The stock market. This is where you can go buy part of a company and hope the value of that company goes up, so your part is worth more. But it's a big risk. Predicting the future is hard. Even the most educated and well-researched people who spend their whole life focusing on finance get it wrong a large part of the time. Some think they have it all figured out though, like Gordon Gecko in the 1987 film Wall Street. Here's a clip from the film.
The public's out there throwing darts at a board sport. I don't throw darts at a board. I bid on sure things. We'd sun suit the art of war. Every battle is won before it's ever fought. Think about it. You're not as smart as I thought you were, buddy boy. You wonder why fun managers can't beat the S&P 500? Because they're sheep.
and she'd get slaughtered. So what was Gordon Gekko's secrets so that his stock bets were a sure thing? Well, he was investing using insider information, information that wasn't yet available to the public. Knowing what a company is about to do or announce gave him a big edge that made him a lot of money.
These are true stories from the dark side of the internet. I'm Jack Resider. This is Darknet Diaries.
Insider trading is an age-old concept. It's been going on for years, and it's the bugbear of the stock market. This is people getting their hands on the kind of information that trades can be based on to make more money. But it's information they shouldn't have. This is financial data or corporate secrets obtained by deceptive or illegal means. Yeah, that gives them a distinct, unfair advantage over other traders.
But that's exactly the problem. It's not a fair way to trade, and it undermines the entire stock market system, as Gordon Gekko famously said in the film Wall Street. The most valuable commodity I know of is information. Wouldn't you agree?
what stock market traders aim to do is predict the future. If they can buy a stock that goes up in value, they will make money. Sometimes a lot of money, but that's the hard part, predicting the future. So forecasts of a company's profits, sales, overheads, analysts, reports, or market shares, these could all be indicators of what may happen in the future. So they're all very important to traders. And typically, a company will put these numbers together, then publish them publicly for everyone to see.
But sometimes when a company publishes a report, it makes their stock change wildly. So what if you could see what these internal reports look like before they got published to the public?
if you're a stock trader and you've got some privileged inside information that your fellow traders don't have, well that puts you significantly ahead of the game. Think about it, if you knew that company has far exceeded its quarterly growth, that would likely translate to a rise in the stock price as soon as that information became public. So if you knew this before everyone else, could you use that to your advantage?
Well, hell yeah, you could you could buy that stock and wait for the announcement and watch your net worth rise. Then sell it to make a good profit. If you had this sort of advanced information, it would almost surely mean you could make a fortune in the stock market. And it works the other way too. If you know a stock is going to go down, you can short sell that stock to make a profit if it goes down. And that works very well. But if you had access to early information like this and used it to make a profit,
Well, that's illegal. Because trading based on inside information is illegal. If you get insider information, you shouldn't be able to profit from it. This makes the market fair for everyone. But this doesn't stop people from trying it. I bet a lot of people would love to get insider information on how a company is performing before the public knows. But the problem is, how do you get that insider information in the first place?
The obvious answer is an employee inside the company. They might have this information and use it to make some sort of trade or tell a friend to make a trade. It's non-public information like the company is about to merge or they've made insane growths or profits, whatever it might be. The point is they trade on the back of that information, putting them ahead of the game. So the insider could try to profit off of what they know.
Or sometimes they could just tell a friend or family member about something going on in the company and they take that information and invest in the stock. A family member could make a bunch of money from a casual thing said during Thanksgiving dinner or something. Now, an international airport doesn't sound like a great place for an important business meeting. There are a lot of people and a lot of noise, but I bet there is a lot of business done in airports. Back in early 2011,
Atlanta Airport was the scene of one of these meetings. Although, to be honest, what we're discussing wasn't exactly legal. So maybe the airport wasn't the best place to have a meeting like this. Hartford Jackson, Atlanta International Airport is the busiest airport in the world. It's huge. I think it has like 100 million people fly through it every year, which is like 300,000 people a day. Crazy numbers.
But the meeting going on there that day in early 2011 was a carefully timed on-the-hop business meeting arranged by a guy named Arkady Dubavoy. Now Arkady was a stockbroker from Ukraine. He's part of a big family who was into stock, big business deals and real estate, and he basically had a lot of money.
Arkady moved to the U.S. somewhere in the 1990s and was living in the state of Georgia, according to research by investigative journalist Isabelle Coshu, who dug deep into the story for The Verge. Arkady owned an ice cream factory in the city of Odessa in Ukraine, but he had settled in a home in Alfreda, Georgia, which is just 34 miles away from the Atlanta airport. His business partner was Alexander Garcia. He was born in Russia, but had lived in the U.S. most of his life and holds a U.S. citizenship.
