How Ukrainians have turned one of the biggest frauds in US history
Once, in the spring of 2012, while sitting in one of the nightclubs of Kiev, 24-year-old Ivan Turchinov was getting drunk before his hacker colleagues. Turchinov boasted that for years he had stolen unpublished press releases from news feeds and pounded them to stockbrokers through intermediaries in Moscow in exchange for a percentage of the proceeds, the newspaper writes The Verge.
Another participant in the hacker party, Alexander Eremenko, who knew Turchinov before, decided that he also wanted to participate in this scam. Together with a friend Vadim Yermolovich they hacked the Business Wire site (a company that publishes full-text press releases from thousands of corporations, - Ed.), stole Turchinov’s access to the site’s content and drove a Moscow intermediary, known by the nickname eggPLC, to accept them as a share. So there were three hackers.
News services like Business Wire are aggregators of corporate data, press releases, official announcements and other information affecting the market. There is a strict embargo on its premature publication. In just five years, three American news feeds were cracked. Various methods were used from SQL — intrusions and phishing emails to malicious Trojans and stolen passwords. Traders from the US stock market began to order the most long-awaited press releases from hackers. Those pumped the stolen materials to foreign servers in exchange for 40% profit - and the money was withdrawn to offshore accounts. After interviewing a number of sources, both in fraudsters and law enforcement agencies, and reading a number of court documents and chat logs, The Verge traced how one of the biggest machinations in American history developed.
This case clearly demonstrates the revolution that the Internet insider trading has made. To get inside information, traders no longer need trustees in companies. Now they turn to hackers. And those have a wide range of loopholes: a large corporation or a bank with security may be doing well, but their counterparties — financial and law firms, brokerage and investment firms, or the same news feeds — are far from always.
As one of the participants of the fraud noted, the level of security within the company itself does not matter:
“The human factor cannot be excluded. There is always an employee who clicks on a phishing email. Or gladly sell your password for a fee. "
“Almost all organizations involved in collecting financial data that are of some value to traders were subject to hacker attacks,” explains Scott Berg, director of the American Cyber Center, a non-profit research institute advising the US government. “As well as all the bureaus of economic analysis in all large countries - they, most likely, were also hacked,” he adds.
Basically, according to Berg, these attacks are ignored. We are talking about well-thought-out targeted operations, and companies refrain from reporting them publicly in the hope of avoiding trouble, minimizing reputation losses, or simply because they don’t even know what was stolen from them.
Over the past eight years, the US Securities and Exchange Commission has strengthened its cybercrime staff with three new departments and urged companies to strengthen their own security for the sake of early detection of gaps. To some extent, these measures have been successful - as evidenced by the recent case of Chinese hackers who have been introduced to law firms - but this is still a game of cat and mouse. Even the commission itself has no security guarantees: it was hacked in 2016. The attack was hushed up for a year, which led to accusations of hypocrisy.
The struggle is complicated by the international nature of hacking. Shortly before Turchinov boasted about his exploits, he was taken to the pencil by the US Secret Service, whose duty it is to protect the country's financial infrastructure.
According to court materials, starting from 2012, Business Wire news tapes, PR Newswire and Marketwired, all they did was to patch up security holes and clean up Trojans in an attempt to strengthen their protection. Askari Foy, a security expert and former employee of the Securities Commission, said that the established practice was this: firms contacted the FBI, they began an investigation, and the authorities thereby gained access to their security systems.
When PR Newswire received an alert for a potential March 2012 breach, they hired a private company, Stroz Friedberg, to investigate further. Turchinov Trojans discovered and uninstalled, according to court records. 27 in March, he panicked complains accomplices in Moscow.
“Contact me immediately. There were problems. First and foremost, PR is covered. They got wind of everything and cleaned out our shit. New is not ready yet, I am waiting for instructions. This happened on 13 [March]. Secondly, your dudes opened. They were making too big bets, there was a sensation, and now everyone is talking, that, well, not a season. ”
However, by 30 in May of the same year, thanks in large part to his new colleague Eremenko, hackers restored their access to PR Newswire and continued their dirty deed.
