Hacker holds onto ill-gotten gains thanks to US courts
This story was updated to correct an error in an earlier version. Dorozhko was never accused of breaking into networks belonging to IMS Health. Oleksandr Dorozhko made almost $300,000 in stock-option trading by using insider information that was obtained after someone hacked into a financial network and stole confidential …
And he will never get out alive until he gives them the $300,000.
Hell he should be let off with it just because it's a decent trick he's pulled.
Makes a change from all the cracking just to pump out more penis spam or to DDoS some CS server that didn't respect the skiddies 'skillz'
But here in Aus, you are not allowed to maintain the proceeds of any crime you've committed so if your found guilty of a crime, you lose the ability to make money from it or to keep any money from it.
Take David Hicks (Australian guy who ended up in Guantanamo after fighting for the Taliban), if he sells his story to the media then the government gets all that money because he'd be profiting from his crime.
So same deal with this guy, he committed an illegal act (hacking) if found guilty of that then the $300,000 goes to the government because its the proceeds of his crime.
Cant believe you guys dont have the same sort of thing, but then again that would make most of your company and government execs bankrupt so i guess i can understand it...
In the US the same is true I believe and the assets (not just the proceeds of the crime but all assets) can be seized by the feds on suspicion of being proceeds from a felony.
However, even though the feds would love their jurisdiction to reach globally, it doesn't; so unless the Russian government are going to allow this guy to be extradited then he is home and dry. Now just think about this for a moment, if you were the Russian Prez would -you- grant an extradition request from the US? I'd tell them in no uncertain terms to file their extradition request where the sun doesn't shine.
Congrats for reading the full story.
As this man has not been tried, let alone found guilty, then, effectively, no crime has been commited, ergo there are no proceeds of crime that can be confiscated.
We have those laws too in the US, but I believe the article indicates he is a Ukraine resident which makes it difficult for anything the US determines to have much of an effect. If the US is truly interested in getting him then it can be done, but the department of justice or whoever is handling this case may have other fish to fry.
There is plenty of precedent in the US and elsewhere for someone to be tried in absentia, and if found guilty the money could be seized. If there is no reasonable expectation of extradition - this could well be the best option.
The guy in question used the information obtained from the system by some other person to place a short CFD. He never hacked the system himself so he's committed no crime and therefor can't be prosecuted and ordered to turn over the money.
Sweet little number he's pulled. Now if only I had the name of the hacker so I can ask what other information he/she has. :o)
While Oleksandr Dorozhko may not have hacked into the system it is likely that he has a connection to the person who did. If that link can be established (even if the hacker isn't identified) then we have a conspiracy.
So even if he didn't hack into the system he could be charged with conspiracy to hack or defraud.
Copyright infringment? - he may have made an illegal copy of the financial report.
Receipt of stolen goods? - if you define the report as their IP and then define IP as goods.
Mainly though, he's guilty of pissing off an American corporation - which can be dangerous.
Russian government ? Ukraine is an autonomous state, it's nothing to do with the Russians.
True...but given that this case is at the appeal stage I doubt more evidence will emerge linking the two. So this leave the guy in a strong position one that I bet he wins on. Only time will tell...
Overseas hackers steal money from Americans (and, presumably others, but I only know about the American cases) all the time and get away with it completely clean even though they are identified by U.S. law enforcement. So we can't (effectively) prosecute this particular guy -- that's sad and everything, and I would probably support reasonable changes to the law to close the "loophole." But insider trading laws can't be used against him for the very simple and obvious reason that HE WASN'T AN INSIDER! Those laws simply don't apply.
As for the Predictable Resource Location "hack" hypothesized about in the article, I have no sympathy for anyone who gets burned by that one. If you make a document available to the public on a webserver, then it's been published, and I can't see where it matters that you didn't link to it or announce it separately or whatever. If someone gets a confidential document because the admins were too lazy to type 'chmod a+r foo' at the time of release, it ought to be the corporate IT director who gets prosecuted for criminal incompetence. In fact, isn't that just what the SOX boondoggle was supposed to do?
This Hacker is obviously funding terrrrrrriiiisssstsss...
No chance he'd be using the d0$h for personal use...
Hope he doesn't fly to a country with an Extradition Treaty with the US... Then again, there's always Extraordinary Rendition...
Who needs Rendition or Extradition Treaties? Simply have the SEC agree to give him the cash. But as a foreign national require him to collect the cash in person.
I doubt very much he would bother to show up.
Fact is he commited a crime. The authorities need to close that loophole and more importantly make the law retoactive too
Rubbish tosh bother!
You are obviously jealous to the point of contradicting yourself.
You admit it is a loophole. BY DEFINITION if he has used a loophole, he did not commit a crime.
Your just jealous that a ukranian NON-HACKER has enough smarts to get bags of cash fast and YOU don't.
It is the fault of the lawmakers and the business that disclosed their sensitive information.
SEC rule 10b5-1 makes it illegal for anyone to make trades on the basis of any
material non-public information, not just insider's. The classic example is that if you witness a fire in a company's only warehouse and then call your broker and
sell your shares in that company before the fire is reported on the news, you are guilty of insider trading. Another example that actually happened, was that a company that happened to be in a small town. The people of the town noticed that this company had a sudden spate of visits by the executives of another company and deduced that the other company was going to acquire the local one, and then traded accordingly. this was deemed insider trading, because the local towns people had access to the information of the visits that was not public knowledge.
Sign up, sign up for The Register's weekly IT security newsletter - click here
