THE SEC has finalized its case against two Estonian citizens and a financial services firm for hacking into Business Wire’s computer system and trading in advance of more than 360 press releases — but how the scheme was pulled off remains shrouded in mystery.
Judge Robert W. Sweet of the United States District Court for the Southern District of New York issued a final judgment against Lohmus Haavel & Viisemann (LHV) and its former employee Oliver Peek, 24. Peek must pay disgorgement of $13 million, representing the illegal profits from the alleged scheme, and a civil penalty of $1,350,000. LHV was ordered to pay a civil penalty of $650,000. Last August, Kristjan Lepik, 28, a former partner of LHV, was ordered to pay disgorgement of $551,958 plus interest of $10,181 and a civil penalty of $15,000.
In a release issued yesterday, the SEC said “the defendants conducted a fraudulent scheme involving the electronic theft and trading in advance of more than 360 confidential, non-public press releases issued by more than 200 U.S. public companies. The Commission alleged that the defendants illegally traded on confidential, non-public information fraudulently stolen from the website of Business Wire, a leading commercial disseminator of news releases and regulatory filings for companies and groups throughout the world.”
However, back in November 2005 when the SEC first announced details of this case, Business Wire seemed to dispute the SEC’s facts. Lorry Lokey, chairman and CEO, Business Wire, said no one “gained access to our news release file prior to distribution to the media and investment community. Some of the SEC statements in its complaint have been misinterpreted.”
Business Wire also said back then that it played a key role in helping the SEC with their investigation. The SEC’s release at the time, however, made no mention of Business Wire’s cooperation even as the commission made a point to “acknowledge the assistance of the New York Stock Exchange, the NASD, the Philadelphia Stock Exchange, the Chicago Board Options Exchange, and the Pacific Exchange.”
In its official complaint, the SEC explained the scheme in this way:
In connection with more than 360 confidential press releases issued by more than
200 U. S. public companies, defendants LHV, Peek, and Lepik, through a series of
fraudulent acts, repeatedly have electronically stolen material non-public information from a
secure website for the purpose of executing hundreds of securities trades based on that
information, successfully making at least $7.8 million in the process.
To effect their fraudulent scheme, LHV, Peek, and Lepik obtained client access, in
the name of LHV, to a secure website that is operated by Business Wire, Inc. (“Business
Wire”) for the purpose of permitting Business Wire clients to submit news releases for
dissemination to the public.
Then, using that access, LHV, Peek, and Lepik have unleashed on that website a
type of computer program called a “spider” that systematically retrieves sensitive, secure,
password-protected information about client press releases scheduled for public
dissemination by Business Wire.
With the non-public information in hand, LHV, Peek, and Lepik trade ahead of the
public dissemination of that information and, again, after the news is made public, almost
always realizing a profit.
I’m still wondering just how it is that Business Wire can claim its clients’ news releases were not hacked prior to being made public. Seems like a lot of ass covering to me.