BOSTON – A Russian businessman was sentenced today in federal court in Boston for his involvement in an elaborate hack-to-trade scheme that netted approximately $93 million through securities trades based on confidential corporate information stolen from U.S. computer networks.
Vladislav Klyushin, a/k/a “Vladislav Kliushin,” 42, of Moscow, Russia, was sentenced by U.S. District Court Judge Patti B. Saris to nine years in prison. Klyushin was also ordered to forfeit $34,065,419 and pay restitution in an amount that will be determined at a later date. In February 2023, Klyushin was convicted by a federal jury of securities fraud, wire fraud, gaining unauthorized access to computers, and conspiracy to commit those crimes. Klyushin was arrested in Sion, Switzerland in March 2021 and extradited to the United States in December 2021.
Klyushin was charged along with two Russian co-conspirators: Ivan Ermakov and Nikolai Rumiantcev. Two others, Mikhail Vladimirovich Irzak and Igor Sergeevich Sladkov, were charged in a separate indictment. All four co-conspirators remain at large. In July 2018, a federal grand jury in Washington, D.C. indicted Ermakov in connection with his alleged role in a scheme to interfere with the 2016 United States elections by way of computer hacking. In October 2018, Ermakov was also charged by a federal grand jury in Pittsburgh in connection with his alleged role in hacking and related disinformation operations targeting international anti-doping agencies, sporting federations and anti-doping officials.
“Mr. Klyushin hacked into American computer networks to obtain confidential corporate information that he used to make money illegally in the American stock market,” said Acting United States Attorney Joshua S. Levy. “He thought he could get away with his crimes by perpetrating them from a foreign base, hidden behind layers of fake domain names, virtual private networks, and computer servers rented under pseudonyms and paid for with cryptocurrency. He found out otherwise, and will now spend nearly a decade of his life in a U.S. prison. This case should send a message to criminals around the world that their location does not provide anonymity and the reach of American law enforcement is long. Anyone who defrauds American companies, markets or investors, will be found and prosecuted, regardless of where they hide, or how long it takes.”.
“Russian businessman Vladislav Klyushin is a sophisticated hacker who engineered a global get-rich-quick scheme that defrauded unsuspecting American businesses of approximately $93 million. He hacked into U.S. computer networks, stole non-public information, and illegally traded on it,” said Jodi Cohen, Special Agent in Charge of the FBI Boston Division. “This case demonstrates how cybercrime knows no boundaries and justice will not stop at international borders. The FBI will not stand idly by and allow criminals like him to launch intrusive cyber-attacks to meddle in our financial markets. We are committed to working with our public and private sector partners to stop computer intrusions and prevent further harm.”
Klyushin, Ermakov and Rumiantcev worked at M-13, a Moscow-based information technology company that Klyushin owned. M-13 offered penetration testing and “Advanced Persistent Threat (APT) emulation,” – both services that seek exploitable vulnerabilities in a computer system via hacking techniques, purportedly for defensive purposes. M-13’s website indicated that the company’s “IT solutions” were used by “the Administration of the President of the Russian Federation, the Government of the Russian Federation, federal ministries and departments, regional state executive bodies, commercial companies and public organizations.” In addition to these services, Klyushin invested the money of several investors in his hack-to-trade scheme, and took a cut of up to 60 percent of their profits.
Trial evidence showed that, between at least in or about January 2018 and September 2020, Klyushin, and allegedly Ermakov, Irzak, Sladkov and Rumiantcev, conspired to use stolen earnings information to trade in the securities of companies that are publicly traded on U.S. national securities exchanges, including the NASDAQ and the NYSE, in advance of public earnings announcements. Using the same malicious hacking techniques M-13 advertised to customers, Klyushin and, allegedly his co-conspirators, obtained inside information by hacking into the computer networks of two U.S.-based filing agents that publicly-traded companies used to make quarterly and annual filings through the U.S. Securities and Exchange Commission (SEC). Specifically, Klyushin, and allegedly his co-conspirators, deployed malicious infrastructure capable of harvesting and stealing employees’ login information and used proxy (or intermediary) computer networks outside of Russia to conceal the origins of their activities. With this access, Klyushin, and allegedly his co-conspirators, viewed and downloaded material non-public information, such as quarterly and annual earnings reports that had not yet been filed with the SEC or disclosed to the general public, for hundreds of companies – including Capstead Mortgage Corp., Tesla, Inc., SS&C Technologies, Roku and Snap, Inc. Many of the illegally obtained earnings reports were downloaded through a computer server located in downtown Boston.
Armed with this information before it was disclosed to the public, Klyushin, and allegedly his co-conspirators, knew ahead of time, among other things, whether a company’s financial performance would meet, exceed or fall short of market expectations – and thus whether its share price would likely rise or fall following the public earnings announcement. Klyushin then traded based on that stolen information in brokerage accounts held in his own name and in the names of others. Klyushin, and allegedly his co-conspirators, also distributed their trading across accounts they opened at banks and brokerages in several countries, including Cyprus, Denmark, Portugal, Russia and the United States, and misled brokerage firms about the nature of their trading activities.
Evidence presented at trial demonstrated that the times in which the filing agents were hacked corresponded with the times in which Klyushin, and allegedly his co-conspirators, made profitable trades. Additionally, of the more than 2,000 earnings events around which Klyushin and allegedly his co-conspirators traded between January 2018 and September 2020, more than 97 percent were filed with the SEC by the victim filing agents. Testimony at trial indicated that the odds of this trading pattern occurring in the absence of a relationship between the trading and the identity of the filing agent was less than one in a trillion.
In total, Klyushin and allegedly his co-conspirators earned close to $100 million in earnings trading from roughly $9 million in investments using inside information, even as they lost close to $10 million in non-earnings trading – representing a return of more than 900 percent during a period in which the broader stock market returned just over 25 percent.
Of that amount, Klyushin individually netted more than $34 million, including nearly $22.5 million on his personal trading and trading for his company, in addition to more than $11.5 million on the money he invested for others. Further, Klyushin’s sophisticated cyber attack cost its two victims more than $8 million dollars.
Acting U.S. Attorney Levy and FBI SAC Cohen made the announcement today. The SEC, the Swiss Federal Office of Justice, the Valais and Zurich Cantonal Police authorities and the victim filing agents provided valuable assistance to the investigation. The Justice Department’s Office of International Affairs provided significant assistance in securing Klyushin’s arrest and extradition from Switzerland. Stephen E. Frank and Seth B. Kosto, Chief and Deputy Chief, respectively, of the Securities, Financial & Cyber Fraud Unit prosecuted the case.
Updated September 7, 2023