Library of Congress

Law Library of Congress

The Library of Congress > Law Library > News & Events > Global Legal Monitor

United States: Computer Hacker Can Be Prosecuted for Securities Fraud

(Aug. 19, 2009) The United States Court of Appeals for the Second Circuit has ruled that a computer hacker who uses deceptive means to obtain advance information about a company's financial reports can be sued for fraud under the Securities Exchange Act of 1934.

Section 10(b) of the 1934 Act prohibits the use of “any manipulative or deceptive device” in contravention of Securities and Exchange Commission (SEC) regulations in connection with the purchase or sale of securities. On October 17, 2007, IMS Health, Inc. (IMS), a publicly traded company, was scheduled to announce its third-quarter earnings after the New York markets closed. At 2:15 p.m. that day, someone hacked into a secure computer server at Thomson Financial, Inc., IMS's investor relations and Internet services provider, and downloaded the IMS data. At 2:52 p.m., Oleksandr Dorozhko purchased over $41,000 in IMS “put” options, effectively betting that IMS's stock price would decline precipitously. Following the public announcement that IMS's earnings were below expectations, the next morning IMS's stock prices sank significantly. Six minutes after the market opening, Dorozhko sold all of his IMS options, realizing a large net profit. Dorozhko's broker reported his irregular trading activity to the SEC.

The SEC charged Dorozhko with violating section 10(b) and sought a preliminary injunction freezing the proceeds of the transaction in Dorozhko's brokerage account. The district court denied the SEC's request, ruling that computer hacking was not “deceptive” within the meaning of section 10(b), because Supreme Court interpretation of that section requires a fiduciary relationship, and Dorozhko had no fiduciary duty to IMS or Thomson. The SEC appealed.

The Second Circuit reviewed the Supreme Court decisions relied on by the district court. It observed that these cases involved nondisclosure when there was a duty to speak arising from a fiduciary relationship, but they did not indicate that a fiduciary relationship is required when someone affirmatively misrepresents himself in order to gain access to nonpublic information used to trade in securities. The Second Circuit noted that Dorozhko used electronic means to bypass computer security to gain unauthorized access to information within a computer network, and, depending on how he gained access, could have employed fraudulent misrepresentation that was “deceptive” within the meaning of section 10(b). The court remanded the case to the district court for further proceedings to allow it to consider this question. (Securities and Exchange Commission v. Dorozhko, No. 08-0201-cv (July 22, 2009), available at