The United States Securities and Exchange Commission (SEC) is hunting for a group of hackers that allegedly breached corporate email accounts in an attempt to steal sensitive information, such as details on company mergers, which they then used as a basis to trade on.
According to Reuters, the SEC has requested that at least eight different companies provide information about their data breaches. This is an “absolute first,” says John Reed Stark, a former head of internet enforcement at the SEC, with respect to SEC probes into insider trading.
“The SEC is interested because failures in cybersecurity have prompted a dangerous, new method of unlawful insider trading,” said Stark.
The investigation, which runs parallel to an ongoing probe led by the Secret Service, was launched in response to a report issued by FireEye back in December on the hacking group.
FireEye explains in its paper how the group is reported to have used fake Microsoft Outlook login pages to trick employees from as many as 100 publically traded companies and their advisory firms into giving away their passwords.
In at least one instance, the hackers are also believed to have used confidential information from a previously obtained document to engage their victims in conversation and lure them into revealing their credentials.
“What was insidiously brilliant was that they could inject themselves into email threads and keep gleaning information,” said Laura Galante, FireEye’s manager of threat intelligence. “They really knew their audience.”
The security firm goes on to note that the FIN4 hackers likely come from the United States or Europe due to their strong command of the English language and a deep understanding of how the investment markets work.
In the past, the Securities and Exchange Commission would usually begin a probe into insider trading by looking for unusual activity on a corporation’s computer network.
The fact that it is investigating companies’ breach history seems to reflect a growing concern for information security, not to mention a greater appreciation for how past incidents can lay the groundwork for future exploits.