The US Secret Service requested assistance from the special services of Ukraine, as is evident from the American court materials and as indicated by agent Alexei Tkachenko. In Ukraine, began daily surveillance of Turchinov.
His acquaintance, questioned by Ukrainian agents, showed that Turchinov communicates with approximately ten peers, including accomplices Eremenko and Yermolovich. According to him, they always have a lot of money - in the absence of obvious sources of income. It turned out that Turchinov has a house in Koncha-Zaspa, and this is Beverly Hills's Kiev answer. Finally, on social networks, he boasted a luxurious collection of gold watches, a pistol and a chic auto and regularly published photos from Kiev nightclubs with friends.
In November, 2012, the Ukrainians, in tandem with the US Secret Service, which the FBI has now joined, searched the eight apartments in Kiev and its environs. Confiscating Eremenko and Turchinov’s laptops, they found hundreds of press releases, as well as correspondence, where details of the fraud were discussed. A few months later, Special Agent of the US Secret Service Alexander Parisella arrived in Ukraine to interrogate Turchinov, Eremenko and others.
From this point on, the case has died down. Ukraine does not give out its citizens, so Parisielle had no choice but to try to extract from the hackers more information about stolen press releases and information about credit card holders.
But in Ukraine, hackers were left without a sentence. Law enforcement officials reported that they did not receive the requested request from the United States, which was confirmed by an American agent. It seems that the Ukrainian special services conceived to do something with Turchinov, the main suspect of the Americans.
“He simply bought off the cops. True, not with money. He gave them his collection of watches, and she pulled half a million. I gave away the house too. It even dawned on the Bentley, and they told him: “So, now you work for us, otherwise you will go to the USA,” said a person who had close contact with Turchinov.
Special Agent Parisella rolled back to the States, and Turchinov continued to crack the press releases - this time at the instigation of the Ukrainian special services, said the head of the Ukrainian cyberpolice Sergei Demedyuk. Intelligence agencies have launched their own scam regardless of Moscow intermediaries: Turchinov supplied them with data, and they poured them into their own traders, explains Demedyuk.
“It was so, and there’s no point in locking up,” he says, recognizing that the security services were making money on illegal transactions.
The Ukrainian special services themselves refused to comment on their participation.
The roots of this fraud are very complicated. At the trial, one witness said that a certain “Valeriy” was in charge. Other witnesses report that a certain Roman Vishnevsky went out to the traders. Judging by the nickname in Skype and the list of contacts, it was the same stockbroker who, at the age of 26 years, was praised by Forbes magazine for success. Wisniewski declined to comment. Neither one nor the other charges were ever brought, although Wisniewski last traveled to the United States in November 2017. In the network, the alleged leader of the gang appeared under the nickname eggPLC.
Demedyuk and others, who wished to remain anonymous, believe that eggPLC is a St. Petersburg-based resident in Moscow who has been employing hackers since 2008, or even earlier. On a number of dark internet forums where stolen information and personal data are sold, orders from the eggPLC hackers have been repeatedly met by the Word correspondents. One of the implicated fraudsters showed that, thanks to the data obtained, he lowered or, on the contrary, drove up the stock prices, concluding transactions from his accounts. The old speculators' scheme known as “pumping and dumping” got a second wind in the middle of 2000-s when hackers joined the stock manipulations.
According to the stories of Demedyuk and insiders, it turns out that eggPLC recruited Turchinov somewhere in 2009. Turchinov sent eggPLC and two other intermediaries to Moscow for stolen press releases. Hackers took the 40 percent commission, and the intermediaries demanded another 10%. Judging by the profiles in ICQ, the network pager that was once popular in Russia, eggPLC was being driven over the Internet by an entire underground company. One of the profiles was his personal one, the other one was eggPLC support.
More and more traders flew to stolen press releases in Moscow, St. Petersburg, Kiev and the USA. Some worked for investment companies, others - for themselves. More and more people connected through the word-of-mouth radio, circles of acquaintances spread.
