Cyber Crime: Leonid Momotok to Computer Hacking And Trading Scheme
Georgia Trader Pleads Guilty To Largest Known Computer Hacking And Trading Scheme
More Than 150,000 Press Releases Stolen from Three Major Newswire Companies Used to Generate Approximately $30 Million in Illegal Trading Profits
Earlier today, Leonid Momotok, of Suwanee, Georgia, pleaded guilty to conspiracy to commit wire fraud for his role in an international scheme to hack into three business newswires and steal yet-to-be published press releases containing non-public financial information that was then used to make trades that generated approximately $30 million in illegal profits. The guilty plea was entered before United States Magistrate Judge Ramon E. Reyes, Jr. at the federal courthouse in Brooklyn, New York. When sentenced, Momotok faces up to 20 years in prison, as well as restitution, criminal forfeiture, and a fine.
The guilty plea was announced by Robert L. Capers, United States Attorney for the Eastern District of New York, and Diego Rodriguez, Assistant Director-in-Charge, Federal Bureau of Investigation, New York Field Office.
“Using non-public press releases stolen by overseas hackers, Momotok and his group of traders engaged in a brazen scheme that was unprecedented in its scope, impact and sophistication,” stated United States Attorney Capers. “Today’s guilty plea demonstrates our steadfast commitment and preparedness to combating the ever-evolving threat of cybercrime and to protecting the integrity of our financial markets.” Mr. Capers thanked the Securities and Exchange Commission (SEC) and the Department of Justice’s Office of International Affairs (OIA) for their cooperation and assistance in the investigation.
“In one of the most sophisticated insider trading cases we’ve seen to-date, Momotok and other traders used information to trade on from not yet released press releases obtained by hackers from newswire services. The scheme profited the traders approximately $30 million in ill-gotten profits. Today’s guilty plea should send a message to others who seek to cheat the system for a lucrative payday- these schemes only end with prison time and forfeiture of those profits,” stated Assistant Director-in-Charge Rodriguez.
According to court filings and facts presented at the plea hearing, between February 2010 and August 2015, computer hackers based in Ukraine gained unauthorized access into the computer networks of Marketwired L.P., PR Newswire Association LLC (PRN), and Business Wire (collectively, the “Newswire Companies”). The hackers used a series of sophisticated cyber-attacks to gain access to the Newswire Companies’ computer networks. Once in the computer networks, the hackers stole press releases about upcoming announcements by public companies concerning earnings, gross margins, revenues, and other confidential and material financial information. At one point, one of the hackers sent an online chat message in Russian to another individual stating, “I’m hacking prnewswire.com.” In another online chat, the hackers stated that they had compromised the log-in credentials of 15 Business Wire employees.
To capitalize on this stolen information, the hackers shared the stolen press releases with Momotok and other traders through overseas servers. In a series of emails, the hackers provided the traders with credentials and instructions on how to access and use the overseas servers. To assist the hackers steal the most valuable information, the traders created “shopping lists” or “wish lists” for the hackers listing desired upcoming press releases from Marketwired and PRN for publicly traded companies. Once Momotok and the other traders received the stolen press releases, they used that information to execute trades ahead of the issuance of the press release. In order to execute trades before the press releases were made public, Momotok and the other traders sometimes had to execute trades in extremely short windows of time. Frequently, all of this illegal trading activity occurred on the same day. Momotok and the other traders traded on stolen press releases containing material nonpublic information about publicly traded companies that included, among hundreds of others: Align Technology Inc.; Caterpillar Inc.; Hewlett Packard; Home Depot; Panera Bread Co.; and Verisign Inc.
Momotok and his co-conspirators’ gained more than $30 million from their illegal trades. In exchange for providing Momotok and the other traders with the stolen press releases, the hackers received a percentage of the illegal proceeds, which were transferred to them through foreign shell companies.
The government’s case is being prosecuted by the Office’s Business and Securities Fraud and National Security and Cybercrime Sections. Assistant United States Attorneys Christopher A. Ott, Christopher L. Nasson and Richard M. Tucker are in charge of the prosecution, with assistance provided by Assistant United States Attorneys Brian D. Morris and Tanisha Payne of the Office’s Civil Division, which is responsible for the forfeiture of assets.
The charges were brought in connection with the President’s Financial Fraud Enforcement Task Force. The task force was established to wage an aggressive, coordinated, and proactive effort to investigate and prosecute financial crimes. With more than 20 federal agencies, 94 U.S. Attorneys’ offices, and state and local partners, it is the broadest coalition of law enforcement, investigatory, and regulatory agencies ever assembled to combat fraud. Since its formation, the task force has made great strides in facilitating increased investigation and prosecution of financial crimes; enhancing coordination and cooperation among federal, state, and local authorities; addressing discrimination in the lending and financial markets; and conducting outreach to the public, victims, financial institutions, and other organizations. Since fiscal year 2009, the Justice Department has filed over 18,000 financial fraud cases against more than 25,000 defendants. For more information on the task force, please visit ww.StopFraud.gov.
Residence: Suwanee, Georgia
E.D.N.Y. Docket No. 15-CR-381 (RJD)