US targets 'insider trading' hackers

  • Published
StocksImage source, Thinkstock
Image caption,
The financial markets represent rich pickings for hackers

Hackers suspected of breaking into corporate email accounts to steal financial secrets are under investigation in the US.

The Securities and Exchange Commission has asked at least eight leading companies to provide details about their data breaches, Reuters has learned from a former SEC boss.

He warned that stolen data could be used for a new type of insider trading.

The US government wants big firms to step up cybersecurity.

John Reed Stark, a former head of internet enforcement at the SEC, told the news agency that asking firms to disclose details about breaches was "an absolute first" and this move came as the US government focused on a "dangerous, new method of unlawful insider trading".

He said that the SEC had asked for information on the tactics of the hackers - who often target employees with phishing emails that take them to fake websites that steal passwords and other information.

The SEC has not confirmed who is involved in its investigation.

'Solid evidence'

Security firms are also increasingly issuing alerts about hackers in search of financial secrets.

One such group - FIN4 - was reported by security company FireEye in December.

"We have solid evidence that there is at least one group and probably multiple groups that are breaching corporate networks to gain knowledge and trade in the markets in an advantaged position," said regional FireEye president Richard Turner.

Operating since mid-2013, the group is believed to have hacked into email accounts at more than 100 companies, looking for confidential market information.

It used a technique known as spear-phishing, where emails laden with malware are sent to specific people in an organisation with information targeted to that individual.

The companies are not named but come from a range of industries, including biotechnology, healthcare and pharmaceuticals.

Such firms were targeted because their shares tend to be more volatile and therefore more profitable, according to FireEye.

It said that the hackers had good English and a deep understanding of how the financial markets worked.

Civil cases

The group obtained documents related to discussions of mergers and acquisitions, then added malware to the documents and sent them on to top executives, research suggested.

US companies are currently required to disclose any breaches only if they are deemed to be "material" under federal securities law.

The SEC does have the power to bring civil cases against hackers but has so far brought only a handful.

In 2007 a Ukrainian trader named Oleksandr Dorozhko was accused of hacking into Thomson Reuters to obtain unreleased financial data about IMS Health. He was later ordered to pay $580,000 (£368,000).

Until more was done to catch the hackers, the attacks would continue, said Mr Turner.

"There is no correlation between the proportion of attacks and the proportion of prosecutions so, from the point of view of an organised crime group, online is a pretty good place to do business."

Related Internet Links

The BBC is not responsible for the content of external sites.