Join us to hear the “Hack To Trade” conspiracy between Vladislav Klyushin, Ivan Ermakov, and Nikolai Rumiantcev at a Russian cybersecurity firm named M-13. Fun fact, Ermakov was also indicted for meddling in the 2016 United States elections. This is eCrimeBytes.com Season 2 Episode 12 Act 2: Hack To Trade Conspiracy With Vladislav Klyushin – Act 2: The Scheme.
Please check out our prior acts for the background:
Sources:
- https://www.justice.gov/usao-ma/pr/russian-businessman-sentenced-nine-years-prison-93-million-hack-trade-conspiracy
- https://www.courtlistener.com/docket/61629108/united-states-v-klyushin/
- https://www.courtlistener.com/docket/61628996/united-states-v-klyushin/
- https://www.justice.gov/usao-ma/press-release/file/1457956/download
- https://www.nbcnews.com/politics/justice-department/federal-judge-denies-bail-russian-close-ties-putin-rcna13318 (Photo)
- https://www.reuters.com/world/russian-businessman-pleads-not-guilty-us-insider-trading-through-hacking-2022-01-05/ (Photo)
- https://www.reuters.com/world/russian-businessman-gets-9-years-us-prison-hack-and-trade-scheme-2023-09-07/ (Photo)
Transcript:
00:00:09:26 – 00:00:25:17
Keith
Hey, welcome back to eCrimeBytes. We are in season two, episode 12. We are an Act two now the scheme. Now if you’re just jumping in like I see a lot of people do on YouTube, but I’ll tell you, you really want to go back to Act one.
00:00:25:17 – 00:00:47:09
Keith
And I always put the little shortcuts here when I’m talking about this, where you can click on it and go back just in case you missed it, because all the backgrounds in there and trust me, background is really important. What you minimally need to know to understand this if you don’t want to go back is there’s this company in Russia called M13 that employs three individuals.
00:00:47:12 – 00:00:53:22
Keith
There’s Vlad Ivan and forgetting the other person’s name offhand,
00:00:53:22 – 00:00:54:22
Keith
Nikolai.
00:00:54:24 – 00:00:55:21
Seth
So Nikolai.
00:00:55:24 – 00:01:07:03
Keith
Those three are involved with M13, and one of them is former FSB, which is like Russia’s CIA. And he was involved with
00:01:07:03 – 00:01:22:27
Keith
the voting interference and other stuff not even related to this case that we found that was really interesting in Act one. So these gentlemen, and I use that term loosely set up a cybersecurity company called M13.
00:01:23:00 – 00:01:43:04
Keith
And you go, Oh, that’s the that’s exactly what they do. I expect them to set up a cybersecurity company, except it also does investment management, which is weird for a cybersecurity company that they’d be investing your money as well if you wanted them to. And they said, Hey, come invest with us, we’ll make you a ton of money.
00:01:43:06 – 00:01:54:16
Keith
But we keep 60% of your profits, which is kind of a hefty take. But you’ll see some numbers here that are a little more will start to make sense here if you hang on. So
00:01:54:16 – 00:02:02:04
Keith
with that, we also give you a little bit of background. We talked about public companies needing to file these things called quarterly and yearly reports.
00:02:02:04 – 00:02:18:18
Keith
It’s just a requirement. And based upon what’s in those reports, a lot of times the stock would go up or down right after the release to the public because there could be something negative in it and the stock would go down. Or they could say, Hey, we had really good results of this product and the stock would go up.
00:02:18:21 – 00:02:41:18
Keith
So it just depends on what’s in there. And there’s these filing agents and it’s these companies that receives them from the public companies holds on to them for a little while, days to weeks maybe, and then finally files them with the SEC at the time that’s scheduled to be filed with the public when they become public. So as you can imagine, these filing agents, they’re
00:02:41:18 – 00:02:42:27
Keith
you know, they’re the goal here.
00:02:43:05 – 00:02:58:29
Keith
They’re what attackers are going for here, because if they can get the data that those filing agencies hold for all these public companies, they can do a little insider trading and start to make money on stock that might go up or down. And you say, how do they make money and stock that goes down?
00:02:59:02 – 00:03:00:06
Seth
Well, we’ll talk about.
00:03:00:06 – 00:03:05:14
Keith
This other there’s this other thing I haven’t told you about. I might as well tell you now, it’s called shorting stocks, which is
00:03:05:14 – 00:03:17:26
Keith
So when you’re shorting stock it, you’re betting against the stock going down. And it’s a really weird process. I’m going to save you from the the the technical details, but it involves borrowing shares and selling them off
00:03:17:26 – 00:03:25:24
Keith
to the market. And in that sequence of the way it does it, it does it in the exact opposite order.
