How an international hacker network earned $ 100 million by stealing press releases

Original author: Isobel Koshiw
  • Transfer

In the spring of 2012, a drunken 24-year-old Ivan Turchinov boasted in front of his fellow hackers in a Kiev nightclub. He boasted that for many years he was hacking into business news feeds and selling unpublished press releases through Moscow intermediaries to stock traders for a share of the profits.

One of the hackers in that club, Alexander Eremenko, had previously worked with Turchinov - and decided to join the share. Together with his friend Vadim Yermolovich, they broke the Business Wire tape, stole Turchinov’s internal access to the site and forced the Moscow leader, known under the pseudonym eggPLC, to take them into the scheme. Hostile takeover meant that Turchinov had to share. Now three hackers have entered the game.

Traders make lists of buy press releases.

News feeds like Business Wire are centers for the exchange of corporate information, the publication of press releases, statutory announcements and other information that affects the market and is kept under strict embargoes before publication. For at least five years, three US news feeds were cracked using various methods: from SQL injection and phishing emails to Trojans and left-wing accounts. Traders from the US stock exchanges made a list of necessary press releases to buy and pointed out to hackers the right moment to steal information. Then the hackers downloaded the stolen press releases to foreign servers for traders — and received their 40% profit on various offshore bank accounts. The Verge Edition conducted interviews with hackers and investigators, received chat logs and court documents - and traced the development of the case, which law enforcement agencies would later call one of the largest cases of securities fraud in US history.

To obtain insider information, traders no longer need a person in the company

This story shows how the Internet has made a quiet revolution in insider trading. To obtain insider information, traders no longer need a person in the company. Instead, they can turn to hackers who find security weaknesses. A large corporation or bank can have good internal security. But organizations that it works with, such as financial institutions, law firms, brokerage companies, small investment advice, or, in this case, news feeds, necessarily have vulnerabilities.

"There is always the human factor"

As one of the participants of the scheme, it does not matter what level of security in the company: "There is always a human factor: the only employee who clicks the link in a phishing email or sells his password."

“Almost every organization that collects useful financial data for traders has been broken at least once,” said Scott Borg, director of the US Cyber ​​Consequences Unit, a non-profit research institute that advises the government. "All the economic analysis departments of the largest countries in the world were almost certainly hacked."

For the most part, says Borg, these hacks do not notice. They are usually “sophisticated and targeted,” and companies often refuse publicity to avoid obligations and reputational damage, or because they simply don’t know what kind of information was stolen.

Over the past eight years, the US Securities and Exchange Commission (SEC) has organized three new groups to detect cybercrime and has pushed companies to strengthen their own security and quickly report hacking. The measures have had some success, as evidenced by the recent case of law firms hack with three Chinese hackers , but this is a cat-and-mouse game. Even the SEC is not protected: in 2016it was hacked. The SEC reported a burglary only in the next year, which caused accusations of hypocrisy.

The international nature of trade in stolen information makes enforcement especially difficult. Shortly before Turchinov boasted to friends at the club, the US Secret Service, whose task is to protect the country's financial infrastructure, became interested in the Ukrainian hacker.

Court documents show that since the beginning of 2012, three news feeds - Business Wire, PR Newswire and Marketwired - have infinitely patched holes and removed malware, trying to block hackers from access. Former cyber security specialist at the SEC, Askari Foy explained that these companies usually report hacks to the FBI to open a criminal case and provide access to their systems for examination.

“They traded high”

When authorities warned PR Newswire of a potential hack, they in March 2012 hired Stroz Friedberg, a private cyber security firm, to investigate further. According to court documents, Turchinov's malware was detected and removed. On March 27, he sent a panicky message to Muscovites, allegedly referring to PR Newswire's internal correspondence, to which he had access:

“When you return, write to me right away, there are several problems. The first and most important is a bummer with PR. They found the module and removed all our crap. They removed the temporary server. I have not yet switched to a new one, I'm waiting. It happened on the 13th [March]. The second problem: your guys discovered. They traded on a large scale and there is a lot of talk about them, that they trade only at the right moment. ”

But by May 30, 2012, thanks in large part to the new colleague Eremenko, the hackers restored access to PR Newswire and returned to the business.