Now, the two of them, Arkady and Alexander, set up a design and building company in 1997 called APD Developers, Inc. They registered it in the state of Georgia with the two of them as directors. They mainly built family homes, and according to records available online, they were generating revenue of over $1 million a year. So they were doing okay as real estate developers. The guy they had arranged to meet at the airport was Vitaly Korkchevsky.
He was a hedge fund manager from Wall Street and a good one. Vitaly spent most of his time focusing on the stock market and had been doing that for years and years, so he was pretty experienced when it comes to the stock market. Vitaly worked for Morgan Stanley as a portfolio manager and at one point was given the title of Vice President.
Transport yourself inside an investment bank for a second. After you're an analyst, you then become an associate, and the next run up the ladder from that is vice presidents. And there are two more after that, senior vice president and managing director. Vitaly was one of Morgan Stanley's vice presidents.
So it's safe to say Vitaly knew what he was doing when it came to stock investments and trading and managing stock portfolios. He would be in the position to know how the market would react to certain kinds of information. Vitaly had used his experience to set up his own hedge fund called NTS Capital Fund LP based in the city of Glen Mills, where he lived in Pennsylvania.
On his 2012 SEC filing paperwork, it was described as a pooled investment fund and a hedge fund that would accept minimum investments from outside investors of $500 million, which is quite a big minimum.
Now, Vitaly had a second life outside of his corporate banking on Wall Street. He was a Slavic, evangelist, Baptist pastor. He had his own church in Brookhaven, Pennsylvania, called the Slavic Evangelical Baptist Church, and he had a congregation loyal to his church, and he was the pastor.
He was also the chairman of the Associate of the Slavic Baptist Church's USA, and had been since 2003. Vitaly, it seemed, was a busy, multifaceted guy that many looked up to for advice and support, both financially and spiritually.
So now you understand more about Arcadilly, Alexander and Vitaly, which were the three guys that were meeting in this Atlanta airport. Vitaly was passing through, waiting for a connecting flight, so his time was a little limited. Somewhere in amongst the monster airport, it's two huge terminals and five concourses, the three of them sat down for a chat.
Now it was Pavel, Arkady's brother back in Ukraine, who actually arranged this meeting. He made the introductions and made it happen. And you can think of Pavel as a kind of middleman in all this. He's going to pop up a lot in this story. So Arkady sits down with Vitaly and says that he has a foolproof way to get his hands on top level insider financial information on big U.S. companies before anyone else knows about it.
He was talking about having access to the kind of information that would enable an experienced stock trader to make big trades on that company's stock for insane profits and pretty much never lose money. It could be done multiple times with multiple different companies keeping it all under the radar and untrackable.
It was an insider trading scheme that he was touting to Vitaly, but it was insider trading with a difference. The insider wasn't a disgruntled employee or senior executive spilling secrets to make some money on the side. No, Arkady had something far bigger than that. Arkady had a solid, reliable stream of information coming to him, which was insider information on dozens of US companies.
He was claiming he had access to their financial reports well before the public could see them. Vitaly was paying attention. He knew exactly what to do with early access to financial reports like this, and he understood that this could mean he could make a lot of money. Here's one more clip from the movie Wall Street. I don't know where you get your information, son, but I don't like it.
But how was Arkady able to get all this information ahead of the public? Well, Arkady's secret was hacking.
He had a guy who was in his 20s from Ukraine called Ivan Turchnyov. Now he lived in Kyiv, Ukraine's capital at the largest city and specifically in a posh area of town. There's an area there called Kunchazaspa. It's smart, expensive and in an area that you'll find top politicians along with some former presidents living. The homes there go on sale between three and five million dollars.
with a river and woodlands on one side and huge gated properties with tens of acres of land on all sides. I mean, this is an elite area of Ukraine. And this is where Ivan, the hacker of this story lived, according to the Verge. He seemed to have a lot of cash and liked to show it off. Clocks were his particular favorite, gold clocks to be more exact. And he had scores of them. He also had a standard luxury car and a busy social life and nightlife.
and he loved to flaunt his wealth and show it all off. So when you combine Arkady's wealth and business sense with Vitaly's stock market knowledge and Ivan's hacking skills and all of them aren't afraid to do illegal things to make more money, then you start to get quite a spicy recipe.
Now Ivan, the hacker, had been working with RKD to try to find something that they could do to make more money. They were both seeing that when a company publishes a financial report, it makes that company's stocks swing around. So they wondered if there was a way to get those reports ahead of everyone else. And that's when they started looking into the world of news wires.
So this is how newswares work. All companies that are trading publicly on the stock exchange are required by the Security Exchange Commission, the SEC, to publicize their financial statements regularly. These are reports that pop up every few months, and the reports tell investors how the company is performing, what their cash flow is, their revenue, their debts.
