Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security Crime The Almighty Buck United States

Cyber Ring Stole Secrets For Gaming US Stock Market 37

chicksdaddy writes Reuters has the scoop this morning on a new report out from the folks at FireEye about a cyber espionage ring that targets financial services firms. The campaign, dubbed FIN4 by FireEye, stole corporate secrets for the purpose of gaming the stock market. FireEye believes that the extensive cyber operation compromised sensitive data about dozens of publicly held companies. According to the report, the victims include financial services firms and those in related sectors, including investment bankers, attorneys and investor relations firms. Rather than attempting to break into networks overtly, the attackers targeted employees within each organization. Phishing e-mail messages led victims to bogus web sites controlled by the hackers, who harvested login credentials to e-mail and social media accounts. Those accounts were then used to expand the hackers' reach within the target organization: sending phishing email messages to other employees.
This discussion has been archived. No new comments can be posted.

Cyber Ring Stole Secrets For Gaming US Stock Market

Comments Filter:
  • Purpose (Score:4, Interesting)

    by stephanruby ( 542433 ) on Monday December 01, 2014 @05:04PM (#48501557)

    ...stole corporate secrets for the purpose of gaming the stock market.

    They seem to know a lot about these guys.

    After all, corporate secrets can be sold for competitive advantages, for financially scamming those institutions or their clients, for embarrassing those institutions targeted, and/or for blackmailing purposes. The fact that they know it's for gaming the stock market implies that they have some evidence of that.

    • by Nyder ( 754090 )

      ...stole corporate secrets for the purpose of gaming the stock market.

      They seem to know a lot about these guys.

      After all, corporate secrets can be sold for competitive advantages, for financially scamming those institutions or their clients, for embarrassing those institutions targeted, and/or for blackmailing purposes. The fact that they know it's for gaming the stock market implies that they have some evidence of that.

      My guess is they work for the NSA

      • ...stole corporate secrets for the purpose of gaming the stock market.

        They seem to know a lot about these guys.

        After all, corporate secrets can be sold for competitive advantages, for financially scamming those institutions or their clients, for embarrassing those institutions targeted, and/or for blackmailing purposes. The fact that they know it's for gaming the stock market implies that they have some evidence of that.

        My guess is they work for the NSA

        No.

        The NSA already has most of that data from their wiretaps. If they wanted to game the market they wouldn't do it using such easily detectable moves.

        The article indicates heavy speculation that this is done by insiders in the i-banking community. My guess is former i-bankers who got laid off at some point, but it could also be i-bankers who are using the information to fuel their trading behavior for their firm.

    • by khasim ( 1285 )

      I'm more interested in how the crackers collected the passwords for the INTERNAL email systems at these companies.

      Or had those companies outsourced their email?

      Because the crackers would have to, repeatedly, craft emails that were convincing enough to persuade their victims to submit their INTERNAL email passwords to an EXTERNAL site. Without anyone becoming suspicious enough to look into it.

      Dear Alice, please go to this website and enter your email password and do not ask me why the next time you see me in

      • I'm more interested in how the crackers collected the passwords for the INTERNAL email systems at these companies.

        The obvious way to do it would be to pay an insider.

      • Re:Purpose (Score:4, Interesting)

        by dave562 ( 969951 ) on Monday December 01, 2014 @06:25PM (#48502221) Journal

        Given the wide scale adoption of Exchange, the first thing that came to mind is Outlook Web Access. The internal and external passwords are the same. Or more accurately, it is the exact same account, accessed via a web server versus a client side application.

        The password dialogue that appears in the email is a common Microsoft password dialogue. We see similar boxes when loading documents from a SharePoint site for example. Your average corporate user would be very unlikely to think twice about that kind of prompt, especially when clicking a link in an email that appears to come from a colleague.

      • by Minwee ( 522556 )

        I'm more interested in how the crackers collected the passwords for the INTERNAL email systems at these companies.

        You would be surprised at how many terribly important people use passwords like "p4ssword" or "abcdefg" because they just can't be bothered with anything else. You might even be more surprised at how long some people continue to have access to company systems even after they have been fired.

        All it takes is a single mailbox and you can spread through the rest of the company and any company that it has contact with.

        Because the crackers would have to, repeatedly, craft emails that were convincing enough to persuade their victims to submit their INTERNAL email passwords to an EXTERNAL site. Without anyone becoming suspicious enough to look into it.

        You could always read a better article on the subject [arstechnica.com], or the original paper it was based on [fireeye.com].

      • by Calibax ( 151875 ) *

        Send an email to someone with employee type click-bait (juicy info about your company or a major competitor, whatever) and get drive-by malware that installs some VBA code in Outlook.

        When that employee emails others in the company, the VBA is included and installs itself, tells the user his Outlook session has expired and puts up a dialog asking for the account and password. Employee enters the data and it is sent to a command and control server. That user is now pwned.

        Send messages (seemingly from a pwne

    • It was easy. They read the fucking article. The threat probably sent selected data home, and from there these words were typed:

      They sought data that included drafts of U.S. Securities and Exchange Commission filings, documents on merger activity, discussions of legal cases, board planning documents and medical research results, she said.

      "They are pursuing sensitive information that would give them privileged insight into stock market dynamics," Weedon said.

  • by swb ( 14022 ) on Monday December 01, 2014 @05:26PM (#48501711)

    Usually the computer crime you read about is little better than simple theft, this seems much smarter -- rather than steal credit cards or scam merchants for pennies, why not steal information that can be used to make a profit elsewhere in a way that would otherwise seem totally legitimate?

    If you stop and think about it it seems totally obvious that this is a much smarter way to commit computer crime, but then the question is who else has been doing this? Have any of those stock market reports on the days winners and losers been the result of these kinds of inside information?

  • Security experts have had this option of monetizing an attack long since in their sights. The only surprise is that it apparently took so long.

  • What were the names of these companies and how exactly did hacking email accounts lead to a compromise of the Operating System?
    • Lawsuits (Score:3, Insightful)

      by Etherwalk ( 681268 )

      What were the names of these companies and how exactly did hacking email accounts lead to a compromise of the Operating System?

      Announcing their names would cost the companies billions of dollars and get the victims of the fraud fired and possibly make them unhireable.

      And Reuters would get sued by all of them.

      It would probably win, but it would still be expensive.

      In addition there is almost certainly an ongoing investigation.

  • When I saw "Cyber Ring Stole Secrets...", for some reason I read it as there was some super cool ring that somebody used to spy on traders. Then I thought, "I want this Cyber Ring. Where can I get one?" Then I realized they weren't talking about something James Bond might wear, and the entire story just isn't very interesting anymore.
  • Isn't the point of the Stock Market to game it for fun and profit? I applaud these guys for their wise investment research!

    • No. An IPO raises capital so a company can expand the business, promising potential for dividends and or buyback when it is stable.

      The secondary market is a combination of blind men, suckers, oracles, addicts, and lemmings furiously masturbating over the idea that they are the lone seer in a mob of idiots. Gambling over the internet effectively, since material facts may exist but may not yet be made public.

      It is the second one you speak of.

  • Weedon suspects the hackers were trained at Western investment banks, giving them the know-how to identify their targets and draft convincing phishing emails.

  • I have a hard time seeing investment bankers as "victims"

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (10) Sorry, but that's too useful.

Working...