Cyber Ring Stole Secrets For Gaming US Stock Market

chicksdaddy writes Reuters has the scoop this morning on a new report out from the folks at FireEye about a cyber espionage ring that targets financial services firms. The campaign, dubbed FIN4 by FireEye, stole corporate secrets for the purpose of gaming the stock market. FireEye believes that the extensive cyber operation compromised sensitive data about dozens of publicly held companies. According to the report, the victims include financial services firms and those in related sectors, including investment bankers, attorneys and investor relations firms. Rather than attempting to break into networks overtly, the attackers targeted employees within each organization. Phishing e-mail messages led victims to bogus web sites controlled by the hackers, who harvested login credentials to e-mail and social media accounts. Those accounts were then used to expand the hackers' reach within the target organization: sending phishing email messages to other employees.

Purpose

[stephanruby]

...stole corporate secrets for the purpose of gaming the stock market.

They seem to know a lot about these guys.

After all, corporate secrets can be sold for competitive advantages, for financially scamming those institutions or their clients, for embarrassing those institutions targeted, and/or for blackmailing purposes. The fact that they know it's for gaming the stock market implies that they have some evidence of that.

Re:Purpose

[dave562]

Given the wide scale adoption of Exchange, the first thing that came to mind is Outlook Web Access. The internal and external passwords are the same. Or more accurately, it is the exact same account, accessed via a web server versus a client side application.

The password dialogue that appears in the email is a common Microsoft password dialogue. We see similar boxes when loading documents from a SharePoint site for example. Your average corporate user would be very unlikely to think twice about that kind of prompt, especially when clicking a link in an email that appears to come from a colleague.

Re:Purpose

[Minwee]

I'm more interested in how the crackers collected the passwords for the INTERNAL email systems at these companies.

You would be surprised at how many terribly important people use passwords like "p4ssword" or "abcdefg" because they just can't be bothered with anything else. You might even be more surprised at how long some people continue to have access to company systems even after they have been fired.

All it takes is a single mailbox and you can spread through the rest of the company and any company that it has contact with.

Because the crackers would have to, repeatedly, craft emails that were convincing enough to persuade their victims to submit their INTERNAL email passwords to an EXTERNAL site. Without anyone becoming suspicious enough to look into it.

You could always read a better article on the subject, or the original paper it was based on. Most big companies still use a horrible little mailbox program called "Outlook", which frequently loses its connection to the "Exchange" server and then pops up a dialog asking the user to enter their username and password again. I know, it seems crazy, but software like this is still in use today. The target receives an email promising terribly important information either in an attached spreadsheet or at the end of an obfuscated web redirection, opens a document associated with the swiss cheese like office suite which was installed on their computer when they bought it, and because they bypassed the annoying "I can't let you use this file because it came from the Internet" warning long ago, it immediately executes a bit of VB script to pop up a surprisingly familiar window asking for their password. They trust it, like they have been trained to do, and then it's all over.

Re:crooks done by crooks

People possessing the privileged information that was stolen are not allowed to use it for their own benefit when making stock trades. They are not directly hurt. Use of the unfair advantage that stolen privileged information provides facilitates a wealth transfer from everyone participating in the stock market to those committing the crime. The common folk are hurt in a very diffuse sort of way. Anyone with any sense ought to know that the common folk are always at a disadvantage when investing in the stock market. The bigger issue is that this sort of thing undermines trust in the system itself. If everyone refuses to put their 401K money into the stock market because they believe the game is hopelessly rigged against them then that can become a real problem. Personally I'd rather small investors could just keep their money in interest bearing savings accounts that provide a fair return and only large investors who take significant stakes in companies and are active in exercising their shareholder rights own stocks. Institutional investors abdicate their responsibilities and leave a publicly owned firm without effective oversight by its owners, leaving no one but government and the likes of the SEC to protect the interests of the public.

Greed

[Etherwalk]

...stole corporate secrets for the purpose of gaming the stock market.

They seem to know a lot about these guys.

After all, corporate secrets can be sold for competitive advantages, for financially scamming those institutions or their clients, for embarrassing those institutions targeted, and/or for blackmailing purposes. The fact that they know it's for gaming the stock market implies that they have some evidence of that.

My guess is they work for the NSA

No.

The NSA already has most of that data from their wiretaps. If they wanted to game the market they wouldn't do it using such easily detectable moves.

The article indicates heavy speculation that this is done by insiders in the i-banking community. My guess is former i-bankers who got laid off at some point, but it could also be i-bankers who are using the information to fuel their trading behavior for their firm.

The first and only guys to do it?

[swb]

Usually the computer crime you read about is little better than simple theft, this seems much smarter -- rather than steal credit cards or scam merchants for pennies, why not steal information that can be used to make a profit elsewhere in a way that would otherwise seem totally legitimate?

If you stop and think about it it seems totally obvious that this is a much smarter way to commit computer crime, but then the question is who else has been doing this? Have any of those stock market reports on the days winners and losers been the result of these kinds of inside information?

Lawsuits

[Etherwalk]

What were the names of these companies and how exactly did hacking email accounts lead to a compromise of the Operating System?

Announcing their names would cost the companies billions of dollars and get the victims of the fraud fired and possibly make them unhireable.

And Reuters would get sued by all of them.

It would probably win, but it would still be expensive.

In addition there is almost certainly an ongoing investigation.

Re:Isn't that the point?

[Bite+The+Pillow]

No. An IPO raises capital so a company can expand the business, promising potential for dividends and or buyback when it is stable.

The secondary market is a combination of blind men, suckers, oracles, addicts, and lemmings furiously masturbating over the idea that they are the lone seer in a mob of idiots. Gambling over the internet effectively, since material facts may exist but may not yet be made public.

It is the second one you speak of.