Insider Trading Hacking Ring Exposes Security Shortcomings

Vanquish-Merchant-Bank-Cybersecurity-Platform-Oliver-Wright-1024x768

Vanquish Merchant Bank Energy Platform - Oliver Wright, Founder and CEO

Vanquish-Merchant-Bank-Longevity-Platform-Header-Oliver-Wright-1024x768

Recently, an international hacking ring was discovered to have stolen more than $100 million. The sophisticated plan demonstrated ingenuity on the part of the attackers.

They exploited a core vulnerability of the financial system in one of the digital age’s insider trading schemes, according to one news report.[i]

This is the first U.S. prosecuted criminal case in which the hackers teamed up with stockbrokers to commit to access inside information in their securities fraud plot.[ii]

Starting in 2010, two Ukrainian hackers managed the project, cracking into such news wires service sites as Business Wire, MarketWired, and PR Newswire, according to federal authorities.[iii]

The two then developed a “secret web-based location” to send the purloined information to traders in numerous countries, including France, Russia, and the United States. Those traders would then swiftly arrange trades to capitalize on the brief window of opportunity before the information was published.[iv]

This new type of cybercrime demonstrates an evolution in the standard targeting and theft of personal and financial information.

While large-scale exploitation of large companies and organizations has been consistent behavior for cyber criminals, this activity showcases how any type of information can be aggregated and used to show value, and at least in this incident, substantial profit.

As high-profile breaches capture world attention, there is mounting dissatisfaction with how organizations are safeguarding information. This incident reveals how some of the more sophisticated operations take advantage of the very areas cyber security professionals routinely warn enterprises about.

Some important security mechanisms to consider with regards to this incident include but are not limited to the following:

  • Verifying the Identity of Individuals Who Want Information/Access. The U.S. Securities and Exchange Commission (SEC) alleged that the two main conspirators masked their actions by posing as newswire service employees or customers to gain access to the networks.[v] Spear phishing was also used to gain admittance when access was lost.
  • Protecting Key Information. Securing important information essential to an organization’s success is paramount. In this incident, the attackers did not have to vacuum up large amounts of data. Instead, they identified key targets and knew the types of information required to ensure an efficient operation.[vi]
  • Monitoring Internal Activity. Monitoring internal activities will allow extensive visibility into how information is used and misused throughout an organization’s networks. The SEC ultimately found the suspects by using technology that identified both suspicious trading and relationships among traders.[vii]
  • Losing Customer Confidence. If customers do not have confidence in a company’s brand or its ability to execute business in an appropriate manner, long-term impact on the health of the organization may be severely impacted. In this incident, attackers stole approximately 150,000 confidential press releases from the servers of the newswire companies.[viii] It is too early to tell how this incident may impact newswire services, but recently, major U.S. companies have started to publish important information on their own websites or social media platforms, reducing their dependence on the wires.[ix]

Despite cyber crime’s continued evolution, the implementation of basic and robust security practices remains an essential complement to a more comprehensive strategy to mitigate risk.

Failure to do so risks breaking discretionary trusts between provider and consumer and jeopardizes an organization’s brand of being a reliable partner to its customer base.

For organizations that depend on such relationships as part of their business models, the consequences can be severe, and in terms of maintaining the security of an organization’s brand, potentially irrevocable.

 

References:

[i] Drew Harwell, “Hackers Who Breached Corporate Wires Made Millions Off Insider Trading,” The Washington Post, August 11, 2015, https://www.washingtonpost.com/news/the-switch/wp/2015/08/11/hackers-who-breached-corporate-wires-made-millions-off-insider-trading/

[ii] “Feds Charge Hackers in Massive Insider Trading Scheme,” The Hill, http://thehill.com/policy/cybersecurity/250812-feds-to-charge-hackers-in-massive-insider-trading-scheme

[iii] “Insider Trading Scheme Netted $100 Million By Hacking Press Releases – Fed,” RT, August 11, 2015, https://www.rt.com/usa/312205-hacking-insider-trading-sec/

[iv] “Feds Charge Hackers in Massive Insider Trading Scheme,” The Hill, http://thehill.com/policy/cybersecurity/250812-feds-to-charge-hackers-in-massive-insider-trading-scheme

[v] “Feds Charge Hackers in Massive Insider Trading Scheme,” The Hill, http://thehill.com/policy/cybersecurity/250812-feds-to-charge-hackers-in-massive-insider-trading-scheme

[vi] Drew Harwell, “Hackers Who Breached Corporate Wires Made Millions Off Insider Trading,” The Washington Post, August 11, 2015, https://www.washingtonpost.com/news/the-switch/wp/2015/08/11/hackers-who-breached-corporate-wires-made-millions-off-insider-trading/

[vii] Noeleen Walder, Jonathan Stempel, and Joseph Ax, “Hackers Stole Secrets for Up to $100 Million Insider Trading Profit,” Reuters, http://www.reuters.com/article/2015/08/11/us-cybercybersecurity-hacking-stocks-arr-idUSKCN0QG1EY20150811

[viii] Matt Levine, “Why Not Insider Trade on Every Company?” Bloomberg, August 11, 2015, http://www.bloombergview.com/articles/2015-08-11/why-not-insider-trade-on-every-company-

[ix] Noeleen Walder, Jonathan Stempel, and Joseph Ax, “Hackers Stole Secrets for Up to $100 Million Insider Trading Profit,” Reuters, http://www.reuters.com/article/2015/08/11/us-cybercybersecurity-hacking-stocks-arr-idUSKCN0QG1EY20150811

The post Insider Trading Hacking Ring Exposes Security Shortcomings appeared first on Darkmatters.

Source: Dark Matters

Leave a Reply

Your email address will not be published. Required fields are marked *