NEWS
NEWS
NEWS
SEC investigating notorious corporate insider trading hackers FIN4
The Securities and Exchange Commission (SEC) are investigating notorious hacking group FIN4 over allegations that they have been using hacked information to profit from share trading.
To make matters even more interesting, Reuters quotes “people familiar with the matter“ as saying that the SEC has approached at least eight listed companies to provide details of their data breaches.
As correctly noted by the report, the move to approach major financial companies for details of breaches is an unusual move.
FIN4 first came to attention back in December when FireEye, Inc.released an intelligence report that detailed how the financially motivated “threat group” had been carrying out attacks against publicly traded companies in an attempt to game the markets.
The December report provides details on how FIN4 has a serious knowledge of certain industries and their practices, and that the group has been collecting information from nearly 100 publicly traded companies and their advisory firms, in an attempt to obtain insider information that would help them in trading.
Former head of Internet enforcement at the SEC John Reed Stark told Reuters that the request for information from companies in relation to possible breaches with an insider trading probe was a first, and further added “The SEC is interested because failures in cybersecurity have prompted a dangerous, new method of unlawful insider trading.”
Hacking
The methodology used by FIN4 does enter the fiction-worthy intrigue league, with the group not utilizing malware but instead relying heavily on highly-targeted social engineering tactics and deep subject-matter expertise to deliver weaponized versions of legitimate corporate files; if that doesn’t make a lot of sense, they’re actually monitoring subjects, gaining entrance to premises of targeted companies (both legally and illegally) to plant files and software, and further finding other ways to steal login credentials needed to access the data they’re after.
Suffice to say, these are not your typical basement-dwelling script kiddies doing it for the Lulz.
FIN4 not only knows how to get into companies to obtain the data, the data they obtain is often highly specific, including product development, M&A strategies, legal issues, and purchasing processes, all of which can be used to manipulate trades, and naturally for the group to make money.
It’s not clear from the report how long the SEC investigation has been in progress, or whether it is close to tracking down the members of FIN4.
Image credit: viirok/Flickr/CC by 2.0
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
