A Ukrainian hacker involved in an international scheme that used stolen unpublished news releases to make about $30 million in profits was sentenced Monday to more than two years in prison. Vadym Iermolovych received a 30-month term and must pay slightly more than $3 million in restitution. He had pleaded guilty in May 2016 to aggravated identity theft and conspiracy to commit wire and computer hacking. The 29-year-old Kiev man was among several people arrested in August 2015 in the U.S. and Ukraine, according to the U.S. attorney’s office in New Jersey. From 2010 to 2015, authorities said the group gained access to more than 150,000 press releases that were about to be issued by Marketwired, PR Newswire in New York, and Business Wire of San Francisco. The press releases contained earnings figures and other corporate information.
The defendants then used roughly 800 of those press releases to make trades before the information was reported, exploiting a time gap ranging from hours to three days, prosecutors say. The group was able to get inside the news services’ computer systems by phishing, a well-known practice in which hackers send an email with a seemingly innocuous link. But clicking the link can eventually lead to the user’s login and password information. The hackers were routinely paid a cut of the profits.
Prosecutors said the traders generally traded ahead of the public distribution of the stolen releases, and their trading activities shadowed the hackers’ capabilities to get stolen press releases. To execute their trades before the releases were made public, the traders sometimes had to execute trades in extremely short windows of time. The charges were filed in federal court in Newark because some of the trades were done in New Jersey.