SEC charges nine in 2016 EDGAR hack, insider trading scheme

hacker looking at screen

The Securities and Exchange Commission charged nine individuals and organizations with participating in a 2016 scheme to hack into EDGAR, the commission's financial filing system, and use nonpublic information to profit from illegal trades.

According to the SEC complaint made public Jan. 15, Ukrainian hacker Oleksandr Ieremenko and others obtained thousands of draft or "test filings" from EDGAR's servers that included nonpublic corporate earnings information. Those filings were then passed along to individual traders and companies in the United States, Ukraine and Russia, who made money trading off the information. Ieremenko was able to pass himself off as an authorized EDGAR user, according to the complaint.

The same day that the SEC announced its charges, the United States Attorney's Office for the District of New Jersey charged Ieremenko and Ukrainian national Artem Radchenko with securities fraud conspiracy, wire fraud conspiracy, computer fraud conspiracy, wire fraud and computer fraud related to the hack.

Altogether, six traders and two companies are accused of making hundreds of trades to generate at least $4.1 million off the scheme. Two of the traders charged, David Kwon and Sungjin Cho, are listed as residing in Los Angeles, Calif. Ieremenko and all but two of the trader defendants (Kwon and company Spirit Trade) were also charged in 2015 with a similar scheme to hack, steal and trade off nonpublic information from newswire services to generate more than $100 million in illegal stock trades.

After the SEC discovered the compromise in October 2016 and patched the flaws, Ieremenko attempted to regain access to EDGAR in 2017, conducting a series of phishing and spoofing campaigns against SEC computer users and posing as a member of SEC security staff in order to plant malware on targeted devices with access to the system.

The SEC complaint states that "none of the post-October 2016 efforts appear to have led to access to test filings containing nonpublic material." However, the indictment submitted by the U.S. Attorney's Office in New Jersey states that Ieremenko and Radchenko "successfully infected a number of SEC computers with malware." They used them to "probe the SEC's network and to steal information to use in their ongoing efforts to gain unauthorized access to Test Filings."

EDGAR, short for Electronic Data Gathering Analysis and Retrieval, has been in use since the 1990s, and in 2017 then-SEC Chairman Jay Clayton told Congress that the vulnerabilities used in a 2016 data breach involved "the exploitation of a defect in custom software" used for the system. The SEC has since created a senior advisor position for cybersecurity policy and contracted with cybersecurity vendor FireEye for forensic investigative services related to the hack.

The SEC has had plans to replace EDGAR since at least 2008, and in 2016, the agency awarded a $6.1 million contract to Sapient Government Services to gather requirements for a bid to redesign the system, with a target date early 2019 for procurement. A call to the SEC Office of Public Affairs for information on an updated procurement timeline was not immediately returned.

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at [email protected], or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


  • People
    Federal CIO Suzette Kent

    Federal CIO Kent to exit in July

    During her tenure, Suzette Kent pushed on policies including Trusted Internet Connection, identity management and the creation of the Chief Data Officers Council

  • Defense
    Essye Miller, Director at Defense Information Management, speaks during the Breaking the Gender Barrier panel at the Air Space, Cyber Conference in National Harbor, Md., Sept. 19, 2017. (U.S. Air Force photo/Staff Sgt. Chad Trujillo)

    Essye Miller: The exit interview

    Essye Miller, DOD's outgoing principal deputy CIO, talks about COVID, the state of the tech workforce and the hard conversations DOD has to have to prepare personnel for the future.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.