensitive information forget about staff breaching confidentiality they should have been focusing on securing their networks better i don't think anything actually came of this lawsuit and the two companies just ended up being disgruntled at each other it was just a weird time for them to be focused on this which might be a reason why they didn't spot intruders lurking about in their servers so this scheme was becoming a pretty well oiled machine of securities fraud two distinct skill sets coming together to make millions of dollars hack into companies and steal press releases and then make trades based on that information with each new press release it was a potential big payday for them and with so many press releases it was just rinse and repeat and reap the rewards ivan didn't know who arkady was hiring to do the trades at least i don't think he knew and i'm fairly certain the traders didn't know who the hackers were either and there was this layer in between middlemen if you will there to act as a messenger and go between like pavel which is arkady's brother they were the fire break that stopped prying eyes or investigative hands from finding direct links between the hacker group and the trading group at least they were supposed to be by the time 2012 rolled around ivan had been sailing along in a real comfy position now ivan is a bit flashy with his gold clocks nice cars and big house as i mentioned before and earlier that year he was in a club in kiev and decided to brag to some of his friends about this amazing scam that he's been pulling on for years but this was a mistake don't get drunk and tell people about your very profitable hacking scheme one of these friends of his was alexander irmenko he was in his 20s similar age to ivan and they worked together in the past so olek thinks this gig sounded pretty cool and wanted to get in but instead of asking nicely to be let in he decided to double cross ivan or maybe he asked ivan nicely but ivan said no i don't know now according to the verge it sounds like olek called his friend vadem and together they figured out what this whole scheme was and they wanted in they hacked into one of the news wires themselves and cut ivan's access off they just chucked him out and sat in there themselves so this newswire was completely unaware that they've been hacked twice now by competing hackers with one hacker being locked out and a new set of hackers being put into place ivan had a big problem he lost access to a big source of these very valuable press releases and worse his own friends were sitting there instead he tells his middlemen who deal directly with the traders what happened and safe to say that no one on that side was pleased to hear this so a new deal got made olek invadim's little takeover stunt worked and they both got brought into the fold the traders were happy again the more hackers means the more press releases and the more chances to make money i even though was not so happy about this change now he had to split his share with these other two compared to just having it all for himself he wasn't the sole hacker anymore and that means a big hit on his profits while ivan's distracted by his friends hustling in on this scam he didn't notice some attention starting to come his way from the us authorities and it was a sign of what was to come now newswires are the same as any other company they take their network security seriously and regularly do audits and checks to make sure that their systems are secure and sometimes they find something maybe permissions were too relaxed on some system or things weren't locked down like they should but whatever security they had in place it wasn't enough to stop this crew or detect them once they got in but in march of 2012 the fbi told pr newswire that they've been breached and this is how they first heard their systems were compromised the fbi somehow saw this was happening before pr newswire even knew it was going on according to the verge pr newswire then called in a security firm called stras friedberg to investigate what was going on in their networks and during that examination they found ivan's back door and they saw how he was stealing press releases the tech guys obviously removed it and cut ivan's access off and after some panicked emails to ivan's middlemen it was olek who managed to get code back into the systems and restore their access into pr newswire so they could continue but unbeknownst to them the authorities were now on to ivan and they had him firmly in their sights working in tandem with the us ukrainian intelligence services put surveillance on ivan what triggered them initially to find him exactly i don't know but by watching ivan they found out pretty quick who his friends were and eight months later with the help of the fbi and the u.s secret service nine properties and kiev were raided both ivan and olek's laptops were seized in the raids and these were the laptops the two hackers were using to access the newswire systems there were hundreds of stolen press releases on them and reams of online chat logs which gave the feds clear insight into the whole operation a big success you would think but then it all went silent like eerily quiet nothing happened at all for a while there was evidence that they had identified culprits but nothing went any further you see ukraine has laws in place that prohibit extraditing their own citizens to another country under the constitution of ukraine citizens are guaranteed care and protection so ivan and olek were at least for the moment safe from us authorities and they knew it so they did what all money hungry hackers do they carry on with the scheme [Music] hackers know the value of information yeah there's different motives for when people hack stuff and different targets but really most of it is about information who has it who wants it and how much can it be sold for financial business or personal data is ridiculously sellable and the more value it is to the buyer the more profit it will be to sell the longer the scam was running the more confident everybody got but the hackers were not traders they didn't follow the stock markets they didn't know which press releases were necessarily more valuable or useful than the others in 2012 a group of traders involved in the scam had expanded a new guy was brought on the team his name was leonid mobotek leonid was a stock trader