Among them were the brothers Pavel and Arkady Dubovy from a respected and wealthy clan of Ukrainian Baptists. He strongly rose to privatize industry in the 1990's. In the middle of 90's, Arkady, the owner of an ice cream factory in Odessa, moved to a suburb of Atlanta, taking advantage of the law on the persecution of religious minorities in the former Soviet Union. Pavel studied in the USA for a while and maintained contact with his brother. As part of the clan, they returned to Ukraine when their nephew Alexander became a member of parliament in 2007.
After his return, in November 2010, Pavel Dubovaya sent an email to Arkady's construction company partner with instructions on how to get access to the stolen press releases.
After the Christmas holidays, Arkady and his business partner Alexander Garkusha traveled from Alfaretta, Georgia, to Atlanta Airport to meet with a Baptist pastor and part-time stock exchange speculator from Philadelphia named Vitaly Korchevsky.
Korchevsky, in the past Morgan Stanley’s portfolio manager, had in immigrant circles, where many did not know English well and were poorly oriented in American life, the reputation of financial planning docks. Among the Slavic Baptists of the USA, Korchevsky was also respected - he was often called to preach in the USA and the former USSR.
By the beginning of 2000, Korchevsky quit Morgan Stanley in New York and moved to Philadelphia, where he traveled around the district in the evenings, meeting with co-religionists, whom he invited to religious meetings. Later, he organized a union of Russian-speaking churches from 28 and spent much of his savings opening his own church in Philadelphia. In addition, he sponsored the emigration of his flock from the former Soviet Union, as he had previously done in 1980. Often, immigrants lived for a long time at his home and moved out only after finding work and their own roof over their heads.
“Yes, he was very pious, but having gotten to know him better, I saw in him and a business vein. “He had big ambitions, and he was a complete egoist,” said one Baptist, who had known Korchevsky for over thirty years. “He loves to rule, loves when he is respected and tried to imitate him.”
Arkady and Garkusha met at an airport cafe to discuss matters with Korchevsky. Negotiations began neither shaky nor shakily. At first, the scam did not make an impression on the pastor: they say that these press releases that you show me here are all in the public domain. Arkady went home, finding that his brother had planted a pig for him. The next meeting was overshadowed by technical difficulties. It was only the third time that the server was correctly managed, and the stubborn pastor agreed that the case could be burned out.
Then Arkady began to start brokerage accounts. He knew English badly, so he had to ask others to write letters - for example, his son Igor. At trial, he stated that he did not understand securities, but he knew the computer at the user level - because of this, he said, he allowed Korchevsky to conduct business on his behalf for 10% of the profits. Korchevsky, who was then in charge of opening the fund in Philadelphia, secretly made deals from other accounts, for which he subsequently paid for it: the group was no longer merged because they stopped paying “commissions” in full.
Arkady led his game on the side. Brother Paul introduced him to another Wall Street speculator, Vladislav Khalupsky, who was torn between Odessa and Brooklyn. Arkady opened his account Khalupsky. By his own admission, he wanted to compare who would be more effective - Korchevsky or Khalupsky. In addition, Arkady sent his son Igor to Odessa to learn how to play the stock exchange in the Khalupsky firm.
The fraud was growing: friends, relatives, colleagues, and parishioners joined the reliable and seemingly fool-proof enrichment scheme one by one. Two managers from the Ukrainian firms of Arkady opened accounts, after which two relatives from Odessa joined (the Oak clan is extensive, and only five of its members are involved). A year later, the accountant of Arkady and his co-founder Leonid Momotok joined. Momotok, who knew the securities market well, opened several accounts, one of which was in the name of his brother. The more participants and disparate accounts are overrun, the more difficult it is for the authorities to reveal the fraud.
For people like Korchevsky, a US-licensed investment consultant with ten years of experience, the stolen press releases meant an easy money.
3 August 2011, in 18: 34, a press release from the pharmaceutical company Dendreon Pharmaceuticals was uploaded to PR Newswire. They published it after about half an hour, in 19: 01, when the exchanges closed. In the release it was reported that the new drug did not reach the planned level of sales. In 18: 56, when it was not yet published, and four minutes left before the stock exchanges, Korchevsky acquired 1100 options to sell - these papers give the right to sell them within a certain time. The next day, the shares of Dendreon fell by 67%, and Korchevsky nailed the sale of over 2,3 million dollars. From the printouts of telephone conversations, Korchevsky twice called the office of Arkady before the official appearance of the press release and twice more after the sale of options.