And they usually include some income statements and cash flow statements and finance and profitability ratios. Boring stuff to most of us, but to the right people, these little bits of information will translate into millions of dollars in profits or losses in the stock market.
These companies all need a way of publicizing these reports. They have to do it by law. They need to tell their investors how they're doing. And they need a way to tell everyone at the same time. No favorites allowed here. Everyone needs to be able to access it at the same time or else the company can get in trouble for providing insider information.
Sure, they can stick this item on their company website somewhere, or do a mass email shots, and some of them do just that. But many major US companies use the services of news wires. News wire agencies specialize in distributing financial reports and other news that a company needs to relay to its shareholders. And they have networks in place already that can get a press release out to the world at a push-up button. For companies, this is a quick and convenient way to just make the whole process easier.
This kind of financial information for big corporate companies can have big impacts on their investors and their stock prices. So it's common that they put it together in a press release and send it to a newswire who will then publish it publicly when it's time. And a lot of these reports get published just after the market closes on a particular day because they know this information could then just flow out overnight and hit the stock market floor in the morning. Tried and tested, this is the usual flow of how these things work.
Now, the top three financial newswire distributors in 2010 were Business Wire, PR Newswire, and Market Wire. These companies have been around for a while. Two Business Wire was founded in 1961, and they've got their headquarters in San Francisco. PR Newswire was founded in 1954, and it's headquartered in Chicago. Now, that one was originally run entirely by Herbert Muschel out of his New York City home.
And that was before computers and the internet and the ability to send out information electronically. Instead, he used teleprinters to get information out to news outlets in New York. But now we are all digital and networked. So these newswires all compete with each other to try to get the big company's business.
It's all very competitive and it means each of them have to have a good selection of companies as clients. So when they get a press release, they upload it to their servers where it sits under wraps until they agreed upon time and date when it should be released to the public and then it gets published. It's all very straightforward. But are you seeing the problem yet? Financial reports for major businesses all sent to the same three places and staged on a server until it's the right time to publish them?
Yeah, I think you know where this is going. In February 2010, Ivan, the hacker in Ukraine, set his sights on market wire. He knew somewhere in market wire they must be storing these press releases before they're being published publicly and he wanted to find where they were. He scanned the website looking for a vulnerability and found the website was vulnerable to sequel injection attacks.
So this is where when you fill out any kind of text box or form on a website, the data you typed in make it sent to the SQL database, which is where all the information is stored on the website. So like maybe it's a search field and maybe you're on the site searching for press releases for some company. Okay. So when you hit search, whatever you typed in, that could be sent to the database directly to search it for any hits. I mean, the site has to know that you're looking for something and has to ask the database if that's something you're looking for is there, right?
But what if instead of typing in some company name to search for, instead you just put in all kinds of funky characters that screws up the search and tells the database to do something else altogether, like, just give me everything in the database. Not just what I search for.
This is the kind of behavior Ivan was trying to get the Market Wire website to do. Ivan relentlessly attacked Market Wire's website, trying many different inputs to try to get something valuable back from the database that he could use. He spent months on this, submitting hundreds and hundreds of form fields, all trying to do SQL injection. Over time, he got it working.
I'm not exactly sure what steps he took here, but over the course of five months, and 390 SQL injections later, he found a way in to where the unreleased press releases were stored, and he scooped up 900 of them.
Then in July 2010, he added PR Newswire to his target list. This website used the PHP language to render the page, and he was able to exploit this PHP code that was on the website to gain access to their servers and went to look around.
He left a PHP script there that would give him backdoor access to this place so he could just go back in whenever he pleased and look around in PR Newswire's network. And of course, as he looked around there, he found exactly where the unreleased press releases were stored in this network.
Ivan knew of the other news agency too, Business Wire. Of course, he wanted to find a way into this one too, but he was having a hard time with it. We do know that Business Wire employees received a rash of phishing emails during this time. Maybe that was Ivan trying to trick an employee to install some malware or steal their credentials. It does seem like Ivan eventually got a user database to the site somehow.
which gave him usernames and hash passwords. And from there, he had to run the hashes through a cracking tool to try to get the password. And eventually he was able to brute force his way into business wire this way. And once inside, he started grabbing dozens of non-public press releases.
So Ivan had successfully broken into all three of the leading newswire agencies and siphon off copies of press releases before they were published publicly. He then sent them directly to Arkady and Alexander, and he's just emailing them over bulk attachments like 70, 80, 90 press releases at a time.
And bear in mind, this all had to be done in a very short timeframe. The press releases were often uploaded to these news wires just a few hours before they were due to go public. So in that time window is when this scheme had to work. The hackers needed to steal the press release and then pass it to the traders and then the traders had to look through these press releases to see if there was anything valuable in there and then decide if they needed to make trades and move themselves into the right positions.
