BOSTON—A Russian national has been extradited to the United States from Switzerland to face charges relating to his alleged involvement in a global scheme to trade on non-public information stolen from U.S. computer networks that netted tens of millions of dollars in illegal profits. Four other Russian nationals were also charged as part of the scheme.
Vladislav Klyushin, also known as “Vladislav Kliushin,” 41, of Moscow, Russia, was arrested in Sion, Switzerland on March 21, 2021 and was extradited to the United States on Dec. 18. Charges were unsealed this morning in U.S. District Court in Massachusetts. Klyushin is charged with conspiring to obtain unauthorized access to computers, and to commit wire fraud and securities fraud, and with obtaining unauthorized access to computers, wire fraud and securities fraud. He will appear later this morning in federal court in Boston.
Ivan Ermakov, also known as “Ivan Yermakov,” 35, and Nikolai Rumiantcev, also known as “Nikolay Rumyantsev,” 33, both of Moscow, Russia, are charged in the District of Massachusetts with conspiring to obtain unauthorized access to computers, and to commit wire fraud and securities fraud and with obtaining unauthorized access to computers, wire fraud and securities fraud. Ermakov, a former officer in the Russian Main Intelligence Directorate (GRU), a military intelligence agency of the General Staff of the Armed Forces of the Russian Federation, was previously charged in July 2018 in federal court in Washington, D.C. for his alleged role in a hacking and influence effort related to the 2016 U.S. elections. In October 2018, Ermakov was also charged in federal court in Pittsburgh in connection with his alleged role in hacking and related disinformation operations targeting international anti-doping agencies, sporting federations, and anti-doping officials.
In 2019, for example, a Ukrainian man was charged with working with others to breach the corporate-filing system of the Securities and Exchange Commission and use early peeks at 157 earnings releases to make $4.1 million.
Mikhail Vladimirovich Irzak, also known as “Mikka Irzak,” 43, and Igor Sergeevich Sladkov, 42, both of St. Petersburg, Russia, are also charged in the District of Massachusetts with conspiracy to obtain unauthorized access to computers, and to commit wire fraud and securities fraud, and with securities fraud.
Ermakov, Rumiantcev, Irzak and Sladkov remain at large.
Acting United States Attorney Nathaniel Mendell stated, “The integrity of our nation’s capital markets and of its computer networks are priorities for my office. Today’s charges show that we, the FBI, and our other law enforcement partners will relentlessly pursue those who hack, steal and attempt to profit from inside information, wherever they may hide.”
“Today’s announcement and the extradition of Vladislav Klyushin is just one more example of how the FBI and our partners are working around the clock and around the world to counter the cyber threat that we face today,” said Albert Murray III, Assistant Special Agent in Charge of the FBI Washington Field Office Criminal and Cyber Division. “As alleged, Klyushin and his co-defendants used various illegal and malicious means to gain access to computer networks to perpetrate their illegal trading scheme. These crimes have real consequences. And, as our efforts in this case demonstrate, the FBI is relentless in our work to identify and locate criminals like Klyushin—no matter where they are—and bring them to the U.S. to face justice.”
According to the charging documents, Klyushin, Ermakov and Rumiantcev worked at M-13, an information technology company based in Moscow, where Klyushin served as the company’s first deputy general director. M-13 purported to offer penetration testing and “Advanced Persistent Threat (APT) emulation”—both services that seek exploitable vulnerabilities in a computer system, purportedly for defensive purposes. M-13’s website indicated that the company’s “IT solutions” were used by “the Administration of the President of the Russian Federation, the Government of the Russian Federation, federal ministries and departments, regional state executive bodies, commercial companies and public organizations.” In addition to these services, Klyushin, Ermakov and Rumiantcev also allegedly offered investment management services through M-13 to investors in exchange for up to 60 percent of the profit
Between at least in or about January 2018 and September 2020, Klyushin, Ermakov, Irzak, Sladkov and Rumiantcev allegedly agreed to trade in the securities of publicly traded companies based on material non-public information (“MNPI”) about the earnings of those companies, in advance of the public announcements of financial results. The MNPI was allegedly acquired through unauthorized intrusions into the computer networks of two U.S.-based filing agents (Filings Agents 1 and 2)—vendors that publicly traded companies used to make quarterly and annual filings through the U.S. Securities and Exchange Commission (SEC).