The secret service decided to send a request for assistance to the intelligence services of Ukraine, according to Ukrainian agent Alexei Tkachenko and court documents. Ukrainian colleagues have established surveillance of Turchinov.

According to the man, who was also contacted by Ukrainian agents, they noticed that Turchinov was in contact with a group of 10 other men aged 20-30, including colleagues Eremenko and Yermolovich, who had significant cash and no significant source of income. It is said that Turchinov owned a house in Koncha Zaspa, the Kiev equivalent of Beverly Hills. In social networks, he published an extravagant collection of gold watches, a pistol, a luxury car and photos with friends in Kiev nightclubs.

In November 2012, Ukrainians, accompanied by agents of the United States Secret Service, who had already worked in tandem with the FBI, conducted raids on nine properties around Kiev connected with hackers. They confiscated Eremenko and Turchinov’s laptops, found hundreds of press releases and chat logs with a discussion of the scheme. A few months later, special agent of the United States Secret Service, Alexander Parisella, arrived in Ukraine to interrogate Turchinov, Eremenko and others, according to court documents.

But then it died down. Ukraine does not extradite its own citizens, so Special Agent Parisella could not do anything but try to force the hackers to tell about press releases and the stolen data of payment cards they found.

In Ukraine, none of the hackers, too, was not charged. Ukrainian law enforcement officials said they did not receive the requested request from the US - a fact confirmed by an American agent in court. It seems that the Ukrainian special services had a special relationship with Turchinov, the main suspect of the Americans.

"Now you work for us or go to America"

“Then he paid the cops. Good, not paid. He gave them his collection of watches worth half a million. Gave his house, gave "Bentley". Then they said: “Well, now you work for us or you will go to America,” ”said the man who was in close contact with Turchinov at that time.

After the visit of the special agent Parisella, Turchinov continued to crack the press releases, but now under the supervision of intelligence officers, the head of the Ukrainian cyberpolition Sergey Demidyuk told The Verge . According to him, the special services began to work in parallel with the Moscow intermediaries, using Turchinov’s access and attracting their own traders.

"It must be admitted that this is exactly what happened," said Demidyuk about how the Ukrainian special services allegedly profited from illegal transactions.

The intelligence services of Ukraine did not respond to a request to comment on their participation in the scheme.

It is difficult to say how the circuit spun. At the court hearing, the witness called the “main” person, of whom only Valery’s name is known. Witnesses and documents also mention a certain Roman as an intermediary in contacts with traders. Judging by the name of Skype and social contacts, it could be a Russian trader. No one was charged, although Roman had recently traveled to the USA in November 2017. According to several sources, on the Internet, the alleged leader of the gang is known only under the screen name eggPLC.

Demidyuk and others who spoke on condition of anonymity believe that eggPLC is a Moscow stock trader hailing from St. Petersburg who has hired hackers since at least 2008. On a number of underground forums where exploits are bought and sold, we encountered eggPLC advertisements for hackers, he was looking for help in accessing brokerage accounts. According to the person associated with the scheme, then eggPLC used brokerage accounts to raise and lower stock prices, making transactions from their own accounts. This version of the old school stock fraud, known as pump and dump (pump and dump). The scheme was revived in the mid-2000s thanks to hackers.

eggPLC led a full-fledged business in darkweb

Based on the words of Demidyuk and others who are aware of the details of the scheme, eggPLC hired Turchinov to break news feeds around 2009. Turchinov sent the stolen eggPLC press releases and two other Moscow intermediaries who handed them over to traders; hackers received a share of 40% of the profits, and intermediaries - 10%. From its inactive ICQ numbers, it is clear that eggPLC led a full-fledged business in a darqube. One number he advertised as a personal number; the other was called eggPLC support.

In St. Petersburg, Moscow, Kiev and the United States, stolen press releases attracted more and more traders, some of whom worked in investment companies and others independently. Friends talked to friends, the circle dedicated to growing up.

Two traders, the brothers Pavel and Arkadiy Dubovye, come from a well-known and rich Ukrainian Baptist family, several of whose members got rich by privatizing Ukrainian factories in the 1990s. Arkady, who owns an ice cream factory in Odessa, emigrated to the suburbs of Atlanta in the mid-1990s thanks to a law granting refugee status to persecuted religious minorities of the Soviet Union. Pavel studied for some time in the USA near Arkady. But together with a large number of relatives, they moved to Kiev when their cousin Alexander was elected to parliament in 2007.