I imagine it was a frantic sort of operation. A lot to do in a short time. And then Ivan is sending them dozens of press releases out of time. So they're having to make sense of a lot of information fast. Because at any minute that's going to be public and the market may move and they may miss their chance.
Then you have to plan your exit. How long do you wait for the market to adjust before you hop out? A few hours maybe? There's a lot going on for these guys to do and it's no wonder that they wanted to bring vitality into the fold to take a portion of this work and make some money for them too. They simply couldn't do it all on their own.
Ivan, the hacker, was feeling this process was getting tedious. Having to go in, grab press releases, download them, and email them to the other guys, that's a lot of steps that he was doing over and over and over throughout the day. So Ivan came up with a better way.
He set up a dedicated web server. Every time he accessed new press releases and grabbed them, he'd upload them to his server. And he had it locked down with a username and password. And he gave these credentials to the traders who were involved in this game. Now the traders could log in and just pick off the press releases that they liked the best. And it made the process a little bit more automated and easier for the traders to parse the information and easier for Ivan too.
These traders weren't necessarily computer savvy with the sort of thing, so Ivan had to make a little how-to video demo that showed them how to access the press releases on the server. And Pavel, which is Arkady's brother, was who took the video and shared it with the traders. And he also used this video as a way to persuade other traders to join the fold. Now Ivan also shared tips too on how to use a proxy and a VPN to hide the IP addresses so people would cover their tracks properly.
In November 2010, Pavel shared this demo video with Arkady, who used it in negotiations with Vitaly. It was that demonstration that tipped the balance for Vitaly, seeing for himself in black and white the information that would be available to him if he joined. He knew exactly what he could do with that information, and that was just too attractive for him to turn down. Vitaly Korchowski, hedge fund manager and Baptist pastor, was in.
I feel like I've been talking for a while, so I'm going to take a little break here and get a drink of water. But I'll be back in a minute to tell you the rest of the story. While Arkady was busy expanding this little scheme of his, the SEC was really revving up.
At the start of 2010, they were creating new divisions and departments. One of the units was called the Market Abuse Unit, and it would focus on cases of insider trading. The SEC is a law enforcement agency, which looks for signs of market manipulation. With headquarters in Washington, DC, they have between 3,000 and 4,000 staff across the board, and they have to work real hard to unravel some of these illegal trading schemes and gather the evidence that they need to take them down.
SEC is out there looking for people doing schemes exactly like what Arkady was doing. But it's really hard with all the money that gets transferred every day in and out of the stock market. But the SEC has a secret weapon called Artemis, which stands for Advanced Relational Trading Enforcement's Metrics Investigation System.
What a mouthful that is. So this is like an enormous database system that holds trade records from across the sector and uses mathematical algorithms and advanced analytics to analyze and rank the trades depending on what the SEC is looking for. It's a powerful tool and is capable of spotting trading patterns that the human eye or brain just can't do.
In the past, the SEC was kind of a reactive force when it came to insider trading. They'd be informed of an incident or suspicions and then start their investigation. Sometimes when there was significant news about securities involving a company, they would investigate if suspicions were raised looking for trading activity that might have taken place on the back of it.
But while criminals are using technology to hack into places in order to do insider trading, the SEC is also using advanced technology to try to detect those illegal trades. Their tools give them the ability to parse and examine every single trade to try to find indicators of suspicious behavior. And their tool was seeing something suspicious with these trades.
In January 2011, Ivan lost his backdoor access into PR Newswire. The Newswire didn't know they had been hacked into. No, no, they just changed their infrastructure. And in that process, they removed the system where his backdoor was implanted on, so access denied for him. It was gonna take him a while to find another way in. But in the meantime, he was just focusing on stealing press releases from marketwire instead, ensuring the steady flow of releases still got to traders. Because if the traders didn't get the information,
He wasn't going to get paid. Ivan gave the traders his bank account details, which were accounts in Estonia and Macau, and this is where he wanted his cut of the profits paid into. Now, as far as I can work out, Ivan was raking in somewhere between 40 and 50% of the profits from the trades made using the information in the press releases he stole.
which I guess is fair. Without this insider information that he's producing, the traders would have nothing to work with. So his role was crucial in this whole scheme. By July, he got back inside PR Newswire. And again, he installed some code on their servers so he could just hop back in whenever he needed. Great. But that was also the month that this group started to inadvertently leave breadcrumbs behind them. Crumbs that would eventually be noticed and followed.
