Hacking ring accused of making $100M on stolen news releases

NEWARK, N.J. (AP) — 

The most serious charges in the indictment, wire fraud and securities fraud, carry up to 20 years in prison.

The SEC lawsuit named 17 individuals and 15 companies in the U.S. and abroad, in such places as Russia, France, Malta and Cyprus. The agency is seeking unspecified fines and restitution against the 32 defendants.

Associated Press writers Bree Fowler and Joseph Pisani, in New York, and AP Business Writer Marcy Gordon, in Washington, contributed to this story.

In late October 2013, Panera Bread Co., the national chain of restaurants that specializes in healthy soups and baked goods, prepared a news release to announce it was adjusting its earnings expectations downward for the recently begun fourth quart

Hackers stole secrets for up to $100 million insider-trading profit: U.S Reuters

The Latest: Civil charges added in trading hacking plot Associated Press

US busts hacking/insider trading ring AFP

The Latest: NYC indictment unsealed in trading hacking plot Associated Press

Hackers find a new way to beat the market Yahoo Finance

The release undoubtedly was one of many sent by publicly traded companies to business news services for publication.

 

This one was different, though. As an unsuspecting investing public awaited the announcement, federal authorities say a group comprising computer hackers and stock traders already had seen the release in the computer system of Marketwired, the Toronto business newswire.

Using the crucial information in the release, the group allegedly made $17 million worth of trades and orders betting Panera's stock would lose value once the news went public. They were correct, and for their efforts walked away with nearly $1 million in profit, according to a criminal indictment unsealed Tuesday against nine people in the U.S. and Ukraine.

The international hacking scheme allegedly raked in $100 million between 2010 and 2015. It is being called the biggest case of its kind ever prosecuted, and one that demonstrated yet another way in which the financial world is vulnerable to cybercrime.

The Securities and Exchange Commission also brought civil charges against the nine plus 23 other people and companies in the U.S. and Europe.

View of the U.S. Security Exchange Commission;

Commissioner of the U.S. Security Exchange Commission Mary Jo White speaks during a news conference  …

The case "illustrates the risks posed for our global markets by today's sophisticated hackers," SEC chief Mary Jo White said. "Today's international case is unprecedented in terms of the scope of the hacking at issue, the number of traders involved, the number of securities unlawfully traded and the amount of profits generated."

The nine people indicted include two people described as Ukrainian computer hackers and six stock traders. Prosecutors said the defendants made $30 million from their part of the scheme.

Authorities said that beginning in 2010 and continuing as recently as May, they gained access to more than 150,000 press releases that were about to be issued by Marketwired; PR Newswire in New York; and Business Wire of San Francisco. The press releases contained earnings figures and other corporate information.

The defendants then used roughly 800 of those news releases to make trades before the information came out, exploiting a time gap ranging from hours to three days, prosecutors said.

Perhaps even more alarming was the assertion by prosecutors that much of the group's ability to illegally tap into the news services' computer systems came via "phishing," a well-known practice in which hackers send an email with a seemingly innocuous link that, if clicked on, can eventually lead to the divulging of the user's login and password information.

United States Secretary of Homeland Security Jeh Johnson, right, speaks during a news conference in  …