Ex-bankers suspected of business intelligence hack on Wall Street

A new approach to profiting from cyber-crime has seen confidential company information being syphoned from corporate communications then used to 'game' the US stock market, possibly by former traders

NEW YORK - December 30, 2014.

The cyber-espionage ring - dubbed FIN4 - has been targeting individuals who have access to insider company data including executives,consultants, legal counsel and analysts for the past year, in a new wave of insider trading.

Californian security company FireEye uncovered evidence that the hackers had already stolen email communications from over 100 businesses, to gain an upper hand on the markets.

The Silicon Valley cyber security company wouldn't reveal any details about who or what company data had been breached, but did reveal it contained insider information that could make or break stock prices.

This information put the hackers at a considerable trading advantage, the tech firm said, adding it couldn't rule out the data had been passed on to traders or a hedge fund.

They suggested that because of the comprehensive familiarity with the inner workings of the finance industry shown, the perpetrators could be Americans who had worked on Wall Street.

One of the examples detailed in the firm's report - now being scrutinised by the FBI - shows FIN4 obtaining a confidential corporate document intended for filing to the US Securities and Exchange Commission that detailed a publicly-traded company’s attempted acquisition.

The hackers mounted a spear phishing e-mail to obtain a password, using their copy of this internal company document as a confidence trick to gain credibility, before logging into the systems of a firm advising the public company to monitor their communications.

The public company’s share price then varied significantly when news broke about its possible acquisition.

Many of the victims who have had their business information hacked are health-care and global pharmaceutical companies whose share values react to news of mergers, regulatory decisions and clinical-trial results.

Prosecutors in the US have cracked down on corporate data theft and misuse before; with particular focus on cases where company financial information has been mined through personal connections and pay-offs.

The SEC has taken action in this field a number of times, with notable examples being their prosecution of two traders in 2005 for hacking the BusinessWire press release website and gaining access to hundreds of embargoed regulatory announcements outlining corporate earnings and mergers.

The traders paid $14m to settle the action.

Five years later, the SEC charged a Ukrainian engineering consultant with hacking Thomson Financial and obtaining a negative earnings announcement about a company providing market research to the pharmaceutical sector.

Presswire

Further Information

Shopping Basket

There are no articles in the shopping basket

api.worldbox.ch

PARTNER