At some point, one of these brokerage accounts they used to trade with became on the US authorities' watch list. My guess is that it was SEC that identified a trading account looks suspicious and to keep an eye on it. Well, for some reason, it was Ivan, the hacker that logged into that brokerage account to check on things. Investigators took note of his IP address for later, and it was later that they saw this same IP
Log in to Market Wire and PR News Wire to download press releases. This would prove to be a crucial link that would connect a hacker with the traders.
By this point, the scheme was running very well, and this group was making a lot of money. Take the Dendreon Corp stock, for an example. So this is a big biotech and pharmaceutical company based out of Seattle, and on August 3rd, 2011, PR Newswire uploaded a press release for Dendreon onto their server at 3.34pm.
At 4.01 PM, less than a half hour later and one minute after the stock market shut down for the day, the press release was made public as Dendreon wanted. But four minutes before it went public, at 3.56, Pastor Vitali suddenly purchased 1,100 put options of Dendreon Corp.
As soon as the press release became public, the stock price fell. And the following day, Vitaliy sold all 1,100 options and made a clear profit of more than $2.3 million. Yes, million in less than 24 hours. Across this period, there were more than four direct contacts between Vitaliy and Arkady.
which lends us to believe that these trades were conducted using insider information. In the middle of October, they were added again. This time, the target company was Caterpillar Inc. You know this company. They're massive. They make construction and mining equipment, big turbine engines and natural gas engines, and they've been doing it for almost 100 years. And they make boots, too. So Caterpillar used PR Newswire when they had a press release ready to go out to the public.
They'd send it along with the date and time for it to be released, and PR Newswire would upload it onto the server so it was all ready to go. And that's exactly what they did on October 21, 2011. The release said that the company's profit after tax for its third quarter was up 27% compared to 2010.
That's great news for the company and its investors. And it was supposed to go public three days after it was uploaded. But not long after it was uploaded, the traders began to pounce. Suddenly, shares of Caterpillar were bought in multiple brokerage accounts worth $5.9 million. That was about 3,800 shares in the company. And if you dig a little deeper, you find that they purchased them through EDGX using a brokerage account registered to ARKITY.
When the press release went public on October 24th as planned, the price of the stock and caterpillar ink shot up exactly as the traders thought it would. On that very same date, the traders sold their shares and made a profit of more than $648,000.
The group then it stopped there. On January 25th, 2012, Caterpillar gave another press release to Newswire. And this one said the company's profits were up 36% from the year before. And just like what happened three months earlier, after this press release was uploaded to PR Newswire, the traders appeared and began to move Caterpillar stock. This time they purchased around 600 shares, which was about $8.3 million. And the brokerage account they used was an account that was registered to RKD.
While all this was going on away from prying eyes, there was some serious unrest going on in the front-of-house of these news wires. In the very same month, the Arkady was making these insider trades on Caterpillar for millions of dollars. Market Wired filed a $25 million lawsuit against PR Newswire. They were blaming their rival for poaching their staff. The concern was that they were trying to get their hands on confidential information and trade secrets
from inside the company. A senior staff member at Marketwire, their chief technology officer, had left and started working for PR Newswire, and a couple of the staff followed and joined him. So everything was not rosy between these two newswires. But while they were battling it out in court, they didn't know at the very same time Ivan was rummaging around in their servers, stealing extremely sensitive information. Forget about staff breaching confidentiality. They should have been focusing on securing their networks better.
I don't think anything actually came of this lawsuit and the two companies just ended up being disgruntled at each other. It was just a weird time for them to be focused on this, which might be a reason why they didn't spot intruders lurking about in their servers. So this scheme was becoming a pretty well-oiled machine of securities fraud, two distinct skill sets coming together to make millions of dollars, hack into companies and steal press releases, and then make trades based on that information.
With each new press release, it was a potential big payday for them. And with so many press releases, it was just rinse and repeat and reap the rewards. Ivan didn't know who Arkady was hiring to do the trades. At least I don't think he knew. And I'm fairly certain the traders didn't know who the hackers were either. And there was this layer in between. Middlemen, if you will, there to act as a messenger and go between.
Like Pavel, which is Arkady's brother, they were the fire break that stopped prying eyes or investigative hands from finding direct links between the hacker group and the trading group. At least they were supposed to be.
By the time 2012 rolled around, Ivan had been sailing along in a real comfy position. Ivan is a bit flashy with his gold clocks, nice cars and big house, as I mentioned before. Earlier that year, he was in a club in Kiev and decided to brag to some of his friends about this amazing scam that he's been pulling off for years. But this was a mistake.
Don't get drunk and tell people about your very profitable hacking scheme. One of these friends of his was Olik Sander Ehrmanko. He was in his 20s, similar age to Ivan, and they worked together in the past. So Olik thinks this gig sounded pretty cool and wanted to get in. But instead of asking nicely to be let in, he decided to double cross Ivan. Or maybe he asked Ivan nicely, but Ivan said no, I don't know.
