A Ukrainian hacker pleaded guilty Monday to his role in an international scheme that used stolen unpublished news releases to make $30 million in profits.
Vadym Iermolovych entered the plea in Newark, New Jersey, to a complaint charging him with aggravated identity theft and conspiracy to commit wire and computer hacking. The 28-year-old Kiev man faces up to 20 years in prison when he’s sentenced Aug. 22.
Iermolovych was one of several people arrested in August in the United States and Ukraine. The Securities and Exchange Commission also charged them and 23 other individuals and companies in the United States and Europe.
The U.S. attorney’s office said that from 2010 to 2015, the group gained access to more than 150,000 press releases that were about to be issued by Marketwired, PR Newswire in New York, and Business Wire of San Francisco. The press releases contained earnings figures and other corporate information.
The defendants then used roughly 800 of those news releases to make trades before the information came out, exploiting a time gap ranging from hours to three days, prosecutors have said.
The group was able to get inside the news services’ computer systems by phishing, a well-known practice in which hackers send an email with a seemingly innocuous link that, if clicked on, can eventually lead to the divulging of the user’s login and password information.
The hackers were routinely paid a cut of the profits.
Prosecutors said the traders generally traded ahead of the public distribution of the stolen releases, and their trading activities shadowed the hackers’ capabilities to get stolen press releases. In order to execute their trades before the releases were made public, the traders sometimes had to execute trades in extremely short windows of time.
The charges were filed in federal court in Newark because some of the trades were done in New Jersey.
Three others connected to the scheme have pleaded guilty.