friend of arcades and worked in construction for his day job and they went to church together he was 46 years old and lived in suwanee which is in georgia in the u.s a pretty city about 30 miles away from atlanta arkady introduced him to the scam and he opened up a set of brokerage accounts with td ameritrade and he started trading on the stolen press release information the traders eventually got into a groove they knew which companies used which newswire agencies and when upcoming press releases were going to be released so they started requesting which press releases they wanted early access to it was like an order system on october 8th 2013 pavel sent his brother arkady a spreadsheet of 18 companies due to announced press releases arcude sent it to his business partner alexander across the rest of october vitaly arkady and leonid all made large trades on six of these companies right before the releases were published now the traders were sending the hackers their shopping list of press releases in october 2013 a company called align technologies sent their press release to market wired i guess market wired changed their name from market wire to market wired just to be confusing but for align tech stock in that 15 hour window between when the press release was uploaded to when it was made public arcadey had purchased 91 000 shares two hours after arkady's trades vitale pops up and buys 95 000 shares and after that press release went live to the public the pair unloaded their positions and made about 1.4 million dollars in profits this scheme was on fire and seemed to be doing better than ever the traders were making enormous profits on this insider information and the hackers were happily getting paid a percentage cut for every trade everyone was happy now arkady had been in on this from day one and he decided he'd kind of like to expand this a little more and make more money money is attractive right and so i think he was taken in by the allure of all the cash and spending and watching his offshore bank account grow so early to mid 2013 he brings in another traitor to join his group this guy's named vlad and he's a traitor he used to work on wall street that pavel knew and once pavel made the connections he introduces arkady to vlad and vlad had his own trading company in uk but he lived in brooklyn new york and traded on wall street a lot but he has a home in odessa and ukraine vlad really liked this plan and was on board and the deal was done vlad came in on the same plan that vitaliy was in on arkady opened up a brokerage account and funded it and vlad and vitali just did their trades vlad got a percentage cut just as vitaly did and vlad was just another trader in this scheme but i'm not sure if arkady told the hackers about this new trader i mean if the hackers knew there was a new trader here bringing in all kinds of extra money they'd know that they should be getting a cut from those profits so it's possible arkady didn't tell them i'm not sure but for a person who isn't afraid to break a bunch of laws to make more money i wouldn't put it past him that he was keeping some secrets from his own team arkady was ready to bring on even more people but of course it's hard to find people you trust so he turned to his son igor igor helped to move the press releases around and get them to vitali and vlad and i don't think vitaly or vlad knew each other either in fact they may have never even met each other during this whole scheme soon though that would turn completely on its head the morning of tuesday august 15 2015 started as a quiet day for vitali he was at home in his glen hills pennsylvania house when he heard a knock on the door and when he opened it he was greeted by a team of fbi agents with a warrant for his arrest vitaly was handcuffed hands behind his back and led out to awaiting police vehicles and just about 900 miles away in georgia at the exact time two more fbi teams were knocking on other doors arkady and his son were arrested and in the same morning alexander and leonid were also arrested in their homes that morning vadim one of the hackers had already been arrested on completely separate charges of credit card fraud vadim was picked up while he was on holiday in mexico like a year earlier and he had been handed straight over to the u.s authorities when he got arrested within hours new jersey u.s attorney

paul fishman was leading a press conference explaining the day's events here's a clip from that this morning we're here to announce criminal and civil charges in a broad-ranging cutting-edge international scheme at the intersection of hacking and securities fraud for more than five years hackers largely operating in ukraine repeatedly penetrated the networks and servers of market wired pr newswire and business wire over that five-year period using a variety of hacking techniques and tactics including brute force attacks sql injection attacks and fishing those hackers stole well over one hundred thousand confidential news releases before they were distributed two indictments charging a total of nine individuals we allege that the conspirators stole more than a hundred thousand news releases traded ahead of more than 800 releases and made more than 30 million dollars in addition the sec has filed a civil complaint charging those individuals and a host of others with similar trading conduct we also collectively among all of us have seized 17 bank and brokerage accounts so far which we believe contained more than six and a half million dollars we've also collectively seized 15 properties including a houseboat a shopping center and an apartment complex the new jersey indictment charged vitaliy vlad alexander and leonid with five charges of conspiracy to commit wire fraud securities fraud and money laundering conspiracy the new york indictment charged arcidy with 23 more charges of wire and securities fraud aggravated identity theft and money laundering not only did they charge arkiti with all that but they also charged his son igor and his brother pavel with more charges and ivan and olek the hackers involved also were charged with the same 23 charges along with the criminal charges in the two indictments the sec also filed a civil complaint against arkady pavel and igor dubovoy ivan and oleg vlad and vitali and leonid and alexander and that complaint also charged another 23 individuals and companies who