Hacker Could Keep Money from Insider Trading 152
Reservoir Hill brings us a New York Times story about a man who will be allowed to keep the money he gained through hacking into a computer system in order to gain early access to a company's earnings statement. From the Times:
"On Oct. 17, 2007, someone hacked into a computer system that had information on an earnings announcement to be made by IMS Health a few hours later. Minutes after the breach of computer security, Mr. Dorozhko invested $41,671 in put options that would expire worthless three days later unless IMS shares plunged before that. The next morning the share price did plunge, and Mr. Dorozhko made his money by selling the puts. 'Dorozhko's alleged "stealing and trading" or "hacking and trading" does not amount to a violation' of securities laws, Judge Naomi Reice Buchwald of United States District Court ruled last month. Although he may have broken laws by stealing the information, the judge concluded, 'Dorozhko did not breach any fiduciary or similar duty "in connection with" the purchase or sale of a security.' She ordered the S.E.C. to let him have his profits."
Fair enough (Score:4, Interesting)
Troll? (Score:5, Insightful)
Will whoever modded the parent a troll please share his or her logic? I will admit that it is not brilliant, so offtopic, maybe, overrated, maybe, but troll? That's just an insult. Personally, I am happy to see a first post that is not an AC "fp bitches!" and I think the effort should be rewarded.
I meta moderate about every other day, and I almost always rate the troll mods as "unfair". I don't know if this has any effect, but just so you know.
Re: (Score:2, Redundant)
Re:Troll? (Score:5, Insightful)
"Will whoever modded the parent a troll please share his or her logic?"
I did not/would not have modded him troll, but I can guess the simple logic at doing so.
He appears to have the all-too-common opinion that there is no such thing as a profitable but risky opportunity. I teach intro probability and decision making (among other things), and you would not believe how many people reason that, if there is uncertainty, it's "impossible" to make a good decision. The reasoning is "Well, since something bad might happen, you might end up regretting your decision." Ugh. Those are people for whom "probability", "expected value", etc., will forever remain magical, abstract terms with no application in the real world.
Before my rant goes too far off topic, back to the GP, who said:
"It is stock market after all, nobody can guarantee the outcome even with insider news."
So insider information should be ok?! After all, "there are no guarantees"?! Nonsense! And I can imagine there being at least a few mods who would consider it so obvious that this is nonsense, that they modded him troll, thinking there could be no other excuse.
Now I'm the one wondering how he got so many insightful mods!
Re:Troll? (Score:4, Informative)
The point being that, while he clearly had solid and profitable information, he obtained it in a way that, theoretically, any outsider could have and that did not fit the definition of insider trading as currently used. He also couldn't have known if, perhaps, he had accidentally found an inaccurate draft report or if the press conference wherein the report was to be released would be delayed.
Re: (Score:2)
That's how I read it too, so really the title is misleading. It's not so much that the SEC says he can keep the money (they don't have the authority to do that across the board). They're simply saying that he didn't do anything wrong that they are able deal with, so THEY won't be taking the money away. In similar news, he didn
Re: (Score:2)
It may be a violation of something, but not of SEC regulations on inside trading. You see, the idea behind banning inside trading is that insiders have a fiduciary duty to the stockholders. Using inside information for their own benefit, or for that of their friends/family is putting those interests ahead of those of the stockholders and thus ignoring their duty. In this case, the "hacker" wasn
Re: (Score:2)
I don't think you'll be getting any response...I can share Slashdot's logic on the reason for that if you'd like.
Re: (Score:2)
How can every single last one of us cash the fuck in on this incredible opportunity to make millions off any and every company?
Re: (Score:2)
Re: (Score:2)
Except the "us" referred to computer geeks, not to every actor in the stock market.
Re:Fair enough (Score:5, Funny)
"I don't understand the stock market at all. We get a good FDA report and a promising drug is released, and the stock goes down. We kill 10 people and the stock goes up. Who the fuck knows?"
Re: (Score:2)
If you want the law changed, write your representatives.
That opens the doors (Score:5, Insightful)
If he were to say that I told him, them we would have the book thrown at us ... but if he cracks a machine then all is OK
Stupid!
Re: (Score:2)
Anyway - see this as a lesson to either release your information fast enough to avoid anyone to take advantage or to improve the security of your data. Preferably both.
