26 February 2008 | 26,336 views

Hacking Does Pay! US Law Let’s Hacker Keep Fraudulent Earnings

Check For Vulnerabilities with Acunetix

Ah I think it’s time for controversy on a Tuesday, what do you think about this case where a hacker got some info on a company about it’s soon to be plummeting share prices by breaking into their computer. By investing $41,000 in stock potion trading on the shares that were about to drop – he pocketed almost $300,000!

Even so the story has changed slightly, they said it wasn’t him that broke into the network – but it was someone else. Either way a hacker got the info and he exploited it.

Oleksandr Dorozhko made almost $300,000 in stock-option trading by using insider information that was obtained after someone hacked into a financial network and stole confidential information concerning a company called IMS Health. Now, the Ukrainian resident is exploiting a loophole that may allow him to keep the ill-gotten gains for good.

That’s because US securities laws, unlike those in Europe and elsewhere, define insiders as those with a fiduciary role with a company – say, a corporate executive, investment banker or attorney. As a mere hacker, or as an associate to a mere hacker, Dorozhko had no such function, so the laws cannot be used to seize the assets, a federal judge has ruled.

Because he has no part in the company it cannot be considered inside trading. This means it was a legitimate transaction and he’ll get to keep the money! They can’t seize it back and it’s unlikely they’ll nail him for hacking as he lives outside of the US, also being a Ukrainian it’s unlikely even if they did go after him that they would recover any of the money.

The strange tale, which was reported here by The New York Times, reads like a chapter out of Catch 22. According to evidence presented by the Securities and Exchange Commission, minutes after someone broke into a network of Thomson Financial and stole a gloomy IMS Health earnings report scheduled to go public a few hours later, Dorozhko invested a little more than $41,000 in put options that bet the company’s share price would plunge.

And plunge it did. Dorozhko ended up pocketing more than $296,000 in the transaction. Not bad for a few hours work.

Just about everyone agrees he committed fraud and just about everyone agrees it was for the purpose of gaining an unfair advantage in trading shares of IMS Health. And yet, because the information was illegally obtained, US insider laws have no bearing, according to US District Judge Naomi Reice Buchwald, who ordered the SEC to turn over the money. Ironically, had the insider information been obtained legally, the SEC would most likely have been permitted to seize the funds.

So what do you think about this? For once the US legal system is protecting the guilty man instead of incarcerating the innocent man.

It’s a pretty interesting story though and Eastern European hackers have been guessing file names for a while and using unreleased documents to predict share prices (predictable resource location hacks).

Source: The Register



Recent in General News:
- Google’s Chrome Apps – Are They Worth The Risk?
- Twitter Breach Leaks 250,000 User E-mails & Passwords
- More Cyberterrorism – Taiwan Political Party Accuses China of Hacking

Related Posts:
- New Sophisticated Botnets Discovered
- UK hackers condemn McKinnon trial
- Dshocker AKA Aush0k Hacker Pleads Guilty to Computer Felonies

Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,063 views
- eEye Launches 0-Day Exploit Tracker - 85,050 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,464 views

Advertise on Darknet

20 Responses to “Hacking Does Pay! US Law Let’s Hacker Keep Fraudulent Earnings”

  1. zupakomputer 26 February 2008 at 1:54 pm Permalink

    So a – presumably – ‘little guy’ gets information and uses it to cash-in on a great big scam called the economy – which hasn’t even been precious-metal-backed for ages, so is a big pile of baloney anyway.

    I think he should get to keep the money, based on that story.

    Playing the stocks is basically gambling, over and above any ethical concerns about the investments; gambling’s gambling. You can’t really turn around with trading and claim the odds falling against you is unfair – and he hasn’t even exploited anyone has he, he didn’t sell them the shares, and he said outright what he expected to occur.

    What about other methods people use to get information or pass it onto others who could use it on their behalf. In practice they’re as ‘questionable’ as getting an insider tip.

    The other side of it of course being – how is it anything other than unscrupulous to hide information that a company is in trouble financially? What if someone comes along and thinks of investing a whole load in shares that are undoubtedly going to plummet very soon – so, they just don’t tell them then? (in the hope it’ll save them….I’m meaning an example though where it wouldn’t be that big an investment).

