Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
By Alan Levin and Michael Riley
Dec. 1 — Hackers with Wall Street expertise have stolen merger-and-acquisition information from more than 80 companies for more than a year, according to security consultants who shared their findings with law enforcement.
A group dubbed FIN4 by researchers at FireEye Inc. has been tricking executives, lawyers and consultants into providing access to confidential data and communications, and probably using the information for insider trading, FireEye said in a report Dec. 1. The hackers' sophistication suggests they've worked in the financial sector, Jen Weedon, FireEye's manager of threat intelligence, said in an interview.
The report is the most detailed to date suggesting that hacking may be the basis for a new wave of insider trading, following a crackdown by U.S. prosecutors over the last three years that focused on mining information through personal connections and payoffs. FireEye said it couldn't discount that the hackers provided the data to traders or a hedge fund.
“We suspect they are Americans, given their Wall Street inside knowledge,” Weedon said. “They seem to have worked on Wall Street.”
Most of the cases detected involved health-care or pharmaceutical companies, whose stock prices swing on news of mergers, clinical-trial results and regulatory decisions, according to Milpitas, California-based FireEye. FireEye didn't identify any targets of the hacking.
“Access to insider information that could make or break stock prices for over 80 publicly traded companies could surely put FIN4 at a considerable trading advantage,” FireEye said in the report.
FireEye turned over the information it gathered in its investigation to the U.S. Federal Bureau of Investigation, Weedon said. The FBI is reviewing the report and can't comment, Joshua Campbell, a spokesman, said in an e-mail.
In one example FireEye tracked, the hacking group obtained a confidential document prepared for the U.S. Securities and Exchange Commission about a public company's attempted acquisition.
Hackers then used the document for what is known as a spearphishing e-mail, an attempt to persuade someone to reveal a password. Because the document was real, it gave the deception credibility, Weedon said.
The successful attacks were focused on two companies advising the unidentified public company, according to the report, which said the company's share price “varied significantly” after news of the possible acquisition became public.
“It is likely that FIN4 used the inside information they had to capitalize on these stock fluctuations,” the report said.
A team at FireEye has been tracking the attacks for more than a year and believes they began in mid-2013. Targets included more than 100 publicly traded companies, law firms, outside consultants and investment bankers, the report said.
Of the targets, 68 percent were publicly traded health-care and pharmaceutical companies and 12 percent were public companies in other industries, according to the report. Advisers made up the remaining 20 percent.
The e-mails targeting executives, lawyers and others were written by native English speakers who knew investment terms and the inner workings of public companies, according to the report.
“FIN4 knows their targets,” the report said.
Instead of infecting target computers with malware, the hackers obtained e-mail passwords and logged in to monitor communications, the report said.
“In order to get useful inside information, FIN4 compromises the e-mail accounts of individuals who regularly communicate about market-moving, non-public matters,” the report said.
The SEC has in the past sanctioned people who traded on confidential information obtained through hacking. In 2005, the agency sued two Estonian traders for breaking into the systems of Business Wire, which distributes press releases about corporate earnings, mergers and regulatory actions.
The traders, who agreed to pay more than $14 million to settle the claims, got an early peek at more than 360 press releases, according to the SEC. In 2010, the SEC accused a Ukrainian trader, Oleksander Dorozhko, with fraud, claiming he hacked into the systems of an investor-relations firm to get early access to the earnings of a health care company.
To contact the editor responsible for this story: Maura Reynolds at email@example.com
©2014 Bloomberg L.P. All rights reserved. Used with permission.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)