The catch with inside affairs is that at some point "knowledge" becomes "rumor" and it couldn't be certain that the data he
Re: (Score:2)
The S.E.C. has basically attempted to delay this person's payout until those charges could be resolved and has failed. What the judge is really saying here isn't that breaking into a computer to get insider information is ok, but that you need to prove he did break into a computer a
Re:That opens the doors (Score:5, Insightful)
If a mate hacks a machine based on insider information, both the informant and the hacker are breaching a fiduciary duty. They're more likely to get useful information, and more likely to cause serious harm to the financial system. In my opinion, we want to deter hacking based on insider information more than random hacking.
That's not to say the fellow should get to keep the money. That will only serve to encourage random hacking pointedly in the absence of (traceable) insider information. However, trading on insider information should result in more significant consequences.
Re: (Score:2)
Are there any lawyers in the audience
Social hacking and other means (Score:2)
For example, say X does Y classes for the wives of big bosses, and X might be able to tell whether the various companies are doing well or not just from observing the wives
Even if the husbands aren't telling the wives that their companies just had record profits, the new cars/vacation/etc they bought for their wives might reveal stuff.
Sure it's not 100%, but apparently it worked well enough for someone I kn
Re: (Score:2)
Re: (Score:2)
It does not matter to me that this individual is not an employee, he had benefit of inside information. That should constitute insider trading.
An "insider" is created when someone is entrusted with a power to access information (i.e. by being appointed a director, etc.) and that person abuses that trust for their personal benefit.
In this case, the thief was not entrusted with any power to access information, but rather exploited a technological problem in order to access information and used that information for personal benefit. He didn't breach anyone's trust. He's just stealing information.
Both are wrong, but they are different crimes. The dif
Re: (Score:2)
You surely can't have X without A, B, and C in this situation. Otherwise the SEC could claim that your gains
Re: (Score:3, Funny)
Tell that argumentative Won guy that one who breaks into a system is pretty much de facto not trusted. :-)
The few, the proud, the entrusted (Score:2)
Computer [to Hacker]: Stop! Access to information on this computer is only entrusted to a specific few. Are you one of them?
Hacker: Yes, I am. Here are my credentials.
Computer: Ah, yes. I am duly fooled. Access granted. Come inside and be entrusted.
[User enters, is entrusted with information, later abuses
Re: (Score:2)
Re:That opens the doors (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
Re:That opens the doors (Score:5, Interesting)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Nevertheless, insider trading is very, very common. Despite the claims at corporate seminars by policy watchdogs, by simply watching the actions of the vice presidents and board members, it's very easy to see where their knowledge of other companies from non-disclosure bound meetings is used to their personal advantage. And it's far, far too com
Re: (Score:2)
If you're an officer, then you do have a fiduciary duty. If you're a run of the mill employee way down the hierarchy, then no, you do not have a fiduciary duty. Your friend can tell anyone that you gave him a hint, but you can't be charged for insider trading (you might be fired if he talks, so make sure it's worth it :)
A Very Wise Man Once Said (Score:1, Funny)
Seems reasonable to me (Score:5, Informative)
The judge's ruling seems pretty reasonable to me. What the hacker did was not insider trading, because he was not an insider, so the various regulations governming insider trading should have been found not to apply here.
Of course, as the judge also noted, that doesn't mean he broke any other laws. A fine equal to the profit he made on the options plus the original cost of buying them in the first place plus the cost of security work to ensure the systems are no longer vulnerable, combined with a jail sentence equal to what would have been handed down to an insider who made the same deal, seem like a fair punishment for the hacking to me.
Re: (Score:1)
Of course, as the judge also noted, that doesn't mean he broke any other laws.
Damn, hit Submit in mid-edit. Obviously I meant "...that doesn't mean he didn't break any other laws". Sorry.
Re:Seems reasonable to me (Score:4, Interesting)
I guess a good analogy would if you broke into someones home to read their wallstreet journal and then used their phone to make a call to your broker to make a trade.
Calling a broker to make the trade isn't the sticking point, but rather you broke into someone's home.
Re: (Score:2)
Of course, I don't know if there's a law related to profiting from a crime where this took place.
