U.S. Securities and Exchange Commission hunts insider trading hackers FIN4
Tue 23 Jun 2015
The U.S. Securities and Exchange Commission are actively investigating hackers connected with insider trading, according to ‘people familiar with the matter’, claim Reuters. SEC has never before approached business entities directly to solicit information as they are reported to be doing now, and former Head of Internet Enforcement John Reed Stark describes the proactive stance of the organisation as an ‘absolute first’.
Now a cybersecurity consultant, Stark added “The SEC is interested because failures in cybersecurity have prompted a dangerous […] new method of unlawful insider trading,” Stark has himself seen some of the SEC requests for information, but claims not to know the specific remit or scope of the investigation.
Under U.S. law companies are not required to disclose information about security incidents unless such information is ‘material’ under Federal Securities laws. The SEC has little history of investigating hacking cases, and since it can only institute civil suits, any momentous information would have to be carried forward by the Federal Prosecutor.
Reuters cites its unnamed sources as contending that the SEC is conducting the investigation in tandem with the U.S. Secret Service, which specializes (apart from its presidential details) in the investigation of cyber-fraud.
The initiative was set off by security company FireEye’s December investigation into the FIN4 financial hacking group, which it describes as intent on ‘compromising the accounts of individuals who possess non-public information about merger and acquisition (M&A) deals and major market-moving announcements, particularly in the healthcare and pharmaceutical industries,’ and additionally notes that the group numbers legal counsel, consultants, c-suite executives and researchers among its prime targets – in most cases ‘semi-peripheral’ entities with high privileges and no permanent residence between standard corporate security structures.
Though FIN4 prompted the investigation, it is not clear whether the SEC’s enquiries have extended further into the investigation of other groups or individuals. The Secret Service, perhaps predictably, would not comment on the matter.
The Securities and Exchange Commission has been asking companies for information related to actual or attempted cyber-attacks, and any attempts to inveigle hot corporate targets into snares via spear-phishing or ‘credential harvesting’, according to Reuters’ sources.
The FIN4 group uses fake Outlook log-in pages to get targets to unwittingly disclose their user/pass combos, and thereafter are able to interject themselves into the targets’ email threads transparently in order to harvest information. Threat Intelligence Manager at FireEye Laura Galante comments that the group “really knew their audience,”