Market Hacking: Phishing for Company Data
December 8th, 2014
I think we all know by now that hackers and cybercriminals cause disruption for a range of reasons – to secure money, to cause chaos, or – in the case of the latest breed of break-in artists – to obtain various company and market data with the objective of manipulating the stock market. Besides the problems this causes hundreds if not thousands of companies, investors, law firms, merger & acquisition consultants, and boards of directors, this latest intrusion is particularly worrisome in terms of its impact on the broader economic health and viability of our capital markets.
At the center of some of the latest findings is FireEye, an increasingly well-known Silicon Valley security company that recently released a report detailing a relatively new approach to gaining an edge in the financial markets, securing critical corporate information, and leveraging the data to influencing stock pricing.
Data theft attacks of the type designed to manipulate stock prices have been around for many years and are typically categorized as “pump and dump” attacks. Approximately six or seven years ago, we saw evidence of driving up pink sheet stocks – but the concept has been around for many years, with one of the most recent form of stock market manipulation we have seen were being the possible attacks on the exchanges themselves.
A brilliant combination of tech savvy and social engineering, the type of price manipulation executed by the gang in the FireEye report is merely a more focused type of “whaling” or spear-phishing. For instance, outside of financial services we’ve frequently seen (e.g. in the Aurora attacks) hacking scenarios focused on administrators and others with powerful credentials that enable access to sensitive company infrastructure. A range of business development executives, C-suite titles, and M&A departments have borne the brunt of these attacker’s efforts to secure insider information and manipulate it. Even executive assistants are a logical focus of these attackers because they tend to have full access to busy executives’ calendars and inboxes. Moreover, because executive assistants are used to being sent all sorts of outlandish and reasonable-sounding invitations to pass on to their superiors, they have a particularly low threshold when it comes to filtering things out for their busy bosses, especially in terms of clicking on unknown URLs and opening potentially infected attachments.
The tactics used in these types of attacks are nothing new. They continue to revolve around infected links that cause water-holing and “drive-by-download” attacks, infected attachments that infect unpatched systems (e.g. Adobe Acrobat), coupled with individuals posing as genuine partners and customers executed by “plain vanilla” social engineering.
The corporate hacking scenario is perhaps the most worrisome if you’re sitting on sensitive and confidential information that can move market prices. In addition, price manipulation of this type is difficult to detect and trace, despite it having a huge impact on our confidence in market integrity.
Another fascinating tidbit is that these cybercriminals don’t appear to come from the usual places in the world that we think of when it comes to data espionage, such as China or Eastern Europe. Instead, these hackers are more than likely to be current or former traders or M&A-related individuals and seem to be from the United States or Europe. This further supports the evidence that not all cybercriminals come from outside the US; Americans have been implicated in hacking before and this is further evidence of this fact. While it is becoming increasingly commonplace for security vendors and our public officials to blame China or Eastern Europe for attacks, it is important to recognize that is not always the case.
One reporter recently posed to us, “Why would this discovery be important if the specifically fraudulent trades cannot be identified?” The fact is that trade and price manipulation cause significant deterioration in market confidence and integrity; and as corporate theft on a global basis worsens, this also represents a threat to our nation’s critical infrastructure.