Living in Ukraine in November 2010, Pavel Dubovoy, according to court documents, sent an email to Arkady's partner in the construction business with instructions on how to get access to a stolen press release.

After the Christmas holidays, Arkady and his business partner Alexander Garkusha left their homes in Alpharette, Georgia, at Atlanta Airport, where they met a Slavic Baptist pastor and a Philadelphia trader named Vitaly Korchevsky.

As a former portfolio manager and vice president of Morgan Stanley, Korchevsky enjoyed a reputation as a good financial planning consultant for representatives of the new immigrant community, many of whom came to America with poor English and a poor understanding of American life. Korchevsky was a prominent religious leader in the American Slavic Baptist community, he was also often invited to preach in the United States and the countries of the former Soviet Union.

“He loves himself and his ambitions”

In the early 2000s, Korchevsky completed work at Morgan Stanley in New York and returned to South Philadelphia, where he spent evenings traveling around the suburbs and visiting Slavic Baptists whom he hoped to attract to his small evangelical Christian meetings. Later he organized a union of 28 Russian-speaking churches and spent a large part of his large income on creating his own church in Philadelphia. He also sponsored the emigration of many of his parishioners from the former Soviet Union, as he did in the late 1980s. Those often lived in his house until they found work and housing.

“He was very religious ... but when I met him, I saw a businessman in him too. He is a man of ambition. This is a man who loves himself and his ambitions, ”said the leader of Slavic Baptists, who had known Korchevsky for three decades. “He likes being a leader ... and a person to whom people are equal.”

To discuss the scheme, Arkady Dubovaya and Garkusha met with Korchevsky at an airport restaurant when he had a stop in Atlanta. At first the scheme was hard to sell. The financially literate pastor was not impressed. He said that these press releases are publicly available. After the meeting, Arkady decided that this was another bad idea of ​​his younger brother. The second meeting was clouded by technical difficulties. Only from the third attempt did the group finally get proper access to the server in order to demonstrate it to Korchevsky - and the pastor recognized the scheme to work.

Arkady began to open brokerage accounts. Arkady's English was so bad that he asked others, including his son Igor, to write letters on his behalf. He also stated in court that he did not understand the actions and had difficulty using the computer. Therefore, he allowed Korchevsky to trade from his accounts and paid him about 10% of the profits. Korchevsky at the time created a Philadelphia fund and secretly made deals from his accounts, because of which the mediator subsequently refused to cooperate with the group for not paying the full commission.

He wanted to see who sells better: pastor Korchevsky or Khalupe

Arkady also played a double game. Brother Pavel introduced him to another former treuder from Wall Street, Vladislav Khalupsky, who lived in two cities, traveling between Odessa and Brooklyn. Arkady opened accounts for trade Khalupsky. Later he testified that he wanted to see who is selling better: pastor Korchevsky or Khalupsky. Arkady also sent his son Igor to learn how to trade in the Odessa company Halupsky.

The scheme continued to grow. Friends, relatives, colleagues and other parishioners were drawn into it: for everyone it seemed like a sure way to get rich. Two managers of Ukrainian firms Arkady opened accounts, then two of his relatives in Odessa (the Oak family are very large, but only five people are involved). A year later, Arkady, an accountant, and Leonid Momotok, a parishioner, got involved in it. The latter knew a little about stock trading and opened more accounts for trading, including one under the name of his brother. The more unrelated the subjects and accounts are, the more difficult the investigation will be for regulators.

Easy Money

For people like Korchevsky, a registered US investment advisor with over a decade of experience, the stolen press releases were easy money.

On 3 August 2011, at 15:34, a press release from Dendreon Pharmaceuticals was uploaded to the PR Newswire system - and published less than 30 minutes later at 16:01, immediately after the markets closed. The release announced that the company's new drug will not match the projected sales target. At 15:56, before the release was published and four minutes before the markets closed, Korchevsky bought 1,100 options for sale - a contract that gives the opportunity to sell shares at a certain price within a certain period of time. The next day, Dendreon shares fell by 67%, and Korchevsky sold his options with a profit of more than $ 2.3 million. Telephone records show that Korchevsky called Arkady twice before the release and twice after the sale of options.