Now, according to The Verge, it sounds like Olic called his friend Vadum, and together they figured out what this whole scheme was, and they wanted in. They hacked into one of the news wires themselves and cut Ivan's access off. They just chucked him out and sat in there themselves. So this news wire was completely unaware that they've been hacked twice now by competing hackers with one hacker being locked out and a new set of hackers being put in this place.
Ivan had a big problem. He lost access to a big source of these very valuable press releases, and worse, his own friends were sitting there instead. He tells his middleman, who deal directly with the traders, what happened. And safe to say that no one on that side was pleased to hear this.
So a new deal got made. Oluk and Vadim's little takeover stunt worked. And they both got brought into the fold. The traders were happy again. The more hackers means the more press releases and the more chances to make money, even though was not so happy about this change. Now he had to split his share with these other two compared to just having it all for himself. He wasn't the sole hacker anymore. And that means a big hit on his profits.
While Ivan's distracted by his friends hustling in on this scam, he didn't notice some attention starting to come his way from the US authorities, and it was a sign of what was to come.
Now, news wires are the same as any other company. They take their network security seriously and regularly do audits and checks to make sure that their systems are secure. And sometimes they find something, maybe permissions, or to relax on some system, or things weren't locked down like they should. But whatever security they had in place, it wasn't enough to stop this crew or detect them once they got in. But in March of 2012, the FBI told PR Newswire that they've been breached.
And this is how they first heard their systems were compromised. The FBI somehow saw this was happening before PR Newswire even knew it was going on. According to the Verge, PR Newswire then called in a security firm called Straws Friedberg to investigate what was going on in their networks. And during that examination, they found Ivan's back door and they saw how he was stealing press releases.
The tech guys obviously removed it and cut Ivan's access off, and after some panicked emails to Ivan's middleman, it was Olik who managed to get code back into the systems and restore their access into PR Newswire so they could continue. But, unbeknownst to them, the authorities were now on to Ivan and they had him firmly in their sights.
Working in tandem with the US, Ukrainian intelligence services put surveillance on Ivan. What triggered them initially to find him exactly? I don't know. But by watching Ivan, they found out pretty quick who his friends were. And eight months later, with the help of the FBI and the US Secret Service, nine properties in Kyiv were raided. Both Ivan and Olik's laptops were seized in the raids. And these were the laptops the two hackers were using to access the newswire systems.
There were hundreds of stolen press releases on them, and reams of online chat logs which gave the feds clear insight into the whole operation. A big success, you would think. But then it all went silent, like eerily quiet. Nothing happened at all for a while.
There was evidence that they had identified culprits, but nothing went any further. You see, Ukraine has laws in place that prohibit extraditing their own citizens to another country. Under the constitution of Ukraine, citizens are guaranteed care and protection. So Ivan and Olik were, at least for the moment, safe from U.S. authorities, and they knew it. So they did what all money hungry hackers do. They carry on with this game.
Hackers know the value of information. Yeah, there's different motives for when people hack stuff and different targets, but really, most of it is about information. Who has it, who wants it, and how much can it be sold for? Financial, business, or personal, data is ridiculously sellable, and the more value it is to the buyer, the more profit it will be to sell.
The longer the scam was running, the more confident everybody got. But the hackers were not traders. They didn't follow the stock markets. They didn't know which press releases were necessarily more valuable or useful than the others. In 2012, a group of traders involved in the scam had expanded. A new guy was brought on the team. His name was Leonid Mobotek.
Leonid was a stock trader friend of Archides and worked in construction for his day job, and they went to church together. He was 46 years old and lived in Suwani, which is in Georgia in the US, a pretty city, about 30 miles away from Atlanta. Archides introduced him to the scam, and he opened up a set of brokerage accounts with TD Ameritrade, and he started trading on the stolen press release information.
The traders eventually got into a groove. They knew which companies used which newswire agencies and when upcoming press releases were going to be released. So they started requesting which press releases they wanted early access to. It was like an order system.
On October 8, 2013, Pavel sent his brother Arkady a spreadsheet of 18 companies due to announce press releases. Arkady sent it to his business partner, Alexander, across the rest of October, Vitaly, Arkady and Leonid all made large trades on six of these companies right before the releases were published.
The traders were sending the hackers their shopping list of press releases. In October 2013, a company called Align Technologies sent their press release to Market Wired. I guess Market Wired changed their name from Market Wire to Market Wired, just to be confusing. But for Align Tech stock, in that 15-hour window between when the press release was uploaded to when it was made public, Arkady had purchased 91,000 shares
Two hours after Arkady's trades, Vitaly pops up and buys 95,000 shares. And after that press release went live to the public, the pair unloaded their positions and made about $1.4 million in profits. This scheme was on fire and seemed to be doing better than ever. The traders were making enormous profits on this insider information and the hackers were happily getting paid a percentage cut for every trade. Everyone was happy.
