Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cyber Ring Stole Secrets For Gaming US Stock Market

Posted by samzenpus on from the protect-ya-neck dept.

chicksdaddy writes Reuters has the scoop this morning on a new report out from the folks at FireEye about a cyber espionage ring that targets financial services firms. The campaign, dubbed FIN4 by FireEye, stole corporate secrets for the purpose of gaming the stock market. FireEye believes that the extensive cyber operation compromised sensitive data about dozens of publicly held companies. According to the report, the victims include financial services firms and those in related sectors, including investment bankers, attorneys and investor relations firms. Rather than attempting to break into networks overtly, the attackers targeted employees within each organization. Phishing e-mail messages led victims to bogus web sites controlled by the hackers, who harvested login credentials to e-mail and social media accounts. Those accounts were then used to expand the hackers' reach within the target organization: sending phishing email messages to other employees.

25 of 37 comments (clear)

  1. Re:It's all about the spin. by Lunix+Nutcase · · Score: 1

    The people running this ring are honest about their intentions?

  2. Re:crooks done by crooks by erikkemperman · · Score: 1

    if there were no losses to common folk I would welcome this development.

    The ways in which common folk will suffer losses from this type of corporate sabotage, e.g. that institutional investors such as pension funds are "required" to be a part of the stock casino and dodgy derivative financial contraptions, is another discussion. Worth having, imho.

    More on topic, perhaps, FTS:

    According to the report FireEye the victims include financial services firms and those in related sectors, including investment bankers, attorneys and investor relations firms.

    I wonder whether the perpetrators are not at some remove employed by much the same demographic as the victims...

    --
    Gosh, thanks. That must be why the other ships call me Meatfucker -- GCU Grey Area (Eccentric)
  3. Re:That's not fair... by erikkemperman · · Score: 1

    Goldman Sachs is a member of Congress? I think you mean "Only the people bribing members of Congress".

    You're right I guess, but I can see how we'd get confused. "Businessman" is a much over-represented group in Congress (this is true in lots of other countries of course).

    --
    Gosh, thanks. That must be why the other ships call me Meatfucker -- GCU Grey Area (Eccentric)
  4. Re:It's all about the spin. by Anonymous Coward · · Score: 1

    No, the "emailing employees" parts is getting played up, so they're computer bogeymen ("hackers") instead of just the usual above board backstabbing trader types. It's the scarewords that make a good story, not the substance.

  5. Purpose by stephanruby · · Score: 3, Interesting

    ...stole corporate secrets for the purpose of gaming the stock market.

    They seem to know a lot about these guys.

    After all, corporate secrets can be sold for competitive advantages, for financially scamming those institutions or their clients, for embarrassing those institutions targeted, and/or for blackmailing purposes. The fact that they know it's for gaming the stock market implies that they have some evidence of that.

    1. Re:Purpose by Nyder · · Score: 1

      ...stole corporate secrets for the purpose of gaming the stock market.

      They seem to know a lot about these guys.

      After all, corporate secrets can be sold for competitive advantages, for financially scamming those institutions or their clients, for embarrassing those institutions targeted, and/or for blackmailing purposes. The fact that they know it's for gaming the stock market implies that they have some evidence of that.

      My guess is they work for the NSA

      --
      Be seeing you...
    2. Re:Purpose by khasim · · Score: 1

      I'm more interested in how the crackers collected the passwords for the INTERNAL email systems at these companies.

      Or had those companies outsourced their email?

      Because the crackers would have to, repeatedly, craft emails that were convincing enough to persuade their victims to submit their INTERNAL email passwords to an EXTERNAL site. Without anyone becoming suspicious enough to look into it.

      Dear Alice, please go to this website and enter your email password and do not ask me why the next time you see me in person because it is a secret.
      Sincerely, Bob

    3. Re:Purpose by ShanghaiBill · · Score: 1

      I'm more interested in how the crackers collected the passwords for the INTERNAL email systems at these companies.

      The obvious way to do it would be to pay an insider.

    4. Re:Purpose by dave562 · · Score: 3, Interesting

      Given the wide scale adoption of Exchange, the first thing that came to mind is Outlook Web Access. The internal and external passwords are the same. Or more accurately, it is the exact same account, accessed via a web server versus a client side application.