There are cases when traders lost money. Despite a positive press release, on April 26, 2013, the stock price of the Internet company Verisign unexpectedly fell. Arkady's son, Igor Dubovoy, e-mailed Korchevsky: “Arkady asked me to sell all the shares. If you do not have internet, please let me know if this should be done or if you have a service for this. ” Shortly thereafter, Igor closed the positions of Dubovy at a loss of $ 114,038. Then Igor sent Korchevsky another letter: “I already sold everything and just saw your letter. I'm not sure that I made the deal as you planned. ” Korchevsky answered Igor: "It's okay ... this is not the last day ... in any case, it is strange ... got the right numbers ... a mixed reaction."

In Ukraine, Paul, who led a joint account with his brother Arkady, was responsible for paying commissions to hackers. He paid through his British front company using the account numbers provided by an unknown person, probably Roman, who was referred to several times in court as Oak's contact person. In one of several letters to Arkady of February 2012, Pavel reported on payment of $ 95,000 to Turchinov’s Estonian account marked “guys”. The payment was made under the guise of payment for construction equipment from the development company Arcadia. Construction is a typical occupation of Soviet Baptists, who are often denied access to public housing. The letter also indicated that $ 160,000 had been paid to Vlad, that is, Khalupsky, a Ukrainian-American trader and an investment consultant.

It is unclear how Paul met Roman, who introduced Paul to the scheme and worked for the leader of the group, testify. It is also not entirely clear what Paul earned his living. His cousin politician Alexander, in an interview with The Verge, called him a “technical specialist” and a “freelancer” who also worked in real estate, although he did not express confidence in his abilities as a trader.

Pavel on the phone in March denied any involvement in insider trading and trading in general. “Honestly, I have very little in common with this case. My relatives are much more involved - such words of Paul about the scheme with press releases are indicated in the indictment of the US authorities. - I have nothing to do with it. I have never had brokerage accounts and no transactions have been made. I don’t even know how to do it ... I don’t know what is going on in this business ... I don’t know why [they pointed at me]. ”

Pavel subsequently rejected repeated requests for a meeting and did not answer specific questions about the hacking scheme.

Passengers of the first four rows got up and announced that they were agents of the US Secret Service

In November 2014, almost two years after the visit of Agent Parisella to Kiev, the third hacker, 27-year-old Yermolovich, arrived at a luxury resort on the sunny coast of Cancun (Mexico) to rest from the frosty Ukrainian winter. Immediately after midnight, when he rested in the hotel restaurant, a group of Mexican law enforcement officers approached the table, according to an informed source. The police said he was not welcome in Mexico and would take him to the airport. According to them, the Ukrainian consulate agreed to send it back to Ukraine. Meanwhile, the police searched the room upstairs, woke the hacker's wife and confiscated his laptop. When Yermolovich arrived at the airport in the dark, he was shoved into the tail of a commercial passenger plane and was told that he was transferring to Dallas, Texas.

As the source said, when the plane landed in Dallas, the passengers of the first four rows got up and announced that they were agents of the US Secret Service. Yermolovich will not go to Ukraine. Mexicans handed it over to US law enforcement. The extradition procedure was not carried out.

At first, Yermolovich was charged with selling payment data from more than 300 stolen corporate databases. The accusation was based on information found on his laptop in Kiev during a search in 2012. Then law enforcement agencies found the press releases on a laptop confiscated by Mexican authorities. After being transferred to a Hudson County Correctional Facility in New Jersey, the authorities presented a choice to Yermolovich: imprisonment for a term of two to three years or 20 years, proposing to sign a plea agreement.

Even having obtained one of the hackers, it was difficult to open the entire network. Yermolovich claimed that he did not know any of the traders and communicated on the Internet only with the Moscow leadership. Moreover, traders got access to press releases through a temporary offshore server, minimizing traces.

Experts say that evidence of such insider trading often depends on what measures the trader has taken to avoid detection. According to Borg, director of the US Cybersecurity Department, even international cooperation will not help prove insider trading if a trader changes accounts. Traders can hide traces by opening accounts in brokerage offices anonymously through cryptocurrencies or dummy firms, which are then closed.

