The NY Times has an interesting story today that's indicative of an emerging hacking-for-profit trend that just might allow the perpetrator to keep his ill-gotten gains. In this case, the crime doesn't involve hacking databases to steal credit and debit card numbers, but hacking a computer to obtain inside information in order to profit on the stock market.

The case involves a Ukrainian engineering consultant named Oleksandr Dorozhko who is alleged to have hacked into a computer that contained advance information about a negative earnings announcement for IMS Health, a company that provides market research to the pharmaceutical and health care industries. [**Correction: An earlier version of this post said that the computer Dorozhko hacked belonged to IMS Health. Court records show that Dorozhko actually hacked the computer network of Thomson Financial to obtain the earnings information.]

Dorozhko apparently obtained the information just a few hours before IMS was to make the earnings announcement public on October 17, 2007. He quickly purchased 630 put options for IMS Health, betting that the price of IMS shares, which were then trading at $30 each, would drop within three days. Dorozhko invested about $42,000 in the options, an amount that nearly equals his annual income, estimated to be between $45,000 and $50,000.

Hours later, IMS Health announced that its earnings had dropped 15 percent from the previous year and 28 percent below analysts' estimates, causing its stock price to fall to $21.20 the next day. Dorozhko's prescient purchases landed him a tidy profit of $286,457 in one day – nearly six times his annual income.

The broker, Interactive Brokers, suspected something was wrong and temporarily froze the money to investigate before Dorozhko could withdraw it. Now the Securities and Exchange Commission wants to seize the funds, but a federal judge has ruled that the freezing of the money was unlawful because Dorozhko didn't violate the securities law governing insider trading.

Per the Times piece:

A person who legally obtains insider information — as a corporate official or an investment banker, for example — will almost certainly break the securities law if he or she trades on the basis of that information before it is made public. But it is far less clear that someone who illegally gets their hands on such information will have violated the securities laws by trading on it. The securities law used to bring insider trading charges — Section 10(b) of the 1934 Securities Exchange Act — talks of “a deceptive device or contrivance,” and it is not clear that there is any deception involved in simple theft. “Dorozhko’s alleged ‘stealing and trading’ or ‘hacking and trading’ does not amount to a violation” of securities laws, Judge Naomi Reice Buchwald of United States District Court ruled last month. Although he may have broken laws by stealing the information, the judge concluded, “Dorozhko did not breach any fiduciary or similar duty ‘in connection with’ the purchase or sale of a security.” She ordered the S.E.C. to let him have his profits.

The SEC has appealed the case, arguing that there was deception involved in the trade since Dorozhko deceived IMS's computer system in gaining unauthorized access to it. If the appellate judges rule against the SEC and order the funds to be unfrozen, they would set a precedent that would make it hard for the SEC to go after profits obtained through hacking in the future.

The logical question to ask then is why Dorozhko hasn't been charged with a computer crime? The Times speculates that the Department of Justice has simply deemed the case not worth pursuing – probably due to the difficulties involved in gaining cooperation from local authorities to capture criminals in Ukraine.

I wonder if they've considered labeling him a terrorist?