      The password dialogue that appears in the email is a common Microsoft password dialogue. We see similar boxes when loading documents from a SharePoint site for example. Your average corporate user would be very unlikely to think twice about that kind of prompt, especially when clicking a link in an email that appears to come from a colleague.

    5. Re:Purpose by Minwee · · Score: 2

      I'm more interested in how the crackers collected the passwords for the INTERNAL email systems at these companies.

      You would be surprised at how many terribly important people use passwords like "p4ssword" or "abcdefg" because they just can't be bothered with anything else. You might even be more surprised at how long some people continue to have access to company systems even after they have been fired.

      All it takes is a single mailbox and you can spread through the rest of the company and any company that it has contact with.

      Because the crackers would have to, repeatedly, craft emails that were convincing enough to persuade their victims to submit their INTERNAL email passwords to an EXTERNAL site. Without anyone becoming suspicious enough to look into it.

      You could always read a better article on the subject, or the original paper it was based on. Most big companies still use a horrible little mailbox program called "Outlook", which frequently loses its connection to the "Exchange" server and then pops up a dialog asking the user to enter their username and password again. I know, it seems crazy, but software like this is still in use today. The target receives an email promising terribly important information either in an attached spreadsheet or at the end of an obfuscated web redirection, opens a document associated with the swiss cheese like office suite which was installed on their computer when they bought it, and because they bypassed the annoying "I can't let you use this file because it came from the Internet" warning long ago, it immediately executes a bit of VB script to pop up a surprisingly familiar window asking for their password. They trust it, like they have been trained to do, and then it's all over.

    6. Re:Purpose by Calibax · · Score: 1

      Send an email to someone with employee type click-bait (juicy info about your company or a major competitor, whatever) and get drive-by malware that installs some VBA code in Outlook.

      When that employee emails others in the company, the VBA is included and installs itself, tells the user his Outlook session has expired and puts up a dialog asking for the account and password. Employee enters the data and it is sent to a command and control server. That user is now pwned.

      Send messages (seemingly from a pwned employee) to the CEO, CFO, Finance and Legal departments with VBA attachments that are installed. The VBA sends all their email to the bad guys. Not saying it's the way it was done, but that's one way to do it.

    7. Re:Purpose by Bite+The+Pillow · · Score: 1

      It was easy. They read the fucking article. The threat probably sent selected data home, and from there these words were typed:

      They sought data that included drafts of U.S. Securities and Exchange Commission filings, documents on merger activity, discussions of legal cases, board planning documents and medical research results, she said.

      "They are pursuing sensitive information that would give them privileged insight into stock market dynamics," Weedon said.

  6. Re:crooks done by crooks by Anonymous Coward · · Score: 2, Insightful

    People possessing the privileged information that was stolen are not allowed to use it for their own benefit when making stock trades. They are not directly hurt. Use of the unfair advantage that stolen privileged information provides facilitates a wealth transfer from everyone participating in the stock market to those committing the crime. The common folk are hurt in a very diffuse sort of way. Anyone with any sense ought to know that the common folk are always at a disadvantage when investing in the stock market. The bigger issue is that this sort of thing undermines trust in the system itself. If everyone refuses to put their 401K money into the stock market because they believe the game is hopelessly rigged against them then that can become a real problem. Personally I'd rather small investors could just keep their money in interest bearing savings accounts that provide a fair return and only large investors who take significant stakes in companies and are active in exercising their shareholder rights own stocks. Institutional investors abdicate their responsibilities and leave a publicly owned firm without effective oversight by its owners, leaving no one but government and the likes of the SEC to protect the interests of the public.

  7. Re:That's not fair... by Required+Snark · · Score: 1
    In the most recent election, there were 10 or so elected judge positions. Each had 3 or 4 candidates. Of the total candidates, over 50% listed their occupation as "Gang prosecutor", or a similar phrase. Because the only thing judges ever do is hear cases about gangs, or so one might think. No traffic court, no civil litigation, no other criminal cases. Only gangs.

    Way to go 'Merica!!