00:03:25:24 – 00:03:52:19
Keith
So instead of gaining when you gain money and the stock goes up, you gain money when the stock goes down. So whatever the stock goes down, you start to gain money. And it’s it’s not for the faint of heart. You can lose money very quickly. Shorting stock. I’ve I’ve read a lot of horror stories so if you’re shorting stock, you’re kind of you’re either really risky or you really know what you’re doing and you’ve got some good information about that company and you think that company is going to
00:03:52:19 – 00:03:55:15
Keith
the stock may possibly go down.
00:03:55:17 – 00:04:18:20
Keith
So with that, let me talk about filing agent number two. We’re going to talk about two different filing agents. These are the companies that hold that information. Now, two of them that I know of became victims, and they refer to them in the court paperwork as filing agent one and filing agent two. I don’t know what the real names are, but in February 5th of 2018,
00:04:18:20 – 00:04:23:11
Keith
Ermakov, that was Ivan or someone else in his crew.
00:04:23:11 – 00:04:44:23
Keith
And remember, M13 is a company where there may be more people than those three. They used a username and a password of this filing of an employee of this filing agent number two to access one of these quarterly reports that hasn’t made it to the public yet, but they’re holding in order to make it available to the public.
00:04:44:25 – 00:05:10:01
Keith
It was for Snap, Inc. So if you’re if you’re familiar Facebook Meta and so forth, SNAP is Snapchat. So they didn’t say in the court paperwork how they got the username and password. They just said they used them. So putting two and two together and just kind of reading around the research, I think they used phishing. I think they sent some kind of phishing campaign to these employees.
00:05:10:04 – 00:05:23:08
Keith
They probably clicked on them, put their username and password in there, probably didn’t even know that they were phished. And then later on, this crew from M13 has these usernames and passwords. So if you’re wondering how they got them, that’s how I think they got them.
00:05:23:08 – 00:05:38:16
Keith
So three months later, this is now May 9th of 2018. Ermakov or someone else in his crew used the username and password again of an employee of filing agent number two to access more quarterly reports for companies.
00:05:38:16 – 00:05:54:25
Keith
I’ve never heard of any of these companies and I’ll read them for you. It’s Citomx Therapeutics Inc, Horizon Therapeutics PLC, Puma Biotechnology Inc and Synaptics Inc.
00:05:55:14 – 00:06:18:12
Seth
What I was going to say is pretty sure that filing agents wanted to and any other company that is a filing agent probably should have a review of their security protocol, because if they are such a critical piece of the investment infrastructure. Right. That they hold all this information before it gets released publicly, that is the very definition of insider threat.
00:06:18:15 – 00:06:33:06
Seth
Insider trading, rather. Insider threat is what I do. And moreover, you know, you would think that they are governed by either state or federal requirements to have a significantly increased set of security protocols because clearly those were failed here.
00:06:33:06 – 00:06:39:24
Seth
Take that, as you will. I’ll mention, in October of 2018, the second filing agent
00:06:39:24 – 00:06:52:01
Seth
similarly had somebody either Ermakov or one of his agents used the username and password of an employee of filing agent two to access yet to be published quarterly and yearly info of another publicly traded company.
00:06:52:01 – 00:06:54:07
Seth
This one’s called Capstead mortgage Company.
00:06:54:07 – 00:07:16:25
Seth
So let’s talk about what our friends did in terms of shorting Capstead. So the very next day. So the break in happened on October 22nd. This is October 23rd Klyushin or someone else shorted shares of Capstead in an account in his name at a Russia based brokerage firm with operations in Cyprus.
00:07:16:28 – 00:07:41:16
Seth
A shorting, as we mentioned, means you make money when the stock goes down. But it’s risky, of course. So the next day a coconspirator also shorted, shares of Capstead. And later that day, Capstead reported financial results that fell short of market expectations. So predictably, when companies report shortfalls, their stock tends to go down. Imagine you had inside knowledge of that happening and you put a lot of money on that.
00:07:41:16 – 00:07:42:27
Seth
That’s exactly what happened here.
00:07:42:27 – 00:08:19:02
Keith
All right. So a day later, they made some money, right? So a day later, they’re back. And finally agent number two Ermakov somebody m13, somebody under his control says go back into filing agent number two, access some more information. Now, this company, you may have heard of called Tesla Inc so they then after they got that information, purchased a bunch of Tesla shares at a Russian firm meaning like they bought shares outside the U.S. and then Klyushin sent this message to his coconspirators.
