Two Ukrainian men have been charged for their roles in a large-scale, international conspiracy to hack into the Securities and Exchange Commission’s (SEC) computer systems and profit by trading on critical information they stole.

In a 16-count indictment unsealed today in the District of New Jersey, Artem Radchenko, 27, and Oleksandr Ieremenko, 26, both of Kiev, Ukraine, are charged with securities fraud conspiracy, wire fraud conspiracy, computer fraud conspiracy, wire fraud, and computer fraud. The SEC also filed a civil complaint today charging Ieremenko along with several other individuals and entities.

The indictment alleges that Radchenko and Ieremenko hacked into the SEC’s Electronic Data Gathering, Analysis and Retrieval (EDGAR) system and stole thousands of files, including annual and quarterly earnings reports containing confidential, non-public, financial information, which publicly traded companies are required to disclose to the SEC. The defendants and others then profited by selling access to the confidential information in these reports and trading on this stolen information prior to its distribution to the investing public.

“The defendants allegedly orchestrated sophisticated computer intrusions to steal non-public information from the SEC, compromising the integrity of the market and depriving honest investors of a level playing field,” said Assistant Attorney General Benczkowski. “The Department of Justice will aggressively pursue and prosecute those who attack our financial markets and seek to profit unfairly, no matter where such offenders reside.”

“The defendants charged in the indictment announced today engaged in a sophisticated hacking and insider trading scheme to cheat the securities markets and the investing public,” U.S. Attorney Craig Carpenito said. “They targeted the Securities and Exchange Commission with a series of sophisticated and relentless cyber-attacks, stealing thousands of confidential EDGAR filings from the Commission’s servers and then trading on the inside information in those filings before it was known to the market, all at the expense of the average investor.”

“Today’s indictment sends a strong message to those criminals who choose to use the cyber-world to profit from network intrusion,” Mark McKevitt, Special Agent in Charge of the Secret Service Newark Field Office, said. “The Secret Service will continue to aggressively investigate cyber-enabled financial crimes and develop innovative ways to combat emerging cyber threats.”

“This indictment is a testament to the countless hours of hard work and dedication by law enforcement in the fight against cyber criminals,” FBI Special Agent in Charge Gregory W. Ehrie said. “Cybercrime knows no boundaries. Dismantling these operations are possible only by working closely with our partners.”

According to the indictments unsealed today:

From February 2016 to March 2017, Radchenko, Ieremenko, and others conspired to gain unauthorized access to the computer networks of the SEC’s EDGAR system, which is used by publicly traded companies to file required disclosures, such as annual and quarterly earnings reports. These filings contained detailed information about the financial condition and operations of the companies, including their earnings. Such information can, and often does, affect the stock price of the companies when it is made public, and is therefore highly confidential prior to its disclosure to the general public.

The EDGAR system allows companies to make test filings in advance of a public filing. These test filings often contain information that is the same as, or similar to the information in the final filing. The defendants stole thousands of test filings before they were released to the public, and sought to profit from their theft by using the information in the test filings to trade before the investing public learned the information.

To gain access to the SEC’s computer networks, the defendants used a series of targeted cyber-attacks, including directory traversal attacks, phishing attacks, and infecting computers with malware. Once the defendants had access to the test filings on the EDGAR system, they stole them by copying the test filings to servers they controlled. For example, between May 2016 and October 2016, the defendants extracted thousands of test filings from the EDGAR servers to a server they controlled in Lithuania.

Ieremenko was previously charged in a hacking and securities fraud scheme in an indictment in the District of New Jersey. That indictment charged Ieremenko with being part of a large-scale, international conspiracy to hack the computer systems of three newswire organizations and steal press releases containing confidential non-public financial information relating to hundreds of companies traded on the NASDAQ and NYSE from three newswires. The members of the conspiracy profited from the theft by trading on the news ahead of its distribution to the investing public. The indictment unsealed today alleges Ieremenko employed some of the same methods to hack the SEC.

Radchenko recruited to the scheme traders who were provided with the stolen test filings so they could profit by trading on the information before the investing public. Armed with the stolen information, the traders profited by executing various trades in brokerage accounts they controlled. In one instance, a test filing for “Public Company 1” was uploaded to the EDGAR servers at 3:32 p.m. (EDT) on May 19, 2016. Six minutes later, the defendants stole the test filing and uploaded a copy to the Lithuania server. Between 3:42 p.m. and 3:59 p.m., a conspirator purchased approximately $2.4 million worth of shares of Public Company 1. At 4:02 p.m., Public Company 1 released its second quarter earnings report and announced that it expected to deliver record earnings in 2016. Over the next day, the conspirator sold all the acquired shares in Public Company 1 for a profit of more than $270,000.

The wire fraud conspiracy and substantive wire fraud counts with which the defendants are charged carry a maximum potential penalty of 20 years in prison and a $250,000 fine, or twice the gain or loss from the offense. The securities fraud conspiracy, computer fraud conspiracy, and substantive computer fraud counts with which the defendants are charged carry a maximum potential penalty of five years in prison and a $250,000 fine, or twice the gain or loss from the offense.

This case was investigated by the U.S. States Secret Service and special agents of the FBI, with assistance from the SEC’s Market Abuse and Cyber Units and the Justice Department’s Office of International Affairs.

The prosecution is being handled by Trial Attorney Aarash Haghighat of the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS), and by Assistant U.S. Attorney Daniel Shapiro; Chief of the Cybercrimes Unit Justin S. Herring; Attorney-in-Charge, of the U.S. Attorney’s Office in Trenton Nicholas Grippo; and Special Assistant U.S. Attorney Lynn O’Connor.

The charges and allegations contained in the indictment are merely accusations, and the defendants are presumed innocent unless and until proven guilty.