Dubov family was not so careful

Since 2010, the SEC Center for Analysis and Detection (Analysis and Detection Center) conducted a joint investigation into the signs of insider trading in conjunction with the Financial Industry Regulatory Authority (FINRA), the regulator with Wall Street. Their algorithms are designed to detect fluctuations in stock prices up to large corporate announcements, which indicates insider information from bidders, says Janet Austin, a professor at the University of New Brunswick and author of Insider Trading and Market Manipulation: Investigation and Persecution Without Borders. The Center for Risk and Quantitative Analytics (Center for Risk and Quantitative Analytics) SEC then examines the object making suspicious transactions - whether it has a connection with a company, for example, a relative or past employer. If they cannot find a direct connection, then they keep the data in case the object comes into view again. But the large volume of transactions in the market makes it difficult to detect.

FINRA assisted the SEC in investigating press releases. Both agencies declined to comment on this story. According to Austin, probably aware of the leakage of press releases, regulators raised the logs of suspicious transactions and identified the persons involved.

Oak has repeatedly used the same brokerage accounts, owning some of them directly or through the next of kin with common names. Their involvement is also easily confirmed by the fact that they belonged to the same church community.

In 2014, intermediaries found that the Oak family was trading with a much larger number of accounts than they had stated. According to court testimony, they began to threaten Paul. In January 2015, Arkady went to Ukraine, where he met Valery, the “main guy.” Their intermediary and contact person, Roman, offered various compensation options for the family to regain access: for example, $ 50,000 per day or $ 100,000 per week with a deposit of $ 300,000 (the amounts indicate how valuable black-press releases have become).

Nothing succeeded. As a result, the group found a different way to access press releases through Arkady’s cousin’s husband, Valery Pichnenko, who contacted the intermediary through his own channels. Picnenko kept the press releases on an inconspicuous mail account, where Igor came in and forwarded letters to Vitaly.

But as news feeds do not always inform customers about security problems, the mediators decided not to inform traders that they had arrested one of the hackers.

In August 2015, nine months after the arrest of Yermolovich, FBI agents brought Pastor Vitaly Korchevsky with graying, combed hair out of his prestigious country house in Philadelphia. On the same day, Arkady, Igor, Garkusha and Momotok were arrested in their homes in Georgia.

Korchevsky was accused of receiving $ 17.5 million of illegal profits, Arkady - $ 11 million, Igor - $ 249 thousand. Momotok and Garkusha earned about $ 1.3 million and $ 125,000, respectively.

The news shocked the American Slavic Baptist community and the parishioners of Korchevsky, many of whom refused to believe in his guilt. Because of the persecution of Baptists in the Soviet Union, many of them are suspicious of the authorities and the media, explained Elena Panich, a researcher of post-Soviet Baptists.

Supporters Korchevsky argued that this is a conspiracy of the US government aimed at persecuting the Christian leader. The defense stated, and the American prosecutors admitted it in court that neither press releases nor any evidence were found on Korchevsky’s computers that he had been in contact with hackers.

According to the testimony of witnesses, Korchevsky was careful. He often traveled to Ukraine for trading and used computers that Arkady paid for. He also tried to remove evidence and left all possible technical equipment in Kiev. FBI criminologists confessed that they were unable to restore deleted attachments, where, in their opinion, there were press releases. In the indictments, prosecutors instead referred to the Korchevsky trade patterns, which in many cases repeated the patterns of other defendants, and also submitted emails and chats between Korchevsky and other members of the Oakova group with a discussion of the deals.

Several leaders of Slavic Baptists instructed the parishioners not to discuss this issue publicly and pray. After the arrest, supporters created a Facebook page for Vitaly Korchevsky for prayer and sometimes they prayed at the courthouse during the hearings.

“I ask you not to rush to conclusions,” said pastor Konstantin Likhovodov in Portland, speaking a week after Korchevsky’s arrest. - He is a God-fearing man. And it even surprises me, brothers, that we so quickly agreed with non-believers to the detriment of what we know about our own brother ... I am ashamed to say that there are members of this church who allowed themselves on the Internet ... to say that he is a wolf in sheep's clothing . My question is: what right do you have to judge others? Who do you take yourself for? ”

Initially refused to admit guilt, Garkusha, then Momotok, Arkady and Igor confessed before the court. They are currently awaiting sentencing. When in 2016 the person in the group “Prayer for Vitaly Korchevsky” wrote on Facebook that his accomplices had pleaded guilty, the admin replied:

How do you know that the government did not pay them for the lie in court? Look, they will easily get off and get a few million each. I think that you underestimate the ability of governments to create the right situation and the ability to get what they want. I recommend to think well and ask the question who is the real criminal here.