00:08:19:02 – 00:08:35:22
Keith
It says pay attention to shares of Tesla now and tomorrow after 430 and how much they go up. And then a coconspirator went out, bought Tesla shares in their name, and then guess what happened? Tesla shares went up, Everybody made money.
00:08:35:22 – 00:08:36:12
Keith
So
00:08:36:12 – 00:08:50:10
Keith
now we’re in the next year. We’re May 25th of 2019 and it’s fast profits and fast stacks for this crew because they have figured out how to make money hand over fist.
00:08:50:10 – 00:09:02:06
Keith
Right. So Klyushin has written Ermakov that one of the individuals… Now the reason why I brought all that crap up at the beginning about what the company does while they manage people’s money right.
00:09:02:06 – 00:09:10:14
Keith
So you may wonder why I give you all these weird details like this investment management scheme that this company had going in.
00:09:10:16 – 00:09:41:00
Keith
Well, they have customers doing this right. And so this individual is one of those customers. So Klyushin and Ermakov, they’re talking about this individual, this customer. And they said they have over $1 million in profits over the past seven month period, nearly tripling his investment. He said another individual that invested $1 million made $700,000 in profits. So you start to do the math there.
00:09:41:00 – 00:09:55:08
Keith
If they’re taking 60% of $1,000,000 in profits, that’s $600,000 right there that they made right off the top in their hacking scheme. Right. That’s a real easy way to monetize your your hack here.
00:09:55:08 – 00:09:55:27
Keith
So
00:09:55:27 – 00:10:10:25
Keith
then they send more messages to you. And I’m going to quote you this one. I actually put the quote right in here where Klyushin sent a message Ermakov which here he referred to the third person Rumiantcev by nickname which is Kolya or Kolya.
00:10:10:28 – 00:10:12:21
Keith
K O L Y A
00:10:12:21 – 00:10:14:11
Seth
With call you say. Yeah.
00:10:14:14 – 00:10:47:02
Keith
Kolya’s assets have grown three smiles like emoji smiles and Ermakov responded as I imagine. Mm. Yes. Smile. And then the same day he talks about another one, he says I have a good day today we have made $1.2 million and trades in the stock exchange and past and 70 in suitcase. Smile. I did my deed. And as much as I tried to figure out what the hell he meant by in suitcase, I don’t know what he meant by suitcase.
00:10:47:02 – 00:10:47:18
Keith
So
00:10:47:18 – 00:10:56:10
Keith
maybe he means are storing money in a suitcase. I’m going to show you a picture in a minute where they store money in a safe. And maybe that’s what he refers to. I don’t know.
00:10:56:10 – 00:11:36:02
Seth
So let’s talk about yet another filing agent hack here. So July 28th, 2019, Ermakov or someone he works with, use the username and password of an employee, filing agent of employee of filing agent to same exact scenario to access yet to be published quarterly and yearly involve another publicly traded company. This one’s called SS&C Technologies. The next day the group shorted the stock in investment firms around the world and we found that on July 30th, the negative quarterly report made the stock go down and Klyushin personally made about $144,000 off this specific transaction of shorting stocks.
00:11:36:04 – 00:11:41:10
Seth
By the way, when you find out how much money total they were making, it’s going to blow your your mind a little bit.
00:11:41:10 – 00:11:53:00
Seth
And so here, if you’re looking on our YouTube, there’s an image here of a safe. I have to be honest with you Jones given the current news cycle, I’m surprised always when I don’t see bars of gold I see these days.
00:11:53:00 – 00:12:11:06
Seth
But regardless, this is a picture of their their money growing. It’s on the left hand side. You have, I guess, a smaller number of quote, fat stacks. And on the right side you have a much larger set, probably triple the number of fat stacks there. So clearly their methodology was really, really effective.
00:12:11:06 – 00:12:18:21
Seth
So let’s do another one on November 1st, the 2019 filing age into yet again, same scenario.
00:12:18:24 – 00:12:59:27
Seth
Ermakov or one of his colleagues use the username and password of an employee a filing agent two to access yet to be published quarterly and yearly info of another publicly traded company called Roku. Now Jones is this the same Roku that like is your TV streaming service is. I don’t know. It is. I so I’m a I’m a customer. So on 11 six five days later, Roku reported results below the market’s expectations and wouldn’t you know it Klyushin had shorted 42,000 shares of Roku. Stock went down after the reports went public that the and then of course the stock dropped their profit was around $1,000,000 on that one.
00:12:59:29 – 00:13:10:04
Keith
Yeah just like you can imagine this is just one transaction and they’re just netting $1,000,000 in profit at a time. It’s just Yeah, it blew my mind. It blew my mind because.