    --
    Why is Snark Required?
  8. Greed by Etherwalk · · Score: 2

    ...stole corporate secrets for the purpose of gaming the stock market.

    They seem to know a lot about these guys.

    After all, corporate secrets can be sold for competitive advantages, for financially scamming those institutions or their clients, for embarrassing those institutions targeted, and/or for blackmailing purposes. The fact that they know it's for gaming the stock market implies that they have some evidence of that.

    My guess is they work for the NSA

    No.

    The NSA already has most of that data from their wiretaps. If they wanted to game the market they wouldn't do it using such easily detectable moves.

    The article indicates heavy speculation that this is done by insiders in the i-banking community. My guess is former i-bankers who got laid off at some point, but it could also be i-bankers who are using the information to fuel their trading behavior for their firm.

  9. Re:Secrets for Gaming US Stock Market by bobbied · · Score: 1

    I didn't think the methods for gaming the US stock market were secret.

    Generally they are well known and these days it's called high volume, high frequency trading... What's not so well known are the rules used by various companies when automating these trades. If you know the rules being used, one can project how entitles will trade. If you are good at guessing (because you know their rules) you have the advantage.

    These days, all is so well known that the latency of the connection to the trading platform starts to become important and shaving off a few milliseconds amounts to a lot of money for traders. They've even gone so far as to physically shorten network links and use old analog transmission equipment to shave off fractions of seconds... It's a crazy world.

    Not that an individual trader in Timbuktu cannot actually make money day trading... That is still possible. It's just that method is paying off less and other methods are more reliable income producers.

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  10. The first and only guys to do it? by swb · · Score: 3, Interesting

    Usually the computer crime you read about is little better than simple theft, this seems much smarter -- rather than steal credit cards or scam merchants for pennies, why not steal information that can be used to make a profit elsewhere in a way that would otherwise seem totally legitimate?

    If you stop and think about it it seems totally obvious that this is a much smarter way to commit computer crime, but then the question is who else has been doing this? Have any of those stock market reports on the days winners and losers been the result of these kinds of inside information?

  11. Long expected by gweihir · · Score: 1

    Security experts have had this option of monetizing an attack long since in their sights. The only surprise is that it apparently took so long.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  12. Reuters has the scoop? by lippydude · · Score: 1

    What were the names of these companies and how exactly did hacking email accounts lead to a compromise of the Operating System?

  13. Misread Title. Disappointment. by meustrus · · Score: 1

    When I saw "Cyber Ring Stole Secrets...", for some reason I read it as there was some super cool ring that somebody used to spy on traders. Then I thought, "I want this Cyber Ring. Where can I get one?" Then I realized they weren't talking about something James Bond might wear, and the entire story just isn't very interesting anymore.

    --
    I sometimes ask revealing, often ignorant-seeming questions. Maybe they're harder to answer than you think.
  14. Lawsuits by Etherwalk · · Score: 3, Insightful

    What were the names of these companies and how exactly did hacking email accounts lead to a compromise of the Operating System?

    Announcing their names would cost the companies billions of dollars and get the victims of the fraud fired and possibly make them unhireable.

    And Reuters would get sued by all of them.

    It would probably win, but it would still be expensive.

    In addition there is almost certainly an ongoing investigation.

  15. Isn't that the point? by duke_cheetah2003 · · Score: 1

    Isn't the point of the Stock Market to game it for fun and profit? I applaud these guys for their wise investment research!

    1. Re:Isn't that the point? by Bite+The+Pillow · · Score: 2

      No. An IPO raises capital so a company can expand the business, promising potential for dividends and or buyback when it is stable.

      The secondary market is a combination of blind men, suckers, oracles, addicts, and lemmings furiously masturbating over the idea that they are the lone seer in a mob of idiots. Gambling over the internet effectively, since material facts may exist but may not yet be made public.

      It is the second one you speak of.

  16. TFA: WHO by doug141 · · Score: 1

    Weedon suspects the hackers were trained at Western investment banks, giving them the know-how to identify their targets and draft convincing phishing emails.

  17. Poor babies... by Lab+Rat+Jason · · Score: 1

    I have a hard time seeing investment bankers as "victims"

    --
    Which has more power: the hammer, or the anvil?