Re: (Score:2, Insightful)
Can anyone explain why this wasn't the case?
Re:Seems reasonable to me (Score:5, Insightful)
You said it yourself, as highlighted above.
Re: (Score:2)
Not sure... go ask a lawyer.
Re:Seems reasonable to me (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
A fine equal to the profit ... plus the cost of security work to ensure the systems are no longer vulnerable ...
Begin bad car analogy. If I break into your car, and get caught, do I have to pay for you to have your locks replaced with higher security locks, a higher security car alarm, more durable windows, and whatever else could conceivably prevent your car from being broken into?
Somehow, this guy broke into the system, which evidently wasn't secure enough as it was. The burden of securing the system falls on the owners of the system. Is there evidence of him breaking into the system? It sounds like it, but
Re: (Score:2)
Sorry, I agree that my previous statement does sound overly generic now that I read it again. I didn't mean that the hacker should have to pay for completely new, higher-spec systems to improve security more generally; clearly that is the company's responsibility and should have been done anyway. I just mean the costs incurred as a direct result of this particular breach: after any successful attack, the business is going to incur costs checking out their IT systems to make sure no backdoors have been plant
Re: (Score:2)
Example 1: Say I'm having a cup of coffee and I see a large commercial jet. One of the engines explodes and the plane crashes. I immediately get on my laptop and buy as many put options on the airline's stock as possible before the TV networks find out about it. Is this insider trading?
Example 2: A high level employee of a corporation has a loud cellphone conversation in the seat n
Re: (Score:2)
Well, I'm neither a lawyer nor an accountant, so I can't comment on any professional definition of "insider trading" that may exist, only the lay man's usage of the term. That said, I'd say your examples are all pretty clear, at least from an ethical/common sense perspective.
In (1), an aircraft crashing is clearly public information, and acting because you hear public information first isn't against the rules. (If it were, why would all the traders have news feeds running all the time?)
In (2), assuming
Re: (Score:2)
In this case, the SEC needs to prove the guy did steal the insider information.
No, that is not in question, from TFA;
"Dorozhko's alleged 'stealing and trading' or 'hacking and trading' does not amount to a violation" of securities laws, Judge Naomi Reice Buchwald of United States District Court ruled last month. Although he may have broken laws by stealing the information, the judge concluded, "Dorozhko did not breach any fiduciary or similar duty 'in connection with' the purchase or sale of a security." She ordered the S.E.C. to let him have his profits.
This is more of a case of rigid interpretation of the law; the SEC rules don't explicitly say that you can't steal and use insider information so it's not illegal.
Also this guy lives in the Ukraine so this is probably the only punishment [blocking receipt of the money] that the US could possibly give him.
Shortly after that (Score:2, Funny)
Re: (Score:3, Insightful)
I got it! I got it! Neuromancer, William Gibson, 1984!
Where's my prize?
Re: (Score:1)
Re: (Score:2)
Unlikely (Score:1)
Well slow down here (Score:5, Interesting)
However, he still could lose them. If the government tries and convicts him of a crime for actually hacking in to the system, then the money can be taken. You aren't allowed to profit from crimes, and as such the government can seize assets you gained through crime. So, if they manage to convict him of breaking in to the systems, the money he made in the trades will be fair game since it was a result of the break in.
However at this time he's not been charged, so that isn't on the table yet. However that doesn't mean this ruling says you get to keep your money no matter what in a case like this. It just means that it doesn't quality as insider trading so the SEC can't take it.
A similar case would be something like robbing a bank and then using the money to make more in the stock market. Even though the money was stolen, it isn't a violation of securities laws, so the SEC couldn't take it from you. However if you get convicted of robbery, the court could then seize the profits you got from that crime.
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Interesting)
Re: (Score:2)
Re: (Score:2)
According to TFA, the legal question raised is whether or not he "deceived" the computer when he hacked into it and downloaded the quarterly report. The spir
Re: (Score:2)
Not exactly. The money he made in the trades was a result of his making an independent act based on information he learned during the break in. There's no direct cause and effect there, since there's an intervening act of free will (he made a stock trade). This is entirely different from a bank robbery, where the money is stolen without an intervening a
Re: (Score:2, Insightful)
I'm thi
Use the right laws (Score:1)
Re: (Score:2)
why buy shares unless you know something ... (Score:2, Interesting)
Seriously, all share trading works on the basis of one party thinking they know something that either makes a stock worth selling or worth buying. When they are right they make a profit and when wrong they make a loss.