00:13:10:06 – 00:13:26:29
Seth
Well, it’s so simple, right? I mean, it’s like almost go into a casino and literally, you know, a genie whispering to you the the general positive or negative results of every roll of the dice or every card hand and just betting the other way. And, you know, you probably get a ton of money really quickly.
00:13:27:01 – 00:13:49:19
Keith
And I’m so fascinated at how people can monetize their hacks and this one being such a different approach than, say, stealing credit cards and trying to run up credit cards or stealing identities and doing the tax thing. This is so unique that it makes it so interesting to listen to. So we’ve ignored so far filing agent number one.
00:13:49:19 – 00:13:59:29
Keith
I’ve kind of swept them under the rug because they came up chronologically later. So now we’re going to talk about finding agent number one in January 21st of 2020.
00:13:59:29 – 00:14:14:25
Keith
They had a similar instance happened to them where Ermakov or somebody in MS13 use a username and password of their employee. So think a phishing attack probably happened and accessed this company’s quarterly reports called Avnet.
00:14:14:28 – 00:14:42:11
Keith
Now this is important in this instance M13’s corporate IP address, meaning the computer address out there on the internet, showed up in the victims logs of where they logged in. So they had the smoking gun that said this is M13 in Russia. Here in the U.S., and this is where law enforcement can start to tie this stuff together. And I want to point that out, that this is the spot.
00:14:42:14 – 00:15:10:22
Keith
So Ermakov used Klyushin’s trading account and he shorted Avnet stock. Another coconspirator also went out, shorted Avnet stock. Guess what? Avnet didn’t meet market expectations. You should have thought that when you heard the word short, the stock went down. They made money. Now, at some point it wasn’t really clear exactly when, but somebody questioned them and said, How the hell do you guys make money?
00:15:10:24 – 00:15:53:22
Keith
Okay. And I found a paragraph in the court documents of how they describe to people how they make money. Now, none of this is true, by the way. This is what they say they do. We know what they do. They get the reports before the rest of the public does and they capitalize on that. So they said back in April 24th of 2020 and I say they as in Klyushin and Rumiantcev told an employee of a bank that M13 traded on the basis of its analysis of publicly available information, including historical data and social media postings, and that on the basis of material nonpublic information, which is totally fucking false because they break in and they get
00:15:53:24 – 00:15:56:01
Keith
nonpublic information and they trade with it.
00:15:56:01 – 00:15:56:18
Keith
So
00:15:56:18 – 00:16:19:25
Keith
like I said, they can they continue raking in more profits. On September 17th of 2020, M13 earned approximately a half million dollars. Actually more than a half million dollars on behalf of one of their trading individuals slash customers during the third quarter of 2020. That was 60% of the profits. So you can imagine the other person made, the other 40% of that.
00:16:19:25 – 00:16:44:17
Keith
And the following day they had another individual that was not quite a half million dollars, but still in $443,000, a lot of money that represented 60% there, too. So you can imagine the other person made a ton of money. So you can see the figures on both sides of this are really starting to add up. And so I put together a chart here that Seth could talk about and it adds it up.
00:16:44:17 – 00:16:45:19
Keith
And this is what blew my mind
00:16:45:19 – 00:16:52:10
Seth
So what we’re sharing here, if you’re looking at our video, is a screenshot of essentially how much money they made
00:16:52:10 – 00:17:05:20
Seth
related to a specific, I guess, brokerage account they had is one called Toppan Merrill. And these are on filed earnings. So there’s two columns. It’s the McDonald profit. One is just slightly more calculated based upon established case law process.
00:17:05:20 – 00:17:28:03
Seth
But end of the day, you’re talking somewhere between 93 and $97 million with some specific numbers, Klyushin himself profited around 20 million between 20 and $21 million. And some of his other colleagues quite a bit less, but still in the seven figure range. So Klyushin made a ton of money here.
00:17:28:03 – 00:17:47:12
Keith
All right, so we’re going to pause here. This is the end of act two. We’ve taken you through the scheme. Now one of them is going to get caught and punished and we’re going to talk about that in Act three. So if there’s anything in this act that you liked, please like, subscribe, thumbs up, follow. If you’re on Apple Podcasts, please give us a five stars and then just write in that box
00:17:47:12 – 00:18:06:15
Keith
whatever your favorite episode is, we would totally appreciate that. If you haven’t gone to our website, go to eCrimeBytes dot com. Bytes spelled the computer way y as in yellow milk. And with that, Seth and I hope to see you back tomorrow for act three punishment in this case. Thanks.
00:18:06:17 – 00:18:07:09
Seth
Thanks.
Leave a Reply