The church Korchevsky suffered greatly because of this incident. When the US government froze its funds, the congregation began to raise money to pay for its lawyers. Korchevsky allegedly used part of his trading income to purchase nine properties in a suburb of Philadelphia, a shopping center, and a 9 percent share in the Georgia residential complex. According to friends, at least five houses were purchased in the name of new immigrant families who have not yet acquired credit ratings: “Yes, that’s true, in fact, they all ... I didn’t buy anything for myself,” Korchevsky wrote in an email when he was asked about some houses. Korchevsky did not answer further questions about his role in the scheme.

“It really shocked people because they did not think that he was capable of something bad, because he had done so much good for them,” said the Baptist leader, who knows Korchevsky for three decades. “His heart is broken: everything he built is destroyed.”

“If he does not plead guilty, I’m pretty sure it’s because of the church. He has the image of a man who is not capable of such. As long as people think he is innocent, he can remain a star, ”said the Baptist leader, who considers Korchevsky guilty.

Before the arrests in 2015, the investigation had only one stolen press release - a screenshot taken by Halupsky in Viber. He sent the document to his Yahoo mailbox, which probably had access to special services. The press release screenshot with emails and trading windows was key evidence against the Oaks group, the only traders charged under a criminal offense. After his arrest, Igor gave the FBI access to e-mail with more than 200 press releases, which, according to him, were sent to Korchevsky.

Khalupsky, a Wall Street trader who lived in Brooklyn and ran an Odessa trading company, was detained in Odessa in February 2017. After being placed under house arrest, the Ukrainian authorities granted the extradition request, since Khalupsky is a US citizen.

Oak admitted guilt

In the course of the proceedings, Oaks confessed their guilt. Khalupsky, like Korchevsky, did not recognize. He argued that Oak had misled him. Arkady, Igor and Garkusha testified against them at the trial. In turn, Khalupsky’s lawyers questioned the credibility of their testimony, recalling past family affairs - the drug trafficking scheme from Panama to Europe and money laundering in Latvia.

On July 6, the jury found Khalupsky and Korchevsky guilty on all counts. The judge twice reprimanded supporters of Korchevsky for praying at the courthouse during the hearings. When the verdict was read, the family burst into tears, reports Bloomberg . Imprisonment terms for both are not yet defined.

After the verdict was announced, Korchevsky addressed his community in Philadelphia with gratitude for support. With a smile of an innocent man, he said that he intended to appeal the verdict:

The Lord clearly showed: there is not a single proof that I owned any information. They simply do not exist. Of course, they talked about the destroyed computer, although a 17-year-old PC was found in my house. But God knows, and before his face we can safely say: there was nothing like that. No computer or mobile phone has been destroyed.

The SEC filed two civil cases against traders of investment and trading companies from Moscow and Kiev, as well as individuals from St. Petersburg. They declared their innocence due to the lack of evidence that they had access to press releases or were in contact with hackers. Unlike the Korchevsky case with dozens of letters to American servers and one leaked press release, the evidence in these civil cases is entirely based on trading models.

In dozens of cases, traders and legal entities mentioned in a civil case made the same transaction for several hours, sometimes minutes before the release of the press release. The choice of shares corresponded to what press releases hackers had access to.

One of the respondents in a civil case is David Amaryan, whose company Copperstone Capital received the award in January 2015 as the best Russian hedge fund.. He claimed that one of his employees had developed an algorithm for searching and simulating transactions at an early stage. The logic is that profitable deals were chosen with the assumption that someone else has insider information - and therefore the market is set in motion. Amarjan had to go through an unpleasant interrogation, during which prosecutors proved to the court that David was familiar with other defendants in the case, although he had previously denied this acquaintance. After that, Amaryan and his three companies agreed to pay compensation to the SEC of $ 10 million. As part of the settlement, the businessman did not recognize, but did not deny the fact of unlawful actions. Similar calculations were carried out with other Russian and Ukrainian respondents, including one of the most famous investment companies in Ukraine. In general, the SEC will return $ 53 millionunfairly received income from investment companies, traders and brokers.