If you don't have any privileged (either by insider or through your own analysis) information, you're effectively just making a bet - you might as well buy a lottery ticket.
Re: (Score:2)
You do not have to be different or have different knowledge from others. Buying GOOG stock early or investing in stocks that pay good dividends are examples of decisions that are made based on public info- there is plenty of money that can be made using normal, publicly available information. Investing in penny stocks and day-trading are completely different issues of course.
Re: (Score:3, Informative)
Well, dividend-paying stocks give you a regular return - As long as you feel fairly confident that the company won't go under, you'll make a hell of a lot more than you would leaving the money in your savings account (and if you chose well and occasionally reallocate your portfolio, without requiring otherwise-unknown data, you can do a good bit better than a CD or even investment-grade bonds.
you're effectively just making a bet - you mig
Re: (Score:2)
It's slightly OT but by mentioning the ability to "short" via ETFs, you should also point out to /. readers that these ETFs do not necessarily give you the equivalent of a short position, especially the "ultra-short" ETFs. For instance, SDS (Proshares Ultrashort S&P 500) gained 2.49% this past month versus a 1.69% loss
Re: (Score:2)
Watch out, though - "twice the inverse daily performance" does not translate to "twice the inverse monthly performance" due to the magic of compounding.
For example, suppose the S&P gained 10% one day, and lost 10% the next. That would make for a two-day loss of 1%. But the
Re: (Score:2)
It's a risk/reward thing. You could put it in a savings account or a U.S. Government Bond with near-absolute safety (you will never lose anything) and get, say 3%. Or, you can boost your expected return over time by taking on some risk. With rational investments, the more risk you take, the greater the expected return over time.
Re: (Score:2)
You trade A to someone for B because you value B more than A, and that someone thinks the other way.
Why? Maybe that person needs "A" _now_.
That person might still think it's a crap time to sell the share, but might need the cash to keep the house/car.
The other thing is lots of people are stupid. And sometimes the stock market has a way of making the "smart" look stupid.
There were a lot of people who figured some bubbles should have burst a long time ago, but they just k
Hack'n'Trade (Score:2)
Reminds me about a Swedish group called Hack'n'Trade...
I think they meant some other kind of trading though.
Buying high, selling low, making money how? (Score:2)
"Mr. Dorozhko invested $41,671 in put options that would expire worthless three days later unless IMS shares plunged before that. The next morning the share price did plunge, and Mr. Dorozhko made his money by selling the puts."
I don't understand this. He was buying, waiting for the share price to plunge, and then selling. Doesn't that mean he was selling lower than he bought? How did he make money?
Re: (Score:2, Informative)
Re: (Score:3, Informative)
He was not buying the shares, he way buying put options, which basically give you the right to sell ("put") the shares at a predetermined price. If the share price suddenly drops, you can make money by just buying the shares on the open market and exercising your put options (which give you a fixed selling price that is now higher than what you're paying for the shares on the stock market). Alternatively, you can just sell the options themselves, which is less of a hassle.
Welcome to securitie
Re: (Score:2)
But that's what you get for complexity, more possibilities to exploit the system.
Re: (Score:2, Informative)
Re: (Score:3, Insightful)
He only loses the money he paid for the contract. In this case he'll just let the option expire and not exercise it. This is an OPTION, so he's not obligated to sell for $90.
Re: (Score:2)
Re: (Score:2)
He
Re:Buying high, selling low, making money how? (Score:5, Informative)
Here's how they work, more or less:
Stock A is currently selling for $100 per share. A trader a couple of months ago felt confident that the stock would never drop below $80 per share, so he sold put options - guarantees that he would buy the stock from you at a given price - in this case $80 - for a given date. If the price of the stock remains at $100/share, the options will be worthless, because owning shares valued at $100 there's no way I will sell them for $80. However, if the stock price drops to $60, I'd be more than happy to sell for $80/share. The person selling the options has no choice - if I come to him with the contract, he has to buy them at $80/share.