  2. Bogwitch 26 February 2008 at 3:30 pm Permalink

    If this was pulled off by file/ directory enumeration, is it really hacking? OK, it’s hacking in the purest sense of the word, but is it /cracking/? The files have been put onto the server in publicly accessible locations, just not referenced directly. Blame the sysadmins. ‘Security through obscurity != security’ !

  3. eM3rC 26 February 2008 at 11:09 pm Permalink

    When I saw the title of this article I was thinking about something along the lines of hacking into a companies computer system and transferring the funds to an off shore bank account would somehow be ok, but as odd as it seems (sarcasm there) it was not.

    I am going to take the same view as zupakomputer because it was more about getting information for a gamble rather than stealing credit card information. Although the US economy is not backed by species it still is money and a lot of countries economies are depending on that (although the 9 trillion+ dollar debt seems to be taking its toll). Although this is a tricky matter, I would say it would not be (illegally) stolen money. Just a lucky gamble/right place right time soft of deal.

  4. Pantagruel 27 February 2008 at 11:01 am Permalink

    The trick looks pretty much like insider knowledge, but rather stupid that the law defines insider knowledge as stemming from an employee or trustee to the firm. It’s an illegal obtained advantage removing any normal risk of trading stocks or put options. I wouldn’t be too sure if the US would be unable to reach you in the Ukraine. The current Ukrainian regime seems rather willing to please the US in the exchange for the usual support.

  5. Madmax 27 February 2008 at 11:13 am Permalink

    I agree wid Pantagruel

  6. d347hm4n 27 February 2008 at 12:26 pm Permalink

    I agree with you zupa, he was in possesion of information which lead him to make a great deal of money, he is not affiliated with the company, he took the risk of the information being faulty, it is his money by right.

  7. zupakomputer 27 February 2008 at 6:06 pm Permalink

    Well there is that deficit; are there any first world countries left that don’t owe more than they’ll ever be able to pay back to…..to……now who exactly is it that is in the black then and is able to loan them these monies?!

    China holds a lot of US currency:
    http://www.telegraph.co.uk/money/main.jhtml?xml=/money/2007/08/07/bcnchina107a.xml

    On insider knowledge; I didn’t actually realise until reading this article that you aren’t allowed to use any suck knowledge you may have from work. So although I appreciate that’s meant to be illegal, it seems really insane to me – why shouldn’t you be able to gamble on your own company.
    As to whether the Ukrainian chaps knowledge is insider or not – it depends on the legalities.

  8. Pantagruel 28 February 2008 at 11:20 am Permalink

    @zupakomputer

    \quote
    - why shouldn

  9. zupakomputer 28 February 2008 at 1:06 pm Permalink

    Yeah I know it means you can do those things; what I meant was – so what? That’s hardly unfair. I had no idea there were laws against being able to do that.

    I’m not capitalist in a governing sense, because I think for-profit in an overall economy is completely the wrong focus; work should be done for clear goals that create a society that is sustainable and where as little work as possible needs to be done (kind of like the idea behind permaculture forest gardens – there’s initial work in laying it out and tending it, but the goal is that eventually you create a system where you can just harvest sustainably thereafter).

    But – to not be able to manipulate your own business to your advantage, as long as you aren’t exploiting nature or people, well it’s like the worst type of communism there ever could be!

  10. tekse7en 2 March 2008 at 6:20 am Permalink

    How is what he did in anyway illegal? He got it off of a technically publicly available site, so shouldn’t it be the same as getting the info of the companies home page?