Hacker Yermolovich, who was taken from Cancun, is the only defendant who has received a sentence in this case so far. In May 2017, he was sentenced to 30 months in prison.

The largest ever computer hacking and securities fraud

Subsequently, the FBI will call this case the largest computer burglary and securities fraud in history. The total income of hackers and traders, published by the SEC, exceeds $ 100 million. But the authorities believe that this is only the tip of the iceberg. For some defendants, including Paul, the amount of income received is not established. In addition, during the pre-trial proceedings, the defense attorney referred to a sealed affidavit with information that the FBI had identified more than 100 insider trading participants. Until now, the authorities have filed cases only against 42 subjects, including 20 individual traders.

Arkady's younger brother Pavel, who showed the stolen press releases to the Oak family, is the only defendant who is still at large. He is not threatened by American justice due to Ukrainian legislation, and, probably, is not threatened by Ukrainian justice thanks to his connections.

Pavel had good connections, especially when his cousin Alexander Dubovoy entered Ukrainian politics. The Dubov family is associated with many influential characters: from Kremlin evangelists for a healthy lifestyle to the most titled Russian singer , whom Putin personally congratulated on his 80th birthdayat the evening in the Kremlin. One of the most significant connections is the former deacon of the Oak Church in Kiev, Oleksandr Turchynov (not related to hacker Ivan Turchynov). Oleksandr Turchynov is a former head of the special services and in his time served as the president of Ukraine, and now oversees the police, special services and the army. This makes him one of the most influential politicians in Ukraine.

Love number seven

Among the parishioners of the Word of Life church, Alexander Turchinov and Oak, are known for the total love of the number seven, says their former pastor Vladimir Kunets. According to him, they chose the number seven, because in the Bible it means completeness - the day when God rested. Pavel and Alexander Dubovy have at least four sevens in their cell phone numbers, and Alexander Turchinov and Alexander Dubovoy have special license plates on cars with four sevens, said Kunets. (There is no evidence that Aleksandr Turchinov is associated with Pavel’s trading scheme, and Turchinov’s representative denies his boss’s acquaintance with Pavel, although he admitted that he is close with Pavel’s cousin Alexander Dubov).

Pavel and Alexander Dubovy quarreled with their pastor Kunz when they, together with Alexander Turchinov, paid millions of dollars to build a new Word of Life church next door to the old one. Then in July 2017 they took it away from the offended Kunz. He has been their pastor for over 10 years.

Elena Panich, a specialist on post-Soviet Baptism, explains that because of poor finances, parishioners learned to accept politicians and wealthy parishioners in the community, leaving it up to God’s discretion to judge their actions.

“But where they take money is not always clear.”

“You see, churches also need rich people. They donate money. They build prayer houses. But where they take money is not always clear, ”Panich says.

Kunets said that after the appearance of information about the criminal case in the United States in August 2015, Pavel fled to Belarus to relatives, where he had been hiding for about a year before returning under a different passport. The police in Ukraine say that Pavel lives in Ukraine with a fake Russian passport. Apparently, he lives completely openly since his return. Shortly before Christmas 2017, Paul was seen on Sunday service, which, according to the congregation, he regularly visited last year. He also traveled abroad: Facebook has marks from Tehran. In Iran, his arrest by FBI agents is almost impossible, although they continue to wait for a convenient moment to arrest.

The Ukrainian police said that they had interrogated Pavel, but his American colleagues did not give the necessary information for his arrest. The special services of Ukraine say that they have no information about Pavel.

The case of the leak of press releases was practically not discussed in the Ukrainian media and the Ukrainian Evangelical Baptist community, but Pavel appeared in one of the largest corruption scandals of 2017, which was covered in the Panorama program on the BBC . The National Anti-Corruption Bureau of Ukraine accused Paul of trying to bribe one of his agents to close an investigation into the Odessa factory of his cousin and the notorious mayor of Odessa, which, according to the BBC, is a member of the mafia group. According to leaked documents from the Prosecutor General’s Office of Ukraine, Pavel offered the agent $ 100,000 to remove the lock from his cousin’s bank account, promising an additional $ 200,000 after unlocking and another $ 200,000 for complete closure of the case.

