Cyber Ring Stole Secrets For Gaming US Stock Market

chicksdaddy writes Reuters has the scoop this morning on a new report out from the folks at FireEye about a cyber espionage ring that targets financial services firms. The campaign, dubbed FIN4 by FireEye, stole corporate secrets for the purpose of gaming the stock market. FireEye believes that the extensive cyber operation compromised sensitive data about dozens of publicly held companies. According to the report, the victims include financial services firms and those in related sectors, including investment bankers, attorneys and investor relations firms. Rather than attempting to break into networks overtly, the attackers targeted employees within each organization. Phishing e-mail messages led victims to bogus web sites controlled by the hackers, who harvested login credentials to e-mail and social media accounts. Those accounts were then used to expand the hackers' reach within the target organization: sending phishing email messages to other employees.

Re:

[erikkemperman]

Goldman Sachs is a member of Congress? I think you mean "Only the people bribing members of Congress".

You're right I guess, but I can see how we'd get confused. "Businessman" is a much over-represented group in Congress (this is true in lots of other countries of course).

Re:

[Required Snark]

In the most recent election, there were 10 or so elected judge positions. Each had 3 or 4 candidates. Of the total candidates, over 50% listed their occupation as "Gang prosecutor", or a similar phrase. Because the only thing judges ever do is hear cases about gangs, or so one might think. No traffic court, no civil litigation, no other criminal cases. Only gangs.

Way to go 'Merica!!

Re:

[Lunix Nutcase]

The people running this ring are honest about their intentions?

Re:

[Anonymous Coward]

No, the "emailing employees" parts is getting played up, so they're computer bogeymen ("hackers") instead of just the usual above board backstabbing trader types. It's the scarewords that make a good story, not the substance.

Re:

[erikkemperman]

if there were no losses to common folk I would welcome this development.

The ways in which common folk will suffer losses from this type of corporate sabotage, e.g. that institutional investors such as pension funds are "required" to be a part of the stock casino and dodgy derivative financial contraptions, is another discussion. Worth having, imho.

More on topic, perhaps, FTS:

According to the report FireEye the victims include financial services firms and those in related sectors, including investment bankers, attorneys and investor relations firms.

I wonder whether the perpetrators are not at some remove employed by much the same demographic as the victims...

Re:

[Anonymous Coward]

People possessing the privileged information that was stolen are not allowed to use it for their own benefit when making stock trades. They are not directly hurt. Use of the unfair advantage that stolen privileged information provides facilitates a wealth transfer from everyone participating in the stock market to those committing the crime. The common folk are hurt in a very diffuse sort of way. Anyone with any sense ought to know that the common folk are always at a disadvantage when investing in the

Re:

[bobbied]

I didn't think the methods for gaming the US stock market were secret.

Generally they are well known and these days it's called high volume, high frequency trading... What's not so well known are the rules used by various companies when automating these trades. If you know the rules being used, one can project how entitles will trade. If you are good at guessing (because you know their rules) you have the advantage.

These days, all is so well known that the latency of the connection to the trading platform starts to become important and shaving off a few milliseconds amounts

Purpose

[stephanruby]

...stole corporate secrets for the purpose of gaming the stock market.

They seem to know a lot about these guys.

After all, corporate secrets can be sold for competitive advantages, for financially scamming those institutions or their clients, for embarrassing those institutions targeted, and/or for blackmailing purposes. The fact that they know it's for gaming the stock market implies that they have some evidence of that.

Re:

[Nyder]

...stole corporate secrets for the purpose of gaming the stock market.

They seem to know a lot about these guys.

After all, corporate secrets can be sold for competitive advantages, for financially scamming those institutions or their clients, for embarrassing those institutions targeted, and/or for blackmailing purposes. The fact that they know it's for gaming the stock market implies that they have some evidence of that.

My guess is they work for the NSA

Greed

[Etherwalk]

...stole corporate secrets for the purpose of gaming the stock market.

They seem to know a lot about these guys.

After all, corporate secrets can be sold for competitive advantages, for financially scamming those institutions or their clients, for embarrassing those institutions targeted, and/or for blackmailing purposes. The fact that they know it's for gaming the stock market implies that they have some evidence of that.

My guess is they work for the NSA

No.

The NSA already has most of that data from their wiretaps. If they wanted to game the market they wouldn't do it using such easily detectable moves.

The article indicates heavy speculation that this is done by insiders in the i-banking community. My guess is former i-bankers who got laid off at some point, but it could also be i-bankers who are using the information to fuel their trading behavior for their firm.

Re:

[khasim]

I'm more interested in how the crackers collected the passwords for the INTERNAL email systems at these companies.

