An alleged global insider-trading ring enabled by Ukrainian hackers is accused of illegally netting nearly half a million dollars from shorting shares in Lynnwood-based retailer Zumiez, part of a scheme that federal regulators say yielded more than $100 million.
The Securities and Exchange Commission filed fraud charges Tuesday against 32 defendants, including two Ukrainian hackers who allegedly broke into services that distribute news releases from publicly traded companies. Criminal charges were also filed against some of the same defendants by U.S. Attorney offices in New Jersey and New York.
The SEC says the hackers accessed media releases from dozens of companies and shared them before publication with an international coterie of traders stretching from Russia to Malta to the U.S. Eastern seaboard, giving them advance knowledge of important financial data from widely traded firms such as Boeing, Viacom and Ford.
Even relatively small Zumiez, a sports-clothing retailer with a market capitalization of about $670 million, proved a lucrative target.
According to the SEC complaint, in October 2012 Zumiez uploaded to an unnamed service a media release announcing it was lowering its earnings guidance because of a tough environment in Europe.
Between the time the release was uploaded (1:29 p.m. Eastern time) and the time it was published (4:05 p.m. Eastern, after the market close) eight traders shorted thousands of Zumiez shares. That is, they borrowed shares, then sold them. When Zumiez stock fell $4 per share after the news came out, they repurchased shares at the lower price and returned them to their original owners, pocketing the difference.
It’s a common strategy used by investors who think a stock is overvalued — but it’s illegal when the investor has insider information that is not public.
The SEC civil suit says the traders scored $449,000 in “ill-gotten gains.”
SEC enforcement director Andrew Ceresney in a statement called the cyberhacking scheme “one of the most intricate and sophisticated trading rings we have ever seen.”
According to the criminal indictment, the hackers broke into the news-release services’ accounts starting in 2010 by stealing passwords, deploying malware and other deceptive methods.
They stole more than 100,000 media releases before publication, storing them in servers that they allowed traders to access for either a percentage of profits or a flat fee.