In February, he was shot three times

This is not the end of the drama in Paul’s life. According to cousin Alexander Dubovoy, in February, he was shot three times and wounded during a meeting in a cafe when Pavel tried to save an unknown woman from being beaten by a group of men. In a telephone interview from the hospital, Pavel said that the conflict with pastor Kunz around the co-built church was “settled”. He denied any involvement in the leak of press releases, but did not answer further detailed questions.

Answering the question, Alexander Dubovoy explained that the family did not consider the scheme with press releases contradictory to their faith: “As far as I read and heard from relatives, and I know him well, they, and he, in particular, did not see what theft. " Pavel was a tool or a link and did not know how the information would be used, Alexander said.

The FBI refused to give an official comment on the case and the alleged involvement of the Ukrainian special services.

Hacker Turchinov also avoided the consequences. According to the head of the Ukrainian cyber police Demidyuk, in 2016, Turchinov hacked into the database of the tax service of Ukraine ordered by another Ukrainian business group, stealing information and changing tax information in the interests of the customer. When the police began an investigation in January 2017, Turchinov fled through the war-torn eastern territories of Ukraine to Russia - a country inaccessible to the American and Ukrainian authorities.

For Yeremenko, a conviction signaled the beginning of a new stage in his hacking career. According to Demidyuk, when the American accusations were announced in August 2015, some “not very good people” in the special services of Ukraine, together with the hacker Turchinov, used Eremenko’s ignorance of the Ukrainian extradition law to blackmail him. Yeremenko was told that if he paid, he would be safe from extradition, which in fact did not threaten him legally. Turchinov, acting as a mediator, amused himself even more by doubling the amount of blackmail. Eremenko paid. Comrades parted when Eremenko discovered deception.

Hacker skills Eremenko subsequently used Artemy Radchenko, a stylishly dressed, ambitious 23-year-old man with dubious connections. In October 2015, two months after Yeremenko was charged in the United States, they created Benjamin Capital Group, a UK-registered investment bank that worked in Kiev. According to the head of the Ukrainian cyberpolicy and a source with knowledge of the matter, Benjamin Capital was created under the guise of a legally clean trading and investment company. But Radchenko attracted investors willing to pay for Yeremenko’s proven hacking abilities to get insider information. They hired workers, rented servers and two floors of office space.

In corporate forums, employees complained about management and pay delays. In the winter of 2017, Eremenko realized that Radchenko had spent all the investors' money, as well as profits from their work, to buy apartments abroad and luxury cars, Demidyuk said.

Radchenko continued to keep Eremenko in the company under the threat of violence. Before everything fell apart, Eremenko was obsessed with hacking into the EDGAR financial reporting system and achieved some success, according to Demidiuk and a source familiar with the case. EDGAR is used by all companies trading on US stock exchanges to submit financial reports, which are then published on the Internet. When Eremenko finally decided to leave, Radchenko was furious.

Radchenko hired thugs

“Radchenko hired thugs to beat or, I don't know, even kill Eremenko. It was a vendetta. Because from what we know about Radchenko ... he is very aggressive, ”said Demidyuk.

Besides the fact that Radchenko did not pay his employees, he made a fatal mistake without paying his bodyguards. Large clients gradually left Benjamin Capital, and their place was taken by dubious individuals, including representatives of organized crime. Investors colluded with Radchenko’s bodyguards and beat him “well”, according to Demidiuk. Then they began to look for Eremenko. But instead of punishing him, some investors suggested the hacker to move to Russia, work for them and pay off the debt to Radchenko.

The SEC hacks, including the EDGAR financial reporting system, occurred from October 2016 to April 2017, Reuters reports, citing an unnamed source, although in the SEC statements published in September, only the 2016 hacking is mentioned . The SEC says the investigation is ongoing.

UPD. On August 26, Roman Vishnevsky mentioned in the article registered on Habré and made a statement about the unreliability of the information published in The Verge article: “My lawyers in New York have already written a letter demanding to remove me from the publication,” said Roman in a comment for Habrahabr .

Also popular now: