Hacking a publisher’s Wi-Fi network with the intention of insider trading, engaging in insider trading, and deleting data from devices being examined by the Australian Securities and Investments Commission (ASIC) have seen an IT consultant slammed with a three-year prison sentence.
Steven Oakes was today sentenced in the County Court in Melbourne, after the regulator proved that he had hacked financial publisher’s, Port Phillip Publishing (PPP), Wi-Fi to discover which shares were listed as buy recommendations in reports the company was printing.
ASIC picked up on his suspicious trading when it noticed Oakes had bought shares shortly before their status as buy recommendations became public. As these shares’ prices generally rise after PPP publishes the reports, Oakes could then sell them for a profit.
He repeated this activity on a whopping 70 occasions to buy shares in 52 different companies from January 2012 to February 2016, each time before the reports with the buy recommendations were published.
Presiding over the matter, Judge Fox slammed Oakes as being “motivated by greed”: “Insider training is a form of cheating. It is not a victimless crime … If you access a secure computer network to commit a crime, you can expect to go to jail.”
Furthermore, Oakes wasn’t actually employed by PPP. Rather, he hacked into the private computer network of the publisher by physically going to the vicinity of its secure Wi-Fi networks, intercepting and decrypting Wi-Fi data to obtain the network login credentials of PPP staff. The court found that he did this with the intention of using PPP’s information to engage in insider trading.
Despite then being issued with a Notice to hand any electronic devices linked to his trading to ASIC, Oakes didn’t immediately comply. Once he did, the Commission was able to use forensic analysis of the devices, trading analysis, evidence from PPP, and compulsory examinations of Oakes to prove both the insider trading and the unauthorised access to PPP’s data.
Furthermore, examinations of the devices showed that Oakes had not only initially refused to hand over his electronics, but that when he did so, he had already deleted data from them.
ASIC Commissioner, Cathie Armour, warned that technology-enabled offending, including cyber-related market misconduct, was a priority for ASIC’s enforcement teams.
“Despite the sophistication of cyber criminals, ASIC can identify and investigate suspicious market activity connected to computer hacking activities, as it did in the case against Mr Oakes. Traders should be aware that ASIC continues to focus on cyber-related offending,’ she said.
Oakes ultimately pleaded guilty to 11 charges of insider trading, unauthorised access to data with the intention of committing a serious offence (being insider trading), and the alteration of electronic devices required by ASIC. He received a three year sentence but would be released after 18 months after agreeing to recognisance to be of good behaviour for a further year-and-a-half.