United States v. Korchevsky
Unpublished (cited as 2d Cir. 2021) (2021)
Rule of Law:
In a conspiracy charge, co-conspirators need not know each other's identities, only that they are part of a collective venture toward a common goal; computer hacking, including using stolen login credentials, constitutes a 'deceptive device or contrivance' under Section 10(b) for securities fraud, even without a fiduciary duty; and venue is proper in any district where a defendant foreseeably causes an act in furtherance of the securities fraud to occur, such as trades with counterparties or clearing agents located there.
Facts:
- In 2010, brothers Arkadiy and Pavel Dubovoy approached Vitaly Korchevsky, a hedge fund manager, to recruit him into a scheme to use nonpublic information for securities trading.
- Ukrainian hackers infiltrated newswires (PR Newswire, Marketwired, Business Wire) to steal pre-publication press releases containing sensitive financial information.
- The Dubovoys provided Korchevsky with login credentials to a web-based server hosting the stolen releases, and he agreed to participate, subsequently receiving computers, phones, and software from Arkadiy’s son, Igor Dubovoy.
- From January 2011 to February 2015, Korchevsky executed trades using the stolen information, mostly “in-window” (before public release), yielding approximately $15 million in profits, and received a percentage of these profits.
- The Dubovoys later brought in Vladislav Khalupsky, who used his Ukrainian trading company and its employees to conduct similar in-window trades based on stolen releases, generating roughly $3.1 million in profits.
- The scheme temporarily faltered in early 2014 when the original hackers grew suspicious and stopped providing releases, leading to a sharp decline in Korchevsky’s trading volume and profits.
- In late 2014, Korchevsky insisted that the Dubovoys secure a new Ukrainian hacker, which they did, allowing the scheme to continue, albeit with Korchevsky receiving releases from Igor and sending coded text messages for stock purchases.
- Hackers initially accessed Marketwired’s systems using SQL injection to identify vulnerabilities and extract data, then used stolen employee login credentials to access more secure areas.
Procedural Posture:
- On August 15, 2015, a grand jury in the United States District Court for the Eastern District of New York returned the first indictment, charging Vladislav Khalupsky and Vitaly Korchevsky with conspiracy to commit wire fraud, conspiracy to commit securities fraud, securities fraud, and money laundering conspiracy.
- On September 13, 2016, a second grand jury in the United States District Court for the Eastern District of New York returned a superseding indictment, which replicated the first but added computer intrusions as an object of the conspiracy to commit securities fraud charge.
- Following a three-week jury trial that concluded in July 2018 in the U.S. District Court for the Eastern District of New York, Khalupsky and Korchevsky were convicted on all counts.
- The U.S. District Court for the Eastern District of New York sentenced Khalupsky to four years’ imprisonment and Korchevsky to five years’ imprisonment, along with forfeiture and restitution orders.
- Khalupsky and Korchevsky, as defendants-appellants, appealed their judgments of conviction to the United States Court of Appeals for the Second Circuit.
Premium Content
Subscribe to Lexplug to view the complete brief
You're viewing a preview with Rule of Law, Facts, and Procedural Posture
Issue:
1) Is the evidence sufficient to establish a single conspiracy where alleged co-conspirators, though unknown to each other, are aware of their involvement in a larger organization pursuing a common criminal goal? 2) Does computer hacking, including the use of stolen login credentials to gain system access, constitute a 'deceptive device or contrivance' for purposes of securities fraud under Section 10(b) and Rule 10b-5, even in the absence of a fiduciary duty to investors? 3) Was venue proper in the Eastern District of New York for securities fraud counts where defendants foresaw that acts constituting the securities fraud, such as trades with counterparties or using clearing agents, would occur in that district?
Opinions:
Majority - John M. Walker, Jr., Circuit Judge
Yes, the evidence was sufficient to establish a single conspiracy even though co-conspirators did not know each other's specific identities, because each was aware of being part of a larger, collective venture directed toward a common goal. The court reasoned that the government is not required to prove that a defendant knew all details or the identities of all other conspirators, especially when a central figure (like the Dubovoys) links all participants. The testimony indicated that the Dubovoys intentionally kept Korchevsky and Khalupsky apart to maximize profits, which furthered the common goal. Korchevsky knew he depended on a large network (hackers, intermediaries) and agreed to share profits, distinguishing this from cases where a defendant was unaware of any broader organization beyond an immediate partner. The court affirmed that computer hacking, particularly the use of stolen employee login credentials to misrepresent oneself as an authorized user to gain system access and steal information, constitutes a 'deceptive device or contrivance' under Section 10(b) and Rule 10b-5. It clarified that a fiduciary duty is not required for fraudulent trading in securities by an outsider, and the deception need only be 'in connection with the purchase or sale of any security,' which was satisfied by the direct link between hacking and trading. Furthermore, venue was proper in the Eastern District of New York because it was foreseeable to the defendants that acts constituting securities fraud, such as trades with EDNY counterparties and the use of an EDNY-based clearing agent (J.P. Morgan Clearing Corporation), would occur there. These acts were not merely preparatory but 'constituting' the violation. The court also rejected claims of constructive amendment or prejudicial variance, finding the additional evidence of trades or target companies fell within the 'core of criminality' alleged in the indictment. Finally, the court found no abuse of discretion in the district court's response to a jury note during deliberations and affirmed the conscious avoidance instruction, as a factual predicate existed, and the instructions clarified that actual knowledge was required for conspiracy membership and aiding and abetting intent.
Analysis:
This case clarifies several important aspects of federal criminal law concerning complex financial fraud. It reinforces the broad scope of conspiracy liability, particularly in 'hub-and-spoke' arrangements where participants don't know each other but are aware of a larger illicit enterprise. The ruling also expands the definition of 'deceptive device or contrivance' under Section 10(b) to explicitly include computer hacking and unauthorized access through stolen credentials, even without a traditional fiduciary breach, thereby adapting securities fraud law to modern cybercrime. Furthermore, it affirms that venue can be established through foreseeable acts in a district that are 'constituting' rather than merely 'preparatory' to the fraud, providing clarity for prosecuting geographically dispersed financial crimes.