Now, Arkady had been in on this from day one, and he decided he'd kind of like to expand this a little more and make more money. Money is attractive, right? And so, I think he was taken in by the allure of all the cash and spending of watching his offshore bank account grow. So early to mid-2013, he brings in another trader to join his group. This guy's name is Vlad.
And he's a trader. He used to work on Wall Street that Pavel knew. And once Pavel made the connections, he introduced his arcade to Vlad. And Vlad had his own trading company in UK, but he lived in Brooklyn, New York, and traded on Wall Street a lot. But he has a home in Odessa in Ukraine. Vlad really liked his plan and was on board. And the deal was done. Vlad came in on the same plan that Vitaly was in on. Arcady opened up a brokerage account and funded it.
And Vlad and Vitaly just did their trades. Vlad got a percentage cut just as Vitaly did, and Vlad was just another trader in this scheme. But I'm not sure if Arkady told the hackers about this new trader. I mean, if the hackers knew there was a new trader here bringing in all kinds of extra money, they'd know that they should be getting a cut from those profits. So it's possible Arkady didn't tell them.
I'm not sure. But for a person who isn't afraid to break a bunch of laws to make more money, I wouldn't put it past him that he was keeping some secrets from his own team. Arkady was ready to bring on even more people. But of course, it's hard to find people you trust. So he turned to his son, Igor.
Igor helped to move the press releases around and get them to Vitaly and Vlad. And I don't think Vitaly or Vlad knew each other either. In fact, they may have never even met each other during this whole scheme. Soon though, that would turn completely on its head.
The morning of Tuesday, August 15, 2015, started as a quiet day for Vitaly. He was at home in his Glen Hills, Pennsylvania house when he heard a knock on the door, and when he opened it, he was greeted by a team of FBI agents with a warrant for his arrest.
Vitaly was handcuffed, hands behind his back, and led out to awaiting police vehicles. And just about 900 miles away in Georgia, at the exact time, two more FBI teams were knocking on other doors. Arkady and his son were arrested, and in the same morning, Alexander and Leonid were also arrested in their homes that morning.
Vadim, one of the hackers, had already been arrested on completely separate charges of credit card fraud. Vadim was picked up while he was on holiday in Mexico like a year earlier, and he had been handed straight over to the U.S. authorities when he got arrested. Within hours, New Jersey U.S. Attorney Paul Fishman was leading a press conference explaining the day's events. Here's a clip from that.
This morning, we're here to announce criminal and civil charges in a broad-ranging, cutting-edge international scheme at the intersection of hacking and securities fraud. For more than five years, hackers largely operating in Ukraine repeatedly penetrated the networks and servers of market-wired, PR newswire, and business wire. Over that five-year period, using a variety of hacking techniques
tactics, including brute force attacks, SQL injection attacks, and fishing. Those hackers stole well over 100,000 confidential news releases before they were distributed. Two indictments, charging a total of nine individuals. We allege that the conspirators stole more than 100,000 news releases, traded ahead of more than 800 releases, and made more than $30 million.
In addition, the SEC has filed a civil complaint charging those individuals and a host of others with similar trading conduct. We also collectively, among all of us, have seized 17 bank and brokerage accounts so far, which we believe contain more than six and a half million dollars. We've also collectively seized 15 properties, including a houseboat, a shopping center, and an apartment complex.
The New Jersey indictment charged Vitaly, Vlad, Alexander, and Leonid with five charges of conspiracy to commit wire fraud, securities fraud, and money laundering conspiracy. The New York indictment charged Arkady with 23 more charges of wire and securities fraud, aggravated identity theft, and money laundering.
Not only did they charge Arkady with all that, but they also charged his son Igor and his brother Pavel with more charges. Ivan and Olik, the hackers involved, also were charged with the same 23 charges. Along with the criminal charges in the two indictments, the SEC also filed a civil complaint against Arkady, Pavel and Igor Dubavoy,
Ivan and Oleg, Vlad and Vitaly, and Leonid and Alexander. And that complaint also charged another 23 individuals and companies who had been trading on this stolen information. It sounds like those in on the scheme couldn't keep quiet, and we're telling others to do some trades too. Mary Jo White, the SEC Chair, explained more at the press conference.
While the SEC has uncovered and successfully litigated hacking and trading schemes in the past, today's international case is unprecedented. In terms of the scope of the hacking at issue, the number of traders involved, the number of securities unlawfully traded, and the amount of the profits generated.
