Russian hackers
Hacking in light: A $90 Million Trade hack

Russian National Found Guilty of Hacking US Networks to Steal Confidential Earnings Reports

A Moscow-based cybersecurity firm owner, Vladislav Klyushin, was extradited to the US in December 2021. It was to face charges of hacking into US-based filing agents to steal confidential earnings reports from American companies. The stolen information was put to use in a hack-to-trade scheme. It lead Klyushin and his co-conspirators to make illegal profits of $90,000,000.

The scheme of hacking

Klyushin was the owner of M-13, a Moscow-based cybersecurity firm that offered penetration testing and APT emulation services. However, the FBI discovered that Klyushin was also running a hack-to-trade scheme, where he received money from shady investors and used it to trade securities of US-based companies. He returned 40% of the profits to the investors.

The hacked agent systems belonged to two US-based filing agents that American companies used to file earnings reports. They do it through the Securities and Exchange Commissions (SEC) system. Some of the companies using the services of these are Tesla, Inc., Capstead Mortgage Corp., Roku, SS&C Technologies, and Snap, Inc.

The confidential financial reports contained crucial information about the performance of these companies, which could provide insights for accurate trading predictions.

Armed with this information, Klyushin and his co-conspirators knew ahead of time whether a company’s financial performance would meet, exceed, or fall short of market expectations. This helped them predict whether the share price would likely rise or fall following the public earnings announcement.

After obtaining the stolen information, Klyushin engaged in illicit trading by using brokerage accounts held in his name and the names of others, executing illegal trades on NASDAQ and NYSE from January 2018 to September 2020. More than 97% of the recorded trades involved entities that had filed their SEC reports through the compromised agents.

The Verdict

The jury found Klyushin guilty of conspiring to obtain unauthorize access to computers. It was to commit wire fraud. It was for aiding and abetting wire fraud, unauthorized access to computers, and securities fraud.

He estimates to have netted over $38,000,000, with 60.5% profiting from his personal trading activities. The remaining profit coming from indirect investments made on account of others.

The above offenses incur an imprisonment sentence of up to 30 years and fines of up to $250,000 or twice the gross gain or loss. Klyushin will be sentenced on May 4, 2023.

The case highlights the increasing sophistication and prevalence of cybercrime, especially in the financial sector. It also underscores the importance of cybersecurity measures for companies to protect their confidential financial data. The US government is taking steps to crack down on cybercriminals and bring them to justice, as seen in the extradition and conviction of Vladislav Klyushin.