Or had those companies outsourced their email?

Because the crackers would have to, repeatedly, craft emails that were convincing enough to persuade their victims to submit their INTERNAL email passwords to an EXTERNAL site. Without anyone becoming suspicious enough to look into it.

Dear Alice, please go to this website and enter your email password and do not ask me why the next time you see me in

Re:

[ShanghaiBill]

I'm more interested in how the crackers collected the passwords for the INTERNAL email systems at these companies.

The obvious way to do it would be to pay an insider.

Re:Purpose

[dave562]

Given the wide scale adoption of Exchange, the first thing that came to mind is Outlook Web Access. The internal and external passwords are the same. Or more accurately, it is the exact same account, accessed via a web server versus a client side application.

The password dialogue that appears in the email is a common Microsoft password dialogue. We see similar boxes when loading documents from a SharePoint site for example. Your average corporate user would be very unlikely to think twice about that kind of prompt, especially when clicking a link in an email that appears to come from a colleague.

Re:

[Minwee]

I'm more interested in how the crackers collected the passwords for the INTERNAL email systems at these companies.

You would be surprised at how many terribly important people use passwords like "p4ssword" or "abcdefg" because they just can't be bothered with anything else. You might even be more surprised at how long some people continue to have access to company systems even after they have been fired.

All it takes is a single mailbox and you can spread through the rest of the company and any company that it has contact with.

Because the crackers would have to, repeatedly, craft emails that were convincing enough to persuade their victims to submit their INTERNAL email passwords to an EXTERNAL site. Without anyone becoming suspicious enough to look into it.

You could always read a better article on the subject [arstechnica.com], or the original paper it was based on [fireeye.com].

Re:

[Calibax]

Send an email to someone with employee type click-bait (juicy info about your company or a major competitor, whatever) and get drive-by malware that installs some VBA code in Outlook.

When that employee emails others in the company, the VBA is included and installs itself, tells the user his Outlook session has expired and puts up a dialog asking for the account and password. Employee enters the data and it is sent to a command and control server. That user is now pwned.

Send messages (seemingly from a pwne

Re:

[Bite The Pillow]

It was easy. They read the fucking article. The threat probably sent selected data home, and from there these words were typed:

They sought data that included drafts of U.S. Securities and Exchange Commission filings, documents on merger activity, discussions of legal cases, board planning documents and medical research results, she said.

"They are pursuing sensitive information that would give them privileged insight into stock market dynamics," Weedon said.

The first and only guys to do it?

[swb]

Usually the computer crime you read about is little better than simple theft, this seems much smarter -- rather than steal credit cards or scam merchants for pennies, why not steal information that can be used to make a profit elsewhere in a way that would otherwise seem totally legitimate?

If you stop and think about it it seems totally obvious that this is a much smarter way to commit computer crime, but then the question is who else has been doing this? Have any of those stock market reports on the days winners and losers been the result of these kinds of inside information?

Long expected

[gweihir]

Security experts have had this option of monetizing an attack long since in their sights. The only surprise is that it apparently took so long.

Reuters has the scoop?

[lippydude]

What were the names of these companies and how exactly did hacking email accounts lead to a compromise of the Operating System?

Lawsuits

[Etherwalk]

What were the names of these companies and how exactly did hacking email accounts lead to a compromise of the Operating System?

Announcing their names would cost the companies billions of dollars and get the victims of the fraud fired and possibly make them unhireable.

And Reuters would get sued by all of them.

It would probably win, but it would still be expensive.

In addition there is almost certainly an ongoing investigation.

Misread Title. Disappointment.

[meustrus]

When I saw "Cyber Ring Stole Secrets...", for some reason I read it as there was some super cool ring that somebody used to spy on traders. Then I thought, "I want this Cyber Ring. Where can I get one?" Then I realized they weren't talking about something James Bond might wear, and the entire story just isn't very interesting anymore.

Isn't that the point?

[duke_cheetah2003]

Isn't the point of the Stock Market to game it for fun and profit? I applaud these guys for their wise investment research!

Re:

[Bite The Pillow]

No. An IPO raises capital so a company can expand the business, promising potential for dividends and or buyback when it is stable.

The secondary market is a combination of blind men, suckers, oracles, addicts, and lemmings furiously masturbating over the idea that they are the lone seer in a mob of idiots. Gambling over the internet effectively, since material facts may exist but may not yet be made public.

It is the second one you speak of.

TFA: WHO

[doug141]

Weedon suspects the hackers were trained at Western investment banks, giving them the know-how to identify their targets and draft convincing phishing emails.

Poor babies...

[Lab Rat Jason]

I have a hard time seeing investment bankers as "victims"