SEC Investigates Hackers For Insider Trading

The US securities regulator is investigating a group of hackers who are alleged to penetrated the corporate email accounts of at least eight unnamed companies listed on the stock market.

The US Securities and Exchange Commission (SEC) has asked these as-yet-unnamed firms to provide information on these breaches.

Hack And Trade

The SEC’s involvement in the investigation comes as the hackers reportedly used stolen information to conduct insider trading deals, according to Reuters.

It is an “absolute first” for the SEC to approach companies about possible breaches in connection with an insider trading probe, John Reed Stark, a former head of Internet enforcement at the SEC is reported by Reuters as saying.

“The SEC is interested because failures in cybersecurity have prompted a dangerous, new method of unlawful insider trading,” Stark said. He is now a private cybersecurity consultant.

The US Secret Service is also conducting a parallel investigation, but it reportedly denied to comment on the Reuters report.

The probe was reportedly triggered by a warning in December from security company FireEye, which revealed details about a sophisticated hacking group it called “FIN4.”This group of hackers has been operating since mid-2013 and have targeted the corporate email accounts of over 100 companies.

Rather than conducting corporate espionage or stealing state secrets, this group of hackers was reportedly hunting for information about mergers and acquisitions, as well as other events that can affect the stock market.

So who were the targets? Well, no names have been released, but it seems that more than 60 listed companies in biotechnology and other healthcare-related fields were targeted by FIN4. These types of firms were targeted because apparently their stocks tend to be volatile, and thus potentially more profitable.

The hackers made use of “spear phishing” techniques to get staff members to provide their usernames and email passwords. The hackers apparently used fake Microsoft Outlook login pages to dupe unsuspecting employees. And it seems that the hackers were well versed in the financial markets and spoke “flawless English”.

Cyber Sanctions

It is rare for the SEC to investigate cyber crimes, as it tends to stick to its remit of only probing questionable trading activity in stocks and options.

The regulator can only file civil, not criminal charges, but it shows how serious US government agencies are now taking cyber attacks.

Earlier this year, in response to the ongoing attacks, President Obama created a US sanctions program to financially punish hackers outside the United States who are involved with malicious cyber attacks.

Are you a security pro? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

2 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

2 hours ago

Dutch PM Raises Cyber Espionage Case With China’s Xi

Beijing visit sees Dutch Prime Minister Mark Rutte discuss cyber espionage incident with Chinese President…

3 hours ago

Vodafone Germany Confirms 2,000 Job Losses, Amid European Restructuring

More downsizing at Vodafone after German operation announces 2,000 jobs will be axed, as automation…

20 hours ago

AI Poses ‘Jobs Apocalypse’, Warns Report

IPPR report warns AI could remove almost 8 million jobs in the United Kingdom, with…

21 hours ago

Europe’s Longest Hyperloop Test Track Opens

European Hyperloop Center in the Netherlands seeks to advance futuristic transport technology, despite US setbacks

21 hours ago