Federal authorities have charged 30 people in connection with an insider trading network that allegedly operated for more than a decade by exploiting access controls at several major U.S. law firms.
Singapore Summit: Meet the top APAC brokers you know (and those you don’t know yet!)
The case involves licensed attorneys, financial professionals, and a network of offshore brokerage accounts, and raises specific questions about how professional services firms manage access to sensitive transaction information.
How the scheme worked
At the heart of the indictment is Nicolo Noorafshan, a licensed attorney who has worked at several major law firms. Prosecutors allege he used his authorized access to law firms’ document management systems to view confidential materials on nearly 30 pending mergers and acquisitions deals, including deals for which he was not appointed.
“An FBI investigation in Boston led to charges against 30 individuals for their roles in a global insider trading scheme that generated tens of millions in illicit profits.
The FBI made arrests in AL, CA, FL, NJ, and NY today of individuals accused of…
– Watcher.Guru (@WatcherGuru) May 6, 2026
He then passed that material, non-public information to a network of brokers and traders in exchange for cash payouts amounting to hundreds of thousands of dollars.
To avoid detection, the network is traded through shell and foreign companies Brokerage accounts In Switzerland and Panama. Members used burner phones and coded language referring to the authenticity of the “rabbi” to indicate the status of the pending deal.
The investigation relied on recovering encrypted messages and analyzing trade timing to link the participants.
“Everyone charged today is accused of making large profits from anticipated market movements and posing like bandits,” FBI Special Agent Ted E. Dukes said. “Anyone who participates in Insider trading “It fundamentally undermines the trust needed for our financial markets to function.”
Where controls failed
For compliance and risk officers, the indictment identifies several specific failure points worth examining. Noorafshan can view deal documents across the company network without being a member of the respective deal teams.
This indicates the absence of least privilege access controls, a basic information security principle that limits system access to what the user role actually requires.
The scheme reportedly continued while Noorafshan was on leave, suggesting his credentials were not suspended when his active status changed.
On the brokerage side, the use of shell companies and foreign accounts to hide the source of trades puts pressure on a persistent weakness: identifying the ultimate beneficial owner behind suspiciously timed positions across multiple jurisdictions.
What are the status signals for the industry
The SEC’s involvement over the course of a multi-year investigation reflects the agency’s growing ability to link trading activity across global markets to a single source through data analysis.
The broader takeaway for the brokerage and professional services industry is practical rather than abstract. External security perimeters are less important when internal access controls are not enforced at the role level.
The threat in this case was not outside interference, but rather an authenticated user browsing files he wasn’t supposed to see for years without raising an alert. The defendants are spread throughout California, Florida, New York and beyond.
The case also comes at a time when regulators and prosecutors are increasingly scrutinizing it Insider trading via prediction markets And crypto-related event contracts.
Federal authorities have charged 30 people in connection with an insider trading network that allegedly operated for more than a decade by exploiting access controls at several major U.S. law firms.
Singapore Summit: Meet the top APAC brokers you know (and those you don’t know yet!)
The case involves licensed attorneys, financial professionals, and a network of offshore brokerage accounts, and raises specific questions about how professional services firms manage access to sensitive transaction information.
How the scheme worked
At the heart of the indictment is Nicolo Noorafshan, a licensed attorney who has worked at several major law firms. Prosecutors allege he used his authorized access to law firms’ document management systems to view confidential materials on nearly 30 pending mergers and acquisitions deals, including deals for which he was not appointed.
“An FBI investigation in Boston led to charges against 30 individuals for their roles in a global insider trading scheme that generated tens of millions in illicit profits.
The FBI made arrests in AL, CA, FL, NJ, and NY today of individuals accused of…
– Watcher.Guru (@WatcherGuru) May 6, 2026
He then passed that material, non-public information to a network of brokers and traders in exchange for cash payouts amounting to hundreds of thousands of dollars.
To avoid detection, the network is traded through shell and foreign companies Brokerage accounts In Switzerland and Panama. Members used burner phones and coded language referring to the authenticity of the “rabbi” to indicate the status of the pending deal.
The investigation relied on recovering encrypted messages and analyzing trade timing to link the participants.
“Everyone charged today is accused of making large profits from anticipated market movements and posing like bandits,” FBI Special Agent Ted E. Dukes said. “Anyone who participates in Insider trading “It fundamentally undermines the trust needed for our financial markets to function.”
Where controls failed
For compliance and risk officers, the indictment identifies several specific failure points worth examining. Noorafshan can view deal documents across the company network without being a member of the respective deal teams.
This indicates the absence of least privilege access controls, a basic information security principle that limits system access to what the user role actually requires.
The scheme reportedly continued while Noorafshan was on leave, suggesting his credentials were not suspended when his active status changed.
On the brokerage side, the use of shell companies and foreign accounts to hide the source of trades puts pressure on a persistent weakness: identifying the ultimate beneficial owner behind suspiciously timed positions across multiple jurisdictions.
What are the status signals for the industry
The SEC’s involvement over the course of a multi-year investigation reflects the agency’s growing ability to link trading activity across global markets to a single source through data analysis.
The broader takeaway for the brokerage and professional services industry is practical rather than abstract. External security perimeters are less important when internal access controls are not enforced at the role level.
The threat in this case was not outside interference, but rather an authenticated user browsing files he wasn’t supposed to see for years without triggering an alert. The defendants are spread throughout California, Florida, New York and beyond.
The case also comes at a time when regulators and prosecutors are increasingly scrutinizing it Insider trading via prediction markets And crypto-related event contracts.