Armed with this information before it was disclosed to the public, Klyushin and his codefendants allegedly knew ahead of time, among other things, whether a company’s financial performance would meet, exceed, or lag market expectations—and thus whether its share price would likely rise or fall following the public announcement of that performance—and they traded accordingly, in brokerage accounts held in their own names and in the names of others. It is alleged that Klyushin and his co-conspirators earned tens of millions of dollars in illegal profits.
According to the charging documents, Klyushin and his coconspirators obtained unauthorized access to the computer networks of Filing Agents 1 and 2. They allegedly deployed malicious infrastructure capable of harvesting employees’ usernames and passwords and used stolen usernames and passwords to misrepresent themselves as employees in order to obtain access to the filing agents’ computer networks. To conceal the origin of their activities, the coconspirators allegedly leased proxy (or intermediary) computer networks outside of Russia and subscribed to email addresses and payment systems used in furtherance of the attacks in others’ names. Once inside the filing agent networks, it is alleged that they viewed and downloaded MNPI, including quarterly and annual earnings reports that had not yet been filed with the SEC or disclosed to the general public, of hundreds of companies that are publicly traded on U.S. national securities exchanges, including the NASDAQ and the NYSE. The coconspirators allegedly traded in the securities of those companies while in possession of MNPI concerning their financial performance, including by purchasing securities of companies that were about to disclose positive financial results, and selling short securities of companies that were about to disclose negative financial results. It is further alleged that the coconspirators distributed their trading across accounts they opened at banks and brokerages in several countries, including Cyprus, Denmark, Portugal, Russia and the United States, and misled brokerage firms about the nature of their trading activities.
For example, according to court documents, during a single two-week period between Oct. 22, 2018 and Nov. 6, 2018, Ermakov or another coconspirator gained unauthorized access into Filing Agent 2’s computer network using IP addresses hosted at a data center located in Boston, and viewed or downloaded the non-public earnings-related files of several companies, including Capstead Mortgage Corp., Tesla, Inc., SS&C Technologies, and Nevro Corp. Thereafter—days before the companies’ financial results were filed with the SEC and publicly disclosed—Klyushin and other co-conspirators allegedly placed profitable trades in the shares of those companies, buying shares of companies that were about to disclose positive financial results and selling short shares of companies that were about to disclose negative financial results. For example, on or about Oct. 24, 2018, before one company publicly disclosed positive quarterly earnings results, Klyushin or another coconspirator allegedly purchased its securities in Klyushin’s brokerage account at a Russia-based brokerage firm. That same day, Klyushin allegedly sent a message to M-13 investors, Individuals 1 and 2, stating “Pay attention to shares of [the company] now and tomorrow after 16:30 and on how much they go up”.
The charge of conspiracy to obtain unauthorized access to computers, and to commit wire fraud and securities fraud carries a maximum sentence of five years in prison, three years’ supervised release and a $250,000 fine (or twice or the gross gain or loss). The charge of unauthorized access to computers carries a maximum sentence of five years in prison, three years’ supervised release, and a $250,000 fine (or twice the gross gain or loss). The charges of securities fraud and wire fraud each carry a maximum sentence of 20 years in prison, three years of supervised release, and a $250,000 fine (or twice the gross gain or loss). Each of the charges also provide for restitution and forfeiture upon conviction.
Acting United States Attorney Mendell and FBI ASAC Murray made the announcement today. The SEC, the Justice Department’s Office of International Affairs, the Swiss Federal Office of Justice, the Valais and Zurich Cantonal Police authorities and the Federal Bureau of Investigation’s Boston Field Office provided valuable assistance. Stephen E. Frank and Seth B. Kosto, Chief and Deputy Chief respectively, of Mendell’s Securities, Financial & Cyber Fraud Unit are prosecuting the case.
The details contained in the charging documents are allegations. The defendants are presumed innocent unless and until proven guilty beyond a reasonable doubt in a court of law.