But it happened that traders lost. Contrary to the optimistic press release, shares of the Internet company Verisign unexpectedly fell in price 26 April 2013. The son of Arkady, Igor Dubovoy, wrote in an e-mail to Korchevsky: "Arkady ordered me to sell all the shares, please let me know: I must continue - or you have another person for this." In a short time, Igor sold out the share of the Oaks group with a loss of 114 038 dollars. After that, Igor sent Korchevsky another letter: “I have already sold everything, and only then I saw your letter. Not sure I did everything right. ” Korchevsky reacted calmly: “Nothing, this is not the end of the world. Strange, the numbers seemed to be correct. Unclear".
In Ukraine, the hackers were paid by Pavel, who had one account with Arkady. He transferred the money through a bogus British company to an account whose data was reported by an unidentified person, probably Roman Vishnevsky, who repeatedly appeared in the investigation as a connected Oak (comment Vishnevsky refused). In a letter dated February 2012 of the year, confirming the payment to Arkady, Pavel reported that 95 000 dollars had been transferred to Turchinov’s account in an Estonian bank. In a postscript, he wrote: "Our guys." The money was disguised as payment for construction equipment for the company Arcadia. Soviet Baptists often went into the construction business, because they did not receive support from the state. The letter also stated that 160 000 dollars were transferred to no one “Vlad” (aka Khalupsky), a Ukrainian-American trader and an investment consultant. Pavel sent his orders for expected communications from companies to Arkadia in Georgia and to hackers through intermediaries in Moscow.
How Pavel met Roman was unclear, but it was Roman, who worked directly for the leader, who introduced him to the course of all the machinations. What Paul earned a living is also not established. His nephew-politician Alexander called him in an interview with "The Verge" "technical specialist" and "freelancer", adding that he tried himself in the construction business. He does not know anything about his talent of a stock speculator.
In a telephone conversation in March, Pavel rejected his participation in insider trading and stock speculation. “Honestly, I have practically nothing to do with this. These are mainly my relatives, ”said Pavel about the verdict of the American authorities. “I am not involved at all,” he added, “I had never had any brokerage accounts, and I did not play on the stock exchange. I can not even imagine how this is done at all. I do not know what was going on there, and I don’t understand why they even dragged me at all. ”
Pavel declined the subsequent offers to meet, but did not answer specific questions on frauds.
Text translation prepared edition InoSMI.
Read also on ForumDaily:
stdClass Object ([term_id] => 1 [name] => Miscellaneous [taxonomy] => category [slug] => no_theme)Miscellaneous
stdClass Object ([term_id] => 249 [name] => exchange [taxonomy] => post_tag [slug] => birzha)exchange
stdClass Object ([term_id] => 377 [name] => Ukraine [taxonomy] => post_tag [slug] => ukraina)Ukraine
stdClass Object ([term_id] => 2268 [name] => fraud [taxonomy] => post_tag [slug] => mahinatsii)Fraud
stdClass Object ([term_id] => 13337 [name] => Our people [taxonomy] => category [slug] => nashi-ludi)Our people
Let's face the crisis together and support each other
Thank you for staying with us and trusting! Over the past 5 years, we have received a lot of grateful feedback from readers, whom our materials have helped to arrange life after moving to the United States. We have big plans, we do not want to stop or slow down the pace of work. Even now…
The COVID-19 pandemic has negatively affected our income, and in order to stay afloat, we have to ask YOU for support. We will be grateful for any amount and will make every effort to continue to publish news and a lot of useful information just as quickly.
Thank you for being with us!
Always yours, ForumDaily!
Security of contributions is guaranteed by the use of the highly secure Stripe system.
Do you want more important and interesting news about life in the USA and immigration to America? Subscribe to our page in Facebook. Choose the "Display Priority" option and read us first. Also, don't forget to subscribe to our РєР ° РЅР ° Р »РІ Telegram - there are many interesting things. And join thousands of readers ForumDaily Woman и ForumDaily New York - there you will find a lot of interesting and positive information.