An insider-trading hacker gang called FIN4 is being hunted by the SEC

David bisson
David Bisson

SECThe United States Securities and Exchange Commission (SEC) is hunting for a group of hackers that allegedly breached corporate email accounts in an attempt to steal sensitive information, such as details on company mergers, which they then used as a basis to trade on.

According to Reuters, the SEC has requested that at least eight different companies provide information about their data breaches. This is an “absolute first,” says John Reed Stark, a former head of internet enforcement at the SEC, with respect to SEC probes into insider trading.

“The SEC is interested because failures in cybersecurity have prompted a dangerous, new method of unlawful insider trading,” said Stark.

The investigation, which runs parallel to an ongoing probe led by the Secret Service, was launched in response to a report issued by FireEye back in December on the hacking group.

Sign up to our free newsletter.
Security news, advice, and tips.

FireEye paperFireEye explains in its paper how the group is reported to have used fake Microsoft Outlook login pages to trick employees from as many as 100 publically traded companies and their advisory firms into giving away their passwords.

In at least one instance, the hackers are also believed to have used confidential information from a previously obtained document to engage their victims in conversation and lure them into revealing their credentials.

“What was insidiously brilliant was that they could inject themselves into email threads and keep gleaning information,” said Laura Galante, FireEye’s manager of threat intelligence. “They really knew their audience.”

The security firm goes on to note that the FIN4 hackers likely come from the United States or Europe due to their strong command of the English language and a deep understanding of how the investment markets work.

In the past, the Securities and Exchange Commission would usually begin a probe into insider trading by looking for unusual activity on a corporation’s computer network.

The fact that it is investigating companies’ breach history seems to reflect a growing concern for information security, not to mention a greater appreciation for how past incidents can lay the groundwork for future exploits.

David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.

One comment on “An insider-trading hacker gang called FIN4 is being hunted by the SEC”

  1. Coyote

    "The SEC is interested because failures in cybersecurity have prompted a dangerous, new method of unlawful insider trading," said Stark."

    Perhaps the SEC should be looking at the government of United States of America. Last I knew they (the congressional members) are (were?) allowed insider trading (and many other things, probably more things than I'd like to believe). Perhaps the same government should be looking at themselves for other things like penetrating networks of other countries. Perhaps they should be looking at themselves very closely in general. They are equally as guilty of these types of things and while it is bad that others do it, it is worse when governments (the ones creating the laws) do it; at least the former you might expect it.

    In any case, this wasn't a cyber security failure so much as a human failure (which indirectly does make it a security failure, admittedly), if it was phishing. If nothing else it shows that robots haven't (yet?) started taking over humans. At least at those companies.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.