  11. Pantagruel 2 March 2008 at 9:23 am Permalink

    @zupakomputer

    I fail to see the ‘communism’ link, but that might just be me ;)

    It would be very nice if all business models would be based upon the sustainable philosophy, sadly only a fraction is.
    The models that make the largest profits are exploitation based (oil [other natural resource deemed valuable, gold/silver/etc], drugs, weapons, slavery.
    The problem is not in the manipulation of your own business but using the yet to be released knowledge to further your own bank account (unfair advantage). The fact remains that it’s quite stunning that real world companies have a higher virtual value (for me there is no real value in stock option of any company, it is purely based upon some crazy idea that a company is worth X because they have a turn over of Y and a resulting profit of Z. Because annalists expect the company to enlarge their next years profit, the stock option will be likely valued at Z+q in the future). The problem is that the company is not worth more than all the property it possesses and the liquid funds is has.

    So in the end he was exploiting those people who had their hopes set on a rising stock option value. Ofcourse those people would end up empty any how, but since he knew about the demise of the company he was able to profit.

    It about ethics and fairness. Ethics make sure we stay within the bound of our self imposed limits. Fairness dictates we all try to win under the same circumstances. A bit like in sports, we all want to win, expect people to obey the rules of the game and expect them in all fairness to refrain from using enhancing potions.

  12. zupakomputer 3 March 2008 at 6:53 pm Permalink

    By ‘worst type of communism’ I was meaning the form of it that prevents individual ownership of goods, and doesn’t let people run their own businesses.

    I still think he didn’t get the money unfairly. All the moreso I feel that way now, after having just been reminded in my own life of how unfair the job market is anyway – it’s completely slanted in favor of idiot minion types who are work-slaves with no creativity and not a braincell between them.
    The job market doesn’t reward skills and talent; if it did there’d be no crime…

  13. Pantagruel 3 March 2008 at 9:45 pm Permalink

    @zupakompter

    Individual ownership of goods and such is in no way prevented, nor are they preventing you from running your own business to your hearts content. The tax office will not mind you going bankrupt because of bad deals/judgments, but they will investigate if you’ve been trying to evade taxes.
    If the guy in question would have been a straight up citizin he would not have gotten his hands on the intel or atleast exploited it to this extend.

    webster.com states:

    ex

  14. zupakomputer 4 March 2008 at 2:38 pm Permalink

    I’d meant the regimes that do prevent (or in most cases today, used to prevent) individuals owning goods and businesses; I wasn’t meaning the man here that the article is about nor any of his or his countrys political state of affairs (which I’m unsure of anyway, who is in power in the Ukraine right now).

    It was more a comment about not being able to use insider info, that it sounded like it’s from the same kind of laws that led to people queing to buy bread, and being thrown off their farms cause they weren’t allowed to own them – cause the land was all state-owned.
    That’s actually still happening in China, to make way for “development”.

    The jobs thing, I just don’t know. It’s looking like the only way to get ahead would be to: set-up your own business….! Contact key people and get clients. Let them know just how lameo and unsafe it is if they leave their companys hands in specific vendors care only, and their service packs and standardised-package IDSs etc…..

    There was a time when there were a lot of hardware factories and the like here, but they all upped and left – now they run sweatshops in countries where they pay people even less than we got, to do the same jobs – and boy did we get shit wages. I used to work in a few of them.
    To be honest, given the way most of the production was run I’m not surprised they located elsewhere.

  15. J. Lion 6 March 2008 at 3:34 pm Permalink

    This article definitely shows that laws surrounding Information Technology need to mature some more.

  16. J. Lion 6 March 2008 at 3:40 pm Permalink

    Then again incidents such as this force higher ups to creates laws to forbid these activities.

    With that being said – if there are no laws violated then it is not illegal, but does not mean it’s not wrong. A man can do many wrongs but still be legal.

  17. sir jorge 7 March 2008 at 11:39 pm Permalink

    oh! it’s on now!

  18. Pantagruel 8 March 2008 at 12:11 pm Permalink

    @ J.Lion

    True, they will have to close this loophole, for the time being it’s indeed wrong but not punishable

  19. zupakomputer 8 March 2008 at 3:23 pm Permalink

    What’s with the Hitler Youth positions when it comes to ‘working for The Man’ here?

  20. grav 1 July 2008 at 7:18 pm Permalink

    Good for him : )

    Really though, there is not much they can do.
    I bet even he knew that he committed fraud.
    Does he care…
    probably not