A report reveals that a Ukrainian hacker, who found herself in a dire situation with a group of cybercriminals, played a pivotal role in exposing a significant case involving the Securities and Exchange Commission (SEC), which had wrongly implicated American day traders.
Olga Kuprina, known online as “Ghost in the Shell,” became a whistleblower after a shocking cyber assault that targeted the SEC’s Edgar filing system back in 2016, as detailed by Bloomberg News.
She was reportedly held captive in an apartment in Kyiv by a local crime figure named Artem Radchenko, surrounded by cocaine, computers, and armed men, who demanded that she hack into one of the world’s largest corporate filing systems.
Radchenko was allegedly planning to sell confidential information for a hefty sum of $200,000 per document.
However, when Radchenko, seemingly under the influence, issued a command to Kuprina, she began devising her escape.
Bloomberg also stated that when she asked for payment for her labor, Radchenko reacted violently, breaking her nose and denying her freedom.
Eventually, at 34, Kuprina escaped, reached out to U.S. authorities, and provided them with a hard drive and notes documenting her access to SEC data.
She remarked, “There were so many vulnerabilities there, you can’t imagine.” It became clear that the Edgar system was outdated and inadequately secured.
Kuprina had previously hacked into several major organizations, such as Citigroup and NASA. In 2018, she entered a federal plea deal, relocated to the U.S., leaving her family behind.
In a separate incident in 2019, the SEC mistakenly implicated a day trader for allegedly profiting $4.1 million from insider information linked to the cyber breach that affected Edgar.
In reality, it’s possible those traders were just making savvy, fortuitous investments.
The agency’s executive director stated, “Today’s actions demonstrate our ability to unravel the SEC’s commitment to these schemes and identify the perpetrators, even when they operate from outside our borders.”
For instance, Los Angeles-based day trader Sungjin Cho was astonished when federal agents arrived at his home before dawn, seized his devices, and accused him of profiting from stolen data.
Looking back, an FBI agent mused about Cho, “I don’t know what we found, but he didn’t look like a high-rolling criminal.”
The collaboration between Kuprina and U.S. officials unveiled a prolonged breach of the SEC’s core systems, challenging the agency’s narrative.
Interestingly, the SEC failed to fully disclose in their official statements that violations had occurred over a much longer timeframe than publicly acknowledged.
Despite her crucial involvement in exposing the breach, Kuprina was not mentioned in the SEC’s formal complaint, which predominantly targeted Cho and his associates.
Investigators had no direct evidence linking them to hackers or suggesting they intentionally received stolen information; still, charges were brought against them, driven by the agency’s pressure to demonstrate success.
Eventually, the Department of Justice, who were running concurrent investigations, chose not to indict any traders.
Cho contended that he and his colleagues were merely noting unusual trading patterns, implying that market movements often provide opportunities.
Critics suggested that the SEC needed a victory and settled on an easy-to-reach target rather than pursuing the bigger hacking masterminds.
Ultimately, Cho reached a settlement of $175,000. Under SEC regulations, he couldn’t publicly claim innocence, despite asserting, “I’m not allowed to say I’m innocent, but I give you all the facts, and people can decide for themselves.”
According to reports, in 2020, Kuprina pleaded guilty to federal charges connected to the Edgar breach and multiple other hacks. After cooperating with investigators, she served a brief prison term before her release.
By 2023, her cooperation was acknowledged by the court, allowing her to reunite with her mother and daughter after they fled war-torn Ukraine, facilitated by the U.S. government.
Conversely, figures like Radchenko continue to pose threats, and while some updates have been made, experts assert that the SEC’s Edgar system still possesses vulnerabilities.
Comments from the SEC, Kuprina, Cho, and Kwon were sought regarding the situation.
