Kiev-resident Vadym Iermolovych pleaded guilty to US Department of Justice allegations of breaching Marketwired, PR Newswire and Business Wire with intent to sell corporate confidential financial information to third parties and commit security fraud.
The group was international, with members from the Ukraine and the US. After a series of arrests, the hackers in Ukraine are to be extradited to the US for prosecution, US officials announce.
The 28-year-old hacker and eight accomplices launched elaborate cyber-attacks on PR distribution channels to access financial information such as earnings, gross margins and revenue. To sell the information to the traders, the hackers built a website which came with a “shopping list” and “wish list” for faster assistance. Companies that fell victim to the scheme include Bank of America, Honeywell, Hewlett-Packard and others.
The login credentials of 15 Business Wire employees were also stolen and used by the group to infect the network with malware.
Business Wire CEO Cathy Baron Tamraz says “no one is immune to the highly sophisticated illegal cyber-intrusions that are plaguing every aspect of our society,” Business Wire CEO Cathy Baron Tamraz says.
The investigation revealed the scam lasted from February 2010 to August 2015. During this time, “more than 150,000 press releases” were stolen, federal prosecutors declared. Trading more than 800 confidential press releases, the international hack “allegedly generated approximately $30 million in illegal profits.”
To bring down the hackers and traders, the US Attorney’s Office joined forces with Homeland Security, US Secret Service, FBI, and US Securities Exchange Commission. In August 2015, the US Department of Justice, District of New Jersey, charged the group in Brooklyn, New York, and Newark federal court with a 23-count indictment for “hacking into the newswires and stealing confidential information about companies traded on the NASDAQ and NYSE in what is the largest scheme of its kind ever prosecuted.”