US authorities have charged 32 members of an alleged international cybercrime operation that netted millions of dollars by targeting newswire services in order to profit from stock market trading.
The group allegedly hacked into three business newswires - Business Wire, Marketwired and PR Newswire - and stole unpublished press releases that contained non-public financial information that was then used to make stock trades.
The indictments, filed by the US Securities and Exchange Commission (SEC) and the US district court of New Jersey, place the earnings of the scheme between $30m and $100m, and stole up to 150,000 confidential press releases over a five-year period.
The group, said to have been spearheaded by Ukrainians Ivan Turchynov and Oleksandr Ieremenko, targeted corporate earnings announcements, press releases, financial data and product announcements.
Turchynov and Ieremenko are accused of hiding the intrusions using proxy servers to mask their identities and posing as newswire service employees and customers, according to the SEC's complaint.
The SEC charges that Turchynov and Ieremenko created a secret web-based location to transmit the stolen data to traders in Russia, Ukraine, Malta, Cyprus, France and three US states - Georgia, New York and Pennsylvania.
Law enforcement, in connection with the US Financial Fraud Enforcement Task Force, has charged each of the 32 defendants with violating federal antifraud laws.
Five defendants have been charged with wire fraud conspiracy, securities fraud conspiracy, wire fraud, securities fraud and money laundering conspiracy.
Turchynov and Ieremenko are additionally charged with computer fraud conspiracy, computer fraud and aggravated identity theft.
Acting US attorney Kelly Currie explained that the operation showed a high level of criminal cooperation.
"The defendants and their co-conspirators formed an alliance of hackers and securities industry professionals to systematically steal valuable inside information and profit by trading ahead of authorised disclosures to the investing public," he said.
Laura Galante, director of threat intelligence at security firm FireEye, said that the internal workings of the cyber operation are reminiscent of the FIN4 hacking group.
FIN4, as reported last year, stole insider information that was then used to manipulate stock trading.
"Given the information that's been made public, it does not appear to be the same group, but there are similarities," said Galante.
"There's targeting overlap in that these actors seemed to deliberately pursue market-moving information, like FIN4, to benefit financially on the stock trade. Unlike FIN4 it seems this group had a narrower scope in choosing to get their data from a consolidated place.
"FIN4 went after over 100 separate companies. The groups used slightly different tactics, although the indictment isn't super detailed when it comes to technical behaviour. FIN4 seemed to put more effort into social engineering, whereas this group used more typical attacks to get them in the door."
Deal intended to help organisations chip away at their unstructured data
Nvidia takes aim at organisations looking to incorporate AI and VR
Cook told Apple staff in an email that "hate is a cancer"
Galaxy Note 8 will offer IP68 certification, a Samsung Exynos 8895 CPU, 6GB of RAM, 64GB of storage and IP68 certification