Cutting-Edge Criminals

Cybersecurity

​Illustration by Michael Waraksa​​

Cutting-Edge Criminals
 

​During the dog days of last summer, officials from the U.S. Securities and Exchange Commission (SEC) turned up the heat and made some waves by announcing charges in two major information trading cases.

In the first case, the SEC an­nounced insider trading charges against seven people who allegedly made millions by trading on confidential information about many impending mergers and acquisitions. According to the agency, Daniel Rivas, a former IT employee of Bank of America, allegedly used his access to a bank computer system to tip off individuals who traded on the information. The traders then profited on market-moving news related to 30 impending corporate deals.

"IT employees are often entrusted with broad access to incredibly valuable, nonpublic information and have a duty to safeguard that information," Jina L. Choi, director of the SEC's San Francisco Regional Office, said in a statement.

The SEC's complaint alleges that Rivas frequently tipped his girlfriend's father, James Moodhe, who traded on the information and used coded conversations and in-person meetings to relay the tips to his friend, Michael Siva, a financial advisor at a brokerage firm. Siva allegedly used the confidential information to make profitable trades for his brokerage firm clients, earning commissions for himself in the process, and he passed numerous tips along to a client who traded on them. The complaint alleges that Siva also traded on behalf of himself and his wife based on two of the tips he got from Moodhe, a former financial services company treasurer.

Two weeks later, the SEC charged Evan R. Kita, a CPA and former accountant at Celator Pharmaceuticals Inc., with passing on confidential information to two friends about the clinical trial results for a cancer drug and its acquisition by another company. This was valuable information—Celator's stock ultimately rose more than 400 percent when it announced positive results for its drug to treat leukemia. According to the SEC's complaint, the two friends purchased Celator stock based on Kita's tips, and agreed to share their trading profits with him. One friend also allegedly passed on tips to his father.

Besides involving multiple players and much information, the two cases had something else in common. In both, the suspects used an encrypted, self-destructing messaging application to evade detection.

"The tippers and traders in this case are alleged to have used various methods to try to cover their tracks, but their efforts failed," Steven Peikin, codirector of the SEC Enforcement Division, said when the charges were announced. (SEC officials declined a request from Security Management for further comment.)

And in both cases, the SEC used sophisticated data analytic tools to detect suspicious patterns such as improbably successful trading across different securities over time. These enhanced detection capabilities enabled SEC enforcement staff to spot the unusual trading activities, such as in the case of the two friends Rivas tipped off: both were inexperienced traders, but in just over a year they turned less than $100,000 into more than $2 million in profits by making aggressive options trades based on the confidential information, the SEC alleged.

These cases highlight the ways in which criminals are increasingly capitalizing on technologies to commit white collar crimes, and how law enforcement and investigators are fighting back with their own technologies, experts say. While the technologies used are not brand new, the white-collar context is one of the latest iterations of the ongoing struggle.  

On the perpetrator side, self-destructing messages are nothing new, says Marcus Christian, an attorney in Mayer Brown's White Collar Defense & Compliance group. Decades ago, an early version of this was regularly portrayed in the opening mission message of the old Mission Impossible television show: "Good luck, Jim. This tape will self-destruct in five seconds."

"That's just old-school spy stuff," Christian says. And from a national security standpoint, encrypted access to communications has been an issue for years, and terrorist groups continue to use encryption to cover their tracks.

But, the availability of applications that allow encryption is becoming more widespread, and this means that they are popping up more in white collar cases. In the the Celator case, for example, the SEC said it believes that some of the suspects communicated through an encrypted smartphone application. "I think it's the availability of the thing that is driving this," Christian says. "If any particular app has the potential to host encrypted messages, it's something that's in the field of play. Generally, the easier it is, the more likely it is that someone will use it."

Encryption can also make prosecution harder, says Christian, who is a former prosecutor in the U.S. Attorney's Office for the Southern District of Florida. Insider trading cases are often based on "volumes and volumes of recovered documents. To the extent that information is encrypted, that is something that would make [prosecution] harder," he explains. Encryption is also used in money laundering, where parties need to coordinate the transfer of dirty money, and to hide evidence in fraud cases.

On the law enforcement side, the use of big data tools, which has "picked up steam" in the last few years, is a significant development because it can change the model for catching illegal activity, says Jonathan Fairtlough, a managing director with Kroll's Cyber Security and Investigations practice.

The traditional investigative model for insider trading, he explains, was that a tip spurred an investigation, uncovering more information, which is then used to build a case from the ground up. Fairtlough formerly served as a prosecutor in the Los Angeles County District Attorney's Office, where he was a cofounder of the High Technology Division.

But now, the more widespread use of data analytics allows enforcement officials to analyze data (trades are recorded electronically) first, and detect patterns as they are occurring. Complex trading algorithms can identify abnormal patterns, such as trades that are going against prevailing investor sentiment. Once abnormal activity is identified, investigators can track backward and look at the people behind the trades, and investigate any potential relationships between suspect traders and others who could be providing inside information.

"It's a proactive use of technology, and it's a welcome tool to protect markets," Fairtlough says. It is also a potential way to beat encryption. If relationships between suspect traders and those supplying them with inside information are revealed, it allows investigators to approach them and convince them to cooperate in the prosecution. This can help prosecutors win the case, even if they are not able to retrieve encrypted messages.

Security operations in the private sector can also benefit from these analytical tools, he adds. By identifying abnormal patterns in a repeated activity (purchases in a retail context, for example), the tools can show where the security operation needs to focus its limited financial resources.

Meanwhile, the technological race between criminals and security continues, Christian says. The various ways that lawbreakers can use technology to commit crimes is growing every day, and so those on the side of law enforcement must keep innovating and be ready for anything. "There will be more surprises around the corner," Christian says.