An insider-trading hacker gang called FIN4 is being hunted by the SEC

SECThe United States Securities and Exchange Commission (SEC) is hunting for a group of hackers that allegedly breached corporate email accounts in an attempt to steal sensitive information, such as details on company mergers, which they then used as a basis to trade on.

According to Reuters, the SEC has requested that at least eight different companies provide information about their data breaches. This is an "absolute first," says John Reed Stark, a former head of internet enforcement at the SEC, with respect to SEC probes into insider trading.

"The SEC is interested because failures in cybersecurity have prompted a dangerous, new method of unlawful insider trading," said Stark.

The investigation, which runs parallel to an ongoing probe led by the Secret Service, was launched in response to a report issued by FireEye back in December on the hacking group.

FireEye paperFireEye explains in its paper how the group is reported to have used fake Microsoft Outlook login pages to trick employees from as many as 100 publically traded companies and their advisory firms into giving away their passwords.

In at least one instance, the hackers are also believed to have used confidential information from a previously obtained document to engage their victims in conversation and lure them into revealing their credentials.

“What was insidiously brilliant was that they could inject themselves into email threads and keep gleaning information,” said Laura Galante, FireEye's manager of threat intelligence. “They really knew their audience.”

The security firm goes on to note that the FIN4 hackers likely come from the United States or Europe due to their strong command of the English language and a deep understanding of how the investment markets work.

In the past, the Securities and Exchange Commission would usually begin a probe into insider trading by looking for unusual activity on a corporation’s computer network.

The fact that it is investigating companies' breach history seems to reflect a growing concern for information security, not to mention a greater appreciation for how past incidents can lay the groundwork for future exploits.

Tags: , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , ,

One Response

  1. Coyote

    June 25, 2015 at 12:07 am #

    "The SEC is interested because failures in cybersecurity have prompted a dangerous, new method of unlawful insider trading," said Stark."

    Perhaps the SEC should be looking at the government of United States of America. Last I knew they (the congressional members) are (were?) allowed insider trading (and many other things, probably more things than I'd like to believe). Perhaps the same government should be looking at themselves for other things like penetrating networks of other countries. Perhaps they should be looking at themselves very closely in general. They are equally as guilty of these types of things and while it is bad that others do it, it is worse when governments (the ones creating the laws) do it; at least the former you might expect it.

    In any case, this wasn't a cyber security failure so much as a human failure (which indirectly does make it a security failure, admittedly), if it was phishing. If nothing else it shows that robots haven't (yet?) started taking over humans. At least at those companies.

Leave a Reply