Those options can be traded up to the exercise date. So I buy them three days before the exercise date at a low price, as no one expects the stock to drop that much - the options themselves are worthless. I know the stock will plummet; I buy up all the options I can afford - let's say a buck a pop. Stock price is $60, suddenly those options are worth $20 apiece - difference between the market price and what the trader is obligated to pay.
Re: (Score:2)
Trader A: I will pay the holder of this option $80/share, if you present the option to me before the 1st of January.
Trader B: It's the 28th of December, and the share price is still $100/share, this option is worthless.
Trader C: Hey, I like worthless things, I'll pay you $1/share to take those options off your hands.
Company: Uh oh, we tanked.
Trader B: ARGH! Who will buy this junk stock, going cheap, $20/share!
Trader C: He
Yes Dammit! (Score:2)
They're called PUTS dammit!
I'm inclined to say (Score:5, Insightful)
That this is actually quite appropriate. Since he didn't have any fiduciary duty, the SEC shouldn't take his money away. That said, since it's profit from an illegal act, I would hope that the money would be taken away -- if and when he is convicted for the crime of stealing the data.
Too often in this country we seem to be throwing every law available at people and making up new ones to go with them, when the acts we're trying to punish are already illegal. If he didn't break securities laws, he shouldn't be punished under them. Since he did (we assume, but it hasn't yet been proven) break unauthorized access laws, he should be punished under those.
We don't need more laws against things that are already illegal, and we don't need to make a mockery of existing laws by applying them to things they don't apply to. On a related note, why do we need separate "identity theft" and "atm card fraud" laws, when anyone being charged with them is already also being charged with uttering false instruments and fraud? Our legal code needs to be smaller and simpler; making it so would make it more effective and efficient, not less.
Re: (Score:2, Interesting)
Now we know what that third step is... (Score:2)
2. Get the necessary information...
3. goto court and...
4. Profit.
like most answers, it's been right under our noses all along, I guess that goto's are not so bad after all :-)
Not keeping the money (Score:2)
There are only 2 situations here:
1) He had legal access to the documents. If true, that is insider trading. The SEC is the proper governing body and they will punish him.
2) He did not have legal access to the documents and stole them through whatever means he used to do so. If true, then he will also be punished, but by prosecution in a criminal court. Upon conviction, the money will be confiscated.
All the article really says is tha
Re: (Score:2)
There are only 2 situations here:
Actually, you missed one. The person has legal access to documents because they are publically available.
If I'm right, I think this was a person guessing the file-name of a press release when it was uploaded to a public server when the main page didn't contain a reference to the release. If so, it would make it more difficult to make a criminal conviction - based on sites such as Notpron [deathball.net], I doubt URL rewriting is much of an issue.
Re: (Score:2)
If that really happened, the way you suggest, then nothing wrong actually happened. You could say the guy was just very good at his research and rightly profited from it.
It's just a bungled prosecution (Score:2)
This is just a botched prosecution, not a decision with major implications. The attacker is a Ukrainian resident. He could have been prosecuted under some computer crime statute, but that would require investigative resources and cooperation from the State Department and the government of Ukraine. An "insider trading" case probably looked easier to some lawyer at Justice, even though this is clearly "outsider trading". They didn't expect that an admitted criminal would actively contest a seizure of the m
Profits, yes, however: (Score:3, Interesting)
Re: (Score:3)
Re: (Score:2)
Proceeds of crime bill ?! (Score:2)
Re: (Score:3, Insightful)
By definition, you are an insider if you have... (Score:2, Interesting)
As soon as he has the info, he cannot trade on it as he is an insider. Simple.
The judge is an idiot.
Fruit of a poisoned tree? (Score:2)
If I cheat and steal something then all derivatives of that something are tainted.
Thanks,
Jim
Re: (Score:3, Interesting)
Yes, the prosecutors messed up. They charged him with insider trading, which has a very specific definition under the law [sec.gov]. In this case the guy doesn't meet any of the requirements to be an insider under the rules. What got him off is probably that he had no help from anyone who was an insider. That's actually a deliberate "loophole" in the law so that, for example, if the CFO is dumb and leaves a copy of his company's next quarterly report on the table at a restaurant a week before it's due to be published
profiting from a crime (Score:2)
Congress' Fault (Score:2)