had been trading on this stolen information it sounds like those in on the scheme couldn't keep quiet and we're telling others to do some trades too mary jo white the sec chair explained more at the press conference well the sec has uncovered and successfully litigated hacking and trading schemes in the past today's international case is unprecedented in terms of the scope of the hacking at issue the number of traders involved the number of securities unlawfully traded and the amount of the profits generated a total of seven people were arrested that were involved with this scheme and pretty quickly people started admitting to guilty pleas alexander arkady his son igor and leonid all pled guilty but vitali and vlad both stuck with saying they weren't guilty these two traders were trying to say that they had no idea the information they got was stolen or insider information which means they brought this whole case to trial which is great news for me because as a journalist i can now see all the information in this case the evidence the testimony it all went into the public domain over this four week trial vitali had almost 80 members of his church congregation support him during his first court hearing they couldn't believe their pastor could be involved in something as shady and dishonest as this but this was no match for the sec secret service and fbi on the prosecution side they came with piles of evidence showing exactly what vitali traded and when and how they tied him to arcadey prosecutors claimed that vitali made over 15 million dollars from insider trading he conducted they even had logs and evidence collected from the raids in ukraine off of ivan and olek's laptops and they showed how the group changed ip addresses used vpns multiple computers burner phones and offshore accounts to conduct this scheme it was pretty clear that vlad and vitali knew exactly what they were involved with some of the most damning evidence came against the pair from arkady and his son igor they had been arrested in the raids in 2015 and both pled guilty to the charges against him but they started producing evidence against vitali and vlad too which looks to me like they may have done that to look like they're cooperating and maybe reduce jail time the court found vitale and vlad guilty of all charges vitale had to serve five years in prison along with an order to pay 14 million dollars in forfeiture and a 250 000 fine vlad was jailed for four years a year later in 2019 leonid was sentenced by a new york judge to three years of supervised release and was ordered to pay 1.3 million dollars and do 100 hours of community service a month later alexander was sentenced to time served alexander gave evidence against vitalian vlad during the trial which the judge found especially compelling according to a news report alexander cooperated with authorities after he was arrested and aided their investigation into the scheme and how it all worked vadim was the only hacker to be caught by u.s authorities in this scheme he was arrested for credit card fraud through hacking but the feds soon linked him to olek vadem pleaded guilty in may 2016 and took a plea deal he admitted personally to hacking all three of the newswires and stealing employee credentials he also admitted to selling the information he stole a year later he was sentenced to two and a half years in prison with a three-year supervised release to follow he was ordered to pay restitution of just over three million dollars arkady and his son igor from what i can see they're still awaiting sentencing uh after their guilty pleas everything just got delayed because of covid the authorities said that there were a total of 32 people involved with this scheme in some way or another seven got caught and were found guilty that we know of but three key players remain in the wind the hackers ivan and olek and arkady's brother pavel all three are suspected to be in ukraine which is sort of protected from the long arm of the u.s authorities but the us secret service has put a 1 million reward for the capture of olek supposedly after this olek went on to hack into the sec itself and then sold that information he stole to someone else potentially using it to make money on the stock market too ivan and pavel are also on the us secret service list of most wanted fugitives but there is no reward listed for them in the end this scheme seemed to make everyone a profit of over 30 million dollars which is quite an epic run and i find this whole scheme somewhat surprising i just never thought about using hacking to steal financial information to then use to make money on the stock market it's pretty clever and inventive if you ask me it's also fascinating to see how the sec has tools now to detect when people are making huge profits very quickly and are able to do it again and again the average trader doesn't make profits like that so for the sec to spot anomalies in real time that's going to cut down on the ability for anyone else to do this in the future but in the end i think this crew was driven by greed one million dollars wasn't good enough five million dollars wasn't good enough ten million dollars wasn't good enough and of course one newswire agency wasn't good enough neither were two they wanted all three and then they kept expanding their team and making their trades more frequent and at some point you simply can't hide all these tracks and wash all your accounts and phones fast enough and if it feels like you're able to do all this and get away with it then yeah i can see you might get lazy and cut corners on how everything is done so in the end i think it was greed that brought this whole thing crashing down if you like the show you might want to check out the shop i've been working hard at making some pretty cool shirts for you there are over 30 designs now and surely there's one that you would like so head over to shop.darknetdiaries.com and pick up a new shirt this show is made by me the shadow jack reciter this episode was written by fiona guy sound designed by me oh yeah that's right i added the music for this episode editing helped this episode by the devious damien our mixing is done by proximity sound and our theme music is done by the wicked fast break master cylinder a hacker went into a bar and he said give me your strongest link this is dark net diaries [Music] you

2022-09-13 12:00

Other news