Home Information Technology

Information Technology

Hacking and Insider Trading Continue to Mix


It was more than a year ago that the U.S. Securities and Exchange Commission cracked down on a group of hackers and traders who obtained confidential, non-public information about publicly traded companies by hacking websites for press releases. A recently released report by a cybersecurity company suggests that such insider trading continues, although this time with data obtained through phishing from personnel at publicly traded companies who typically file reports to investors with the SEC.

The FireEye report details a scheme in February to obtain confidential corporate information by spoofing an email purportedly from the SEC’s EDGAR filing service. When the email recipient clicked on instructions inside the attached Microsoft Word file, they unwittingly granted access to the internal corporate networks of the company. Because the scam appeared to come from a legitimate sec.gov email address, FireEye indicates several corporate executives were fooled.

Law firms have also been targets for cybercriminals looking to trade on inside information. In December, the Government brought charges against three Chinese citizens that hacked top U.S. mergers and acquisitions lawyers to obtain information about deals and profit from buying shares.

This is prime territory for the SEC whistleblower program. A person at a hacked company that turns over critical information about the scam to the SEC which allows them to stop the illicit trading could be entitled to a reward. Individuals that work for the companies trading based on the confidential and illegally obtained information could also put together the evidence to report the trades to the SEC.

In the 2015 case, one of the participants settled with the SEC for $30 million. With rewards of between 10 and 30 percent of the recovery, this enforcement action alone could have brought a whistleblower $3 to $9 million.

The potential disruption of the market by participants trading on hacked information is tremendous. It poses a definite threat to the integrity of the market and therefore we expect such information to be taken seriously by the SEC when received from a credible whistleblower. Indeed, the SEC has recognized this problem and made cybersecurity compliance a top priority for its compliance examinations of broker-dealers and other market participants. It is unlikely to take a different approach in its pursuit of enforcement actions.

CFTC Regulation of Automated Trading Approaches


The U.S. Commodity Futures Trading Commission is preparing to announce new regulations aimed at managing the risk of automated trading. Automated trading strategies are used for more than 40 percent of futures traded in Treasury, energy, metals and agricultural markets.

One focus of the new regulations will be trading in Treasury bonds. The concern with the nearly $13 trillion government bond market stems from the flash rally in Treasuries last October where there was substantial volatility during a short 12 minute window.

The regulations have been debated for more than two years at the agency and could be announced as soon as a month from now. CFTC Chairman Timothy Massad spoke about this area in a speech this week. Any regulations will still need to go through notice and comment rulemaking so it would still be months or even years before they were actually implemented.

Among the proposals under considerations are increased registration requirements for proprietary trading firms, pretrade risk controls, and possibly even kill switches to aid efforts to stop out of control computer programs from impacting the markets.

The CFTC has placed increased emphasis on algorithmic trading and has begun enforcement actions against several traders and firms for spoofing, the placement of orders intended to manipulate the market rather than execute. It is unlikely to impose special requirements on high-frequency trading of the type that was detailed in Flash Boys because of the difficulties in defining the term.

As always, reporters of violations of these regulations, once they are implemented, will be eligible for whistleblower rewards when the monetary sanctions for noncompliance exceed $1 million and the individual otherwise meets the terms and conditions of the program set form in the Dodd-Frank Act and CFTC rules. Our CFTC whistleblower attorneys can assist you with answers to questions about this information as well as assistance reporting violations of the Commodity Exchange Act to the U.S. Government. To speak to an attorney, fill out our contact form or call 1-800-590-4116.

Photo Credit.

Hacking Case Settles with SEC for $30 Million


The insider trading case brought against the Ukrainian investment banking firm Jaspen Capital Partners and its chief executive as part of the SEC’s recent freeze on accounts trading early on information from hacked press releases has resolved with an agreement to pay the Securities and Exchange Commission $30 million.

The allegations in these cases involve the identification of companies expected to make newsworthy announcements, the hacking of three different press release sites to obtain the news early, and the passing of information to various traders to buy or sell stocks on the basis of the nonpublic information.

Insider trading is prosecuted under the anti-fraud section 10(b) of the Securities Act and Rule 10b-5. Although insider trading typically involves a corporate insider with nonpublic information, it can also apply to outsiders who acquire material, non-public company information under the misappropriation theory popularized by U.S. v. O’Hagan, 521 U.S. 642 (1997).

This is one of the first, if not the first, settlement of a securities case involving hacking. We expect more cases of this type in the future involving both insider trading and improper disclosures by public companies. In this case, the SEC is continuing to pursue the other defendants in the ring.

Photo Credit.

VMware settles Best Price Whistleblower Suit for $75.5 Million


The Department of Justice has settled a False Claims Act case against VMware for $75.5 million. The lawsuit, initiated by a whistleblower, contained allegations that the company concealed its commercial pricing practices and overcharged the U.S. Government on products and services sold pursuant to the GSA Multiple Award Schedule contract entered into by VMWare and Carahsoft Technology Corporation.

The U.S. Government requires contractors to disclose the prices and discounts offered to commercial customers in order to ensure that government agencies are getting the supplier’s best price. The GSA regulations specify that prospective vendors applying for a MAS contract make After negotiation of the price(s) and establishment of the government contract, contractors must subsequently inform the government of changes to their pricing practices or discounts for commercial customers.

If they do not make accurate disclosures, the submission of claims for payment under the contracts can overcharge the federal government and violate the False Claims Act. In this case, the settlement resolved the allegations without a determination of liability.

The U.S. Government spends more than $80 billion a year on information technology currently. It is divided between civilian and defense spending, with civilian agency spending accounting for approximately $48 billion a year. With growing spending in this area, it seems like there is more False Claims Act litigation as well. Last summer, the Government intervened in another best price case brought by a whistleblower against CA Technologies.

Photo Credit.