Trading stocks on information stolen by hackers probably seems wrong to most people, especially to those who have passed the tests required for a securities license.
Vitaly Korchevsky, a former Morgan Stanley vice president, and Vladislav Khalupsky formerly worked for firms licensed by the FINRA, said Thomas Carocci, counsel for the self-regulator’s criminal prosecution assistance group. Ethical practices and obligations are weighted to make up a quarter of the final grade in the Series 63 Test, which both defendants passed, he said.
"If you know what’s coming, you have an informational advantage," he said in federal court in Brooklyn, New York, on Tuesday.
Korchevsky and Khalupsky are on trial for conspiracy and fraud for making trades and recommendations on stolen press releases as early as 2010, according to prosecutors. Their lawyers claim they didn’t know the information was stolen. Prosecutors are presenting evidence of their training in securities markets to show that they’d likely know the releases were purloined.
Prosecutors say at least 10 people were involved in the plot, which brought in more than $20 million in illicit funds. Hackers poached information from as many as 150,000 press releases that were taken and used to inform trades on stocks including Panera Bread, Home Depot and Caterpillar.
Defense lawyers say Korchevsky, a pastor in his Philadelphia-area Slavic Evangelical Baptist Church, was misled by a fraudulent businessman, Arkadiy Dubovoy, and didn’t know the source of the information.
The group used a web of email accounts, devices and coded messages to coordinate the scheme and make trades based on the stolen information, the government said. Releases were extracted from Marketwired and over 43,000 requests were made for information in PRNewswire’s systems in 2010 and 2011. Business Wire’s cyber-security experts found malware on company servers and employee computers.
"There will always be holes," said James Gimbi, a cybersecurity consultant who investigated attacks on Marketwired’s systems. "It’s a matter of if the attacker who wants to get in there knows they’re there."
Cyber attackers were able to use employee credentials to gain access into servers, he said, and in one case, a hacker was able to gain access into Marketwired by entering "demo" as the username and password. They also used employee logins to elevate their level of access into the systems, Gimbi said.
He said he also found evidence the hackers took steps to "evade detection" and "cover their tracks," such as deleting logs that showed queries they ran or filed they pulled.