Cyberespionage ring stole corporate secrets in effort to rig stock market
Cyberespionage gang targeted major health care firms in scam that has compromised sensitive data of dozens of companies, security experts say
PUBLISHED : Wednesday, 03 December, 2014, 4:07am
UPDATED : Wednesday, 03 December, 2014, 4:07am
Reuters in Boston
Most targeted corporations are in the United States and trade on the New York Stock Exchange or Nasdaq. Photo: AFP
Security researchers say they have uncovered a cyberespionage ring focused on stealing corporate secrets for the purpose of gaming the stock market, in an operation that has compromised sensitive data about dozens of publicly held companies.
The hackers appear to be taking advantage of the current mergers-and-acquisitions boom to target publicly traded companies and their executives involved in pending deals.
Cybersecurity firm FireEye said that since the middle of last year, the group has attacked e-mail accounts at more than 100 firms, most of them pharmaceutical and health care companies.
The rise of mergers and acquisitions-specific hacking comes amid a boom time in the merger business. Global deals have topped US$3.2 trillion so far this year, the most since the financial crisis of 2008, according to the banking research firm Dealogic. The health care sector leads the way, accounting for more than 13 per cent of the value of the all deals.
The hacks also have sought information about clinical drug trials, insurance reimbursement rates and pending legal cases.
Victims also include firms in other sectors, as well as corporate advisers including investment bankers, attorneys and investor relations firms, according to FireEye. The cybersecurity firm declined to identify the victims. It said it did not know whether any trades were actually made based on the stolen data.
Still, FireEye Threat Intelligence Manager Jen Weedon said the hackers only targeted people with access to highly insider data that could be used to profit on trades before that data was made public.
They sought data that included drafts of US Securities and Exchange Commission filings, documents on merger activity, discussions of legal cases, board planning documents and medical research results, she said.
"They are pursuing sensitive information that would give them privileged insight into stock market dynamics," Weedon said.
The victims ranged from small to large corporations. Most are in the United States and trade on the New York Stock Exchange or Nasdaq, she said.
An FBI spokesman declined comment on the group, which FireEye said it reported to the bureau. The security firm designated it as FIN4 because it is number 4 among the large, advanced financially motivated groups tracked by FireEye.
The hackers don't infect the PCs of their victims. Instead they steal passwords to e-mail accounts, then use them to access those accounts via the internet, according to FireEye.
They expand their networks by posing as users of compromised accounts, sending phishing e-mails to associates, Weedon said. FireEye has not identified the hackers or located them because they hide their tracks using Tor, a service for making the location of internet users anonymous.
FireEye said it believes they are most likely based in the United States, or maybe Western Europe. Weedon said the firm is confident that FIN4 is not from China, based on the content of their phishing e-mails and their other techniques.
Researchers often look to China when assessing blame for economically motivated cyber espionage. The United States has accused the Chinese government of encouraging hackers to steal corporate secrets, allegations that Beijing has denied.
Weedon suspects the hackers were trained at Western investment banks, giving them the know-how to identify their targets and draft convincing phishing e-mails.
"They are applying their knowledge of how the investment banking community works," Weedon said.
Additional reporting by Los Angeles Times
__________________________________
Bitcoin battles
A top Australian law enforcement agency is investigating bitcoin's role in organised crime, a senior official said, just as politicians and financial regulators embrace the digital currency.
The investigation into bitcoin's crime links by one authority as others embrace it highlights the crossroads governments have reached as they struggle to regulate the five-year-old "cryptocurrency", a method of making anonymous payments which has surged in popularity around the world.
Australian Crime Commission Executive Director Judy Lind revealed investigators will monitor "misuse of virtual currencies to facilitate criminal activity" at a national and international level, under an operation named Project Longstrike.
"We know that virtual currencies including bitcoin are used as payment methods to facilitate illicit trade on the darknet," Lind said, referring to a hidden part of the internet where information can be shared anonymously and without revealing the location of its source.
"Organised crime groups continue to make use of darknets to harbour trading in illicit commodities, including child exploitation material, illicit drugs and firearms, stolen credit card and identity data, and hacking techniques."
Project Longstrike is just the latest example of Australia's determination to crack down on bitcoin-enabled crime. Last month, Australia said it extradited to the United States the alleged primary moderator of Silk Road, a website where people bought illegal drugs like heroin using bitcoins.
In October, police seized Queensland state's first bitcoin automated teller machine five months after it opened, with media reporting police believed it was being used by a former motorcycle gang member to deal crystal methamphetamine.
Regulators around the world are wary after the Mt Gox bitcoin exchange filed for bankruptcy in Tokyo earlier this year, saying it lost some 850,000 bitcoins - worth about US$300 million at current prices - in a hacking attack.
