Updated April 27: Hackers made $2.7 million in one month by reading corporate press releases before they were published, US financial officials have charged. A single trade in stock of the security software vendor, Symantec, made more than $1 million in less than 12 hours, according to US Securities and Exchange Commission (SEC) documents.
The SEC, which regulates US stock trading, named Hong Kong-registered Blue Bottle Ltd, as being responsible for the trades. They also named Matthew Charles Stokes, a citizen of the island of Guernsey in the United Kingdom, in legal filings. However, investigators said that none of the internet addresses used for the alleged scam were in the UK, and also admitted that they could not confirm whether the names used were genuine.
Blue Bottle typically bought shares or options less than one day before the press releases were published, and sold them almost immediately afterwards, the SEC claimed. On January 16, the company made $1m in less than 12 hours by trading in Symantec put contracts
Blue Bottle's account was originally opened in November 2006, and no suspicious activity took place at that time, the SEC said. “In January 2007, the nature of the Defendants' trades changed. The trades more frequently involved the stock and or options of a U.S. public company just before that company released business and financial information likely to effect market values. The typical size of the Defendants' positions increased, the trades increasingly involved options, and the trades often resulted in significant profits,” the SEC alleged in legal documents.
“Given the disparate companies in which the Defendants traded, the nature of the Defendant's trading, the number of times Defendants profited from trading shortly before news releases, and amount of profits the trading generated, the Commission believes, and avers, that the Defendants employed devices, schemes, or artifices to defraud, which may include, but may not be limited to, hacking into computer networks or otherwise improperly obtaining electronic access to systems that contained material, non-public information about imminent news releases, and traded on the basis of such non-public information,” the SEC claimed.
In an apparently similar case 18 months ago, an Estonian company, Lohmus Haavel & Viisemann, and its employees were charged with using software to guess the filenames of unpublished press releases on the servers of Business Wire, which issues press releases on behalf of many major corporations. The scheme netted more than $7.8 million, the SEC said. Last August, the SEC settled with one of the traders involved, ordering him to pay more than $500,000.
Update April 27: The SEC has not been able to track down the alleged perpetrators, Blue Bottle Ltd and Matthew Charles Stokes, and has therefore announced a default judgment of more than $10 million in fines and damages against them. This indicates that the SEC has failed to recover any of the $2.7m profits from the alleged scam.