EDGAR, or Electronic Data Gathering, Analysis, and Retrieval, is an online filing system wherein companies submit their financial filings. The system processes around 1.7 million electronic filings per year.
EDGAR lists millions of filings on corporate disclosures—ranging from annual and quarterly earnings report to sensitive and confidential information on mergers and acquisitions, which could be used for insider-trading or even manipulating U.S. equity markets.
The two Ukrainian hackers, Artem Radchenko and Oleksandr Ieremenko (27-years-old), hacked EDGAR system to extract such sensitive non-public reports of publicly traded companies and sold that information to different groups of traders.
According to an indictment [PDF] unsealed on Tuesday, among the two hackers, 6 other individual traders in California, Ukraine, and Russia have also been charged for using the stolen information to make stock trades worth over $4.1 million between 2016 and 2017.
“The traders compensated the hackers, including Ieremenko, for the information by either paying regular fees for access to the hacked press releases or by kicking back a portion of their trading profits,” the indictment reads.
According to the prosecutors, the hackers allegedly sent phishing emails to SEC employees to gain access to agency’s network and then infected some of its computers with a malicious program that automatically extracts documents.
The scheme extracted “test filings” that companies submitted to EDGAR hours or even days before actual filings that were intended to be made public.
“In some instances, these test filings included submissions by public companies that contained earnings results and other material information that the companies had not yet released to the public,” the indictment reads.
“The hacked material nonpublic information was then transmitted to traders who, in connection with approximately 157 earnings announcements, used it to place profitable securities trades before the information was made public.”
In one example, the defendants extracted a report 8 minutes after it appeared in SEC servers—but before it was made public—which was then used to ultimately made illegal profits of approximately $307,000 by short-selling trades within roughly 35 minutes after the information went public.
Ieremenko, who remains at large in Ukraine, had also previously been charged in 2015 over the theft of over 100,000 unpublished press releases from PRNewswire, Business Wire, and West Corp’s Marketwired in order to make profitable trades.
A federal grand jury in New Jersey charged Ieremenko and Radchenko with 16 counts of hacking- and fraud-related charges and aimed to seize all ill-gotten property tied to the alleged conspiracy.