NEWS
NEWS
NEWS
SEC investigating notorious corporate insider trading hackers FIN4
The Securities and Exchange Commission (SEC) are investigating notorious hacking group FIN4 over allegations that they have been using hacked information to profit from share trading.
To make matters even more interesting, Reuters quotes “people familiar with the matter“ as saying that the SEC has approached at least eight listed companies to provide details of their data breaches.
As correctly noted by the report, the move to approach major financial companies for details of breaches is an unusual move.
FIN4 first came to attention back in December when FireEye, Inc.released an intelligence report that detailed how the financially motivated “threat group” had been carrying out attacks against publicly traded companies in an attempt to game the markets.
The December report provides details on how FIN4 has a serious knowledge of certain industries and their practices, and that the group has been collecting information from nearly 100 publicly traded companies and their advisory firms, in an attempt to obtain insider information that would help them in trading.
Former head of Internet enforcement at the SEC John Reed Stark told Reuters that the request for information from companies in relation to possible breaches with an insider trading probe was a first, and further added “The SEC is interested because failures in cybersecurity have prompted a dangerous, new method of unlawful insider trading.”
Hacking
The methodology used by FIN4 does enter the fiction-worthy intrigue league, with the group not utilizing malware but instead relying heavily on highly-targeted social engineering tactics and deep subject-matter expertise to deliver weaponized versions of legitimate corporate files; if that doesn’t make a lot of sense, they’re actually monitoring subjects, gaining entrance to premises of targeted companies (both legally and illegally) to plant files and software, and further finding other ways to steal login credentials needed to access the data they’re after.
Suffice to say, these are not your typical basement-dwelling script kiddies doing it for the Lulz.
FIN4 not only knows how to get into companies to obtain the data, the data they obtain is often highly specific, including product development, M&A strategies, legal issues, and purchasing processes, all of which can be used to manipulate trades, and naturally for the group to make money.
It’s not clear from the report how long the SEC investigation has been in progress, or whether it is close to tracking down the members of FIN4.
Image credit: viirok/Flickr/CC by 2.0
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
