It is not often when the Securities and Exchange Commission is involved in prosecution of cybercrimes. But in this case the SEC has successfully prosecuted cybercriminals for allegedly hacking into protected systems containing nonpublic information about publicly traded companies and then using the information to make trades for profit.
According to the SEC complaint, Blue Bottle Limited, a Hong Kong chartered company and Matthew Charles Stokes of Guernsey “fraudulently gained access to material nonpublic information through fraudulent devices, schemes, or artifices, which may include, but are not limited to, hacking into computer networks or otherwise improperly obtaining electronic access to systems that contain information about imminent news releases.” As a result, the defendants used the information to trade and make a profit of $2,707,177.
The SEC claims are under Section 17(a) of the Securities Act of 1933, Section 10(b) of the Securities Exchange Act of 1934 (Exchange Act), and Exchange Act Rule 10b-5. The complaint sought permanent injunctions, disgorgement of illegal profits plus prejudgment interest, and civil money penalties and on March 7, 2007, a United States District Court for the Southern District of New York entered a preliminary injunction order against the defendants.
It is interesting that it is the SEC bringing this action and not the Department of Justice. The Computer Fraud and Abuse Act would seemingly provide a better deterrent for criminals as it provides for jail time. However, the DOJ may not have been able to successfully prosecute the defendants as they may not be under the US jurisdiction. The SEC, on the other hand, can impose asset freeze and provide a relief when jurisdictional and other issues prevent successful criminal prosecution.