Insider Trading Via Cyber Intrusion Prosecutions
Insider trading through cyber intrusion involves unauthorized access to confidential, non-public information (such as earnings reports, merger plans, or stock performance data) from company networks or systems, and then using that data to trade securities for profit before it becomes public. These crimes combine cybercrime (hacking, data theft) and securities fraud, and are prosecuted under laws such as:
U.S. Securities Exchange Act of 1934
Computer Fraud and Abuse Act (CFAA)
Wire Fraud and Conspiracy statutes
Below are six landmark cases that detail how courts have dealt with cyber-based insider trading.
1. United States v. Dubovoy et al. (2015) — The “EDGAR Hacking” Case
Court: U.S. District Court, District of New Jersey
Facts:
A large-scale conspiracy involving Ukrainian hackers and U.S. traders infiltrated the computer systems of three major press release distribution firms—PR Newswire, Marketwired, and Business Wire. The hackers stole over 150,000 unpublished press releases containing earnings data from publicly traded companies.
The information was sent to traders before public release, enabling them to buy or sell shares and earn over $100 million in illegal profits.
Legal Issue:
The case centered on whether trading on hacked data constituted insider trading even though the hackers weren’t company insiders.
Court’s Decision:
Yes — the court ruled that hackers and traders could be prosecuted for securities fraud and wire fraud because they knowingly traded on material non-public information acquired illegally.
Outcome:
Multiple defendants, including traders and hackers, pleaded guilty.
Hacker Ivan Turchynov and trader Vadim Dubovoy were sentenced to several years in prison.
Millions in profits were forfeited.
Significance:
This was the first major case combining hacking and insider trading, confirming that cyber intrusions to access market-moving data are insider trading under U.S. law.
2. United States v. Dorozhko (2009) — Computer Hacking as Insider Trading
Court: U.S. Court of Appeals for the Second Circuit
Facts:
Ukrainian hacker Oleksandr Dorozhko hacked into a financial news service’s servers (Thomson Financial) and stole unpublished quarterly earnings for IMS Health Inc. He then purchased put options, profiting over $286,000 when the stock fell after public release.
Legal Issue:
Dorozhko was not a corporate insider, so the issue was whether hacking could amount to insider trading under the Securities Exchange Act.
Court’s Decision:
The Second Circuit ruled that even though Dorozhko was an outsider, hacking is a deceptive device under Rule 10b-5, making his conduct insider trading because he obtained the information through fraud and deceit.
Outcome:
The court ordered disgorgement of profits and permanently barred Dorozhko from future securities violations.
Significance:
This case expanded insider trading law to include outsiders using hacking to obtain confidential information.
3. SEC v. Blue Earth, Inc. Data Breach Traders (2017)
Court: U.S. District Court, Southern District of New York
Facts:
A group of international hackers accessed the networks of two New York-based law firms handling mergers and acquisitions. The hackers stole non-public deal information about upcoming mergers, including those involving Blue Earth, Inc., and traded the target companies’ shares ahead of public announcements.
Legal Issue:
Can trading on stolen law firm information constitute insider trading?
Court’s Decision:
Yes — the hackers and traders were charged with insider trading and wire fraud. The court emphasized that confidential client information held by law firms is protected under securities laws.
Outcome:
Several defendants from China and Eastern Europe were charged. The SEC froze accounts holding millions in illicit profits.
Significance:
This was among the first cases where law firm networks became targets for insider trading via cyber intrusion, highlighting the risks of weak cybersecurity in professional firms.
4. United States v. Hong et al. (2018) — The “Law Firm Hackers” Case
Court: U.S. District Court, Southern District of New York
Facts:
Three Chinese nationals—Iat Hong, Bo Zheng, and Hung Chin—hacked into two top New York law firms that advised on major mergers and acquisitions. They accessed email servers and insider communications, obtaining information on pending deals involving Intel and Pitney Bowes.
They used this data to trade ahead of announcements, earning over $4 million in profits.
Legal Issue:
Whether non-U.S. citizens hacking U.S. firms and trading abroad could be prosecuted in U.S. courts.
Court’s Decision:
The court held that since the hacking and trading affected U.S. securities markets, jurisdiction was proper. The defendants were convicted of conspiracy, wire fraud, and securities fraud.
Outcome:
One hacker (Hong) was arrested in Hong Kong and extradited; the others were charged in absentia.
Significance:
This case reinforced that international hackers targeting U.S. markets can be prosecuted under U.S. securities and cybercrime laws.
5. SEC v. Panuwat (2021) — “Shadow Trading” Case (Using Confidential Data Indirectly)
Court: U.S. District Court, Northern District of California
Facts:
Matthew Panuwat, an executive at Medivation Inc., learned confidentially that his company was about to be acquired by Pfizer. Instead of trading Medivation stock, he bought options in Incyte Corp., a similar biotech company likely to be affected by the news.
Legal Issue:
Could trading in a competitor’s stock based on inside information count as insider trading?
Court’s Decision:
Yes — the court held that using confidential information, even indirectly (through another company), breached fiduciary duties and qualified as insider trading.
Outcome:
The SEC’s case survived dismissal and went to trial — establishing that “shadow trading” is actionable insider trading.
Significance:
Though not a hacking case, it shows how non-traditional forms of insider misuse (including through cyber means) are prosecuted similarly.
6. United States v. Nagaev et al. (2020) — Russian Cyber-Trading Ring
Court: U.S. District Court, Eastern District of New York
Facts:
A group of Russian hackers, led by Artem Nagaev, infiltrated confidential newswire servers and extracted unreleased corporate earnings statements for hundreds of companies, including Home Depot and Boeing. They shared the data with traders worldwide.
Legal Issue:
The defendants argued they were not U.S. citizens and therefore not subject to U.S. insider trading laws.
Court’s Decision:
The court held that since they traded on U.S. stock exchanges, they were within U.S. jurisdiction.
Outcome:
Several traders were convicted; millions of dollars in assets were seized.
Significance:
This reinforced the principle that cross-border cybercrime connected to U.S. markets falls under U.S. securities laws.
Conclusion
These cases demonstrate that:
Cyber intrusion is treated as a “deceptive device” under securities laws.
Hackers and traders can both face prosecution, even across borders.
Courts have expanded insider trading law to cover digital-era methods such as hacking, data scraping, and shadow trading.
Punishments typically include prison terms, fines, forfeiture of profits, and trading bans.
RELATED Blog
0 comments