A total of seven people were arrested that were involved with this scheme, and pretty quickly people started admitting to guilty, please. Alexander, Arkady, his son Igor, and Leonid all pled guilty, but Vitaly and Vlad both stuck with saying they weren't guilty. These two traders were trying to say that they had no idea the information they got was stolen or insider information.
Which means they brought this whole case to trial, which is great news for me, because as a journalist, I can now see all the information in this case, the evidence, the testimony. It all went into the public domain over this four-week trial. Vitaly had almost 80 members of his church congregation support him during his first court hearing. They couldn't believe their pastor could be involved in something as shady and dishonest as this.
But this was no match for the SEC Secret Service and FBI on the prosecution side. They came with piles of evidence showing exactly what Vitaly traded and when and how they tied him to RKD. Prosecutors claim that Vitaly made over $15 million from insider trading he conducted.
They even had logs and evidence collected from the raids in Ukraine off of Ivan and Olik's laptops, and they showed how the group changed IP addresses, used VPNs, multiple computers, burner phones, and offshore accounts to conduct this scheme. It was pretty clear that Vlad and Vitaly knew exactly what they were involved with.
Some of the most damning evidence came against the pair from Arkady and his son Igor. They had been arrested in the raids in 2015 and both pled guilty to the charges against him, but they started producing evidence against Vitaly and Vlad too, which looks to me like they may have done that to look like they're cooperating and maybe reduced jail time. The court found Vitaly and Vlad guilty of all charges. Vitaly had to serve five years in prison, along with an order to pay $14 million in forfeiture.
And a $250,000 fine. Vlad was jailed for four years. A year later in 2019, Leonid was sentenced by a New York judge to three years of supervised release and was ordered to pay $1.3 million and do $100 of community service. A month later, Alexander was sentenced to time served
Alexander gave evidence against Vitaliy and Vlad during the trial, which the judge found especially compelling according to a news report. Alexander cooperated with authorities after he was arrested and aided their investigation into the scheme and how it all worked.
Vadim was the only hacker to be caught by US authorities in this scheme. He was arrested for credit card fraud through hacking, but the feds soon linked him to Oleg. Vadim pleaded guilty in May 2016 and took a plea deal. He admitted personally to hacking all three of the newswires and stealing employee credentials. He also admitted to selling the information he stole. A year later, he was sentenced to two and a half years in prison with a three year supervised release to follow. He was ordered to pay restitution of just over $3 million.
Arkady and his son Igor, from what I can see, they're still awaiting sentencing. After their guilty pleas, everything just got delayed because of Covid. The authorities said that there were a total of 32 people involved with this scheme in some way or another. Seven got caught and were found guilty that we know of, but three key players remain in the wind.
The hackers Ivan and Oleg and Arkady's brother Pavel. All three are suspected to be in Ukraine, which is sort of protected from the long arm of the US authorities. But the US Secret Service has put a $1 million reward for the capture of Oleg. Supposedly after this, Oleg went on to hack into the SEC itself and then sold that information he stole to someone else.
potentially using it to make money on the stock market too. Ivan and Pavel are also on the US Secret Service list of most wanted fugitives, but there is no reward listed for them.
In the end, this scheme seemed to make everyone a profit of over $30 million, which is quite an epic run. And I find this whole scheme somewhat surprising. I just never thought about using hacking to steal financial information to then use to make money on the stock market. It's pretty clever and inventive, if you ask me. It's also fascinating to see how the SEC has tools now to detect when people are making huge profits very quickly and are able to do it again and again. The average trader doesn't make profits like that.
for the SEC to spot anomalies in real time. That's going to cut down on the ability for anyone else to do this in the future. But in the end, I think this crew was driven by greed. $1 million wasn't good enough. $5 million wasn't good enough. $10 million wasn't good enough. And of course, one newswire agency wasn't good enough. Neither were two. They wanted all three. And then they kept expanding their team and making their trades more frequent. And at some point, you simply can't hide all these tracks and wash all your accounts and phones fast enough.
And if it feels like you're able to do all this and get away with it, then yeah, I can see you might get lazy and cut corners on how everything is done. So in the end, I think it was greed that brought this whole thing crashing down.
If you like the show, you might want to check out the shop. I've been working hard at making some pretty cool shirts for you. There are over 30 designs now, and surely there's one that you would like. So head over to shop.darknetdairies.com and pick up a new shirt. This show is made by me, The Shadow, Jack Recider. This episode was written by Fiona Guy, sound designed by
Me? Oh yeah, that's right. I added the music for this episode. Editing helped this episode by the D.V.S. Damien. Our mixing is done by Proximity Sound, and our theme music is done by the Wicked Fast Freak Master Cylinder. A hacker went into a bar, and he said, give me your strongest link. This is Darknet Diaries.