Recently we emphasized the point that data breaches are increasingly becoming “big business,” driving an increase in breach incidents — especially those based on hacking. As black markets for breached information develop and mature, and the actors involved get more sophisticated and organized (many probably have had, or concurrently have state backing), there is simply more of an economic motivation for malfeasant actors to breach industry information systems and make off with inside information.
Now, in an incident which unfortunately underscores our concerns perfectly, U.S. authorities have announced the indictments of scores of individuals (at least 32) connected to an international data breach/insider trading ring:
U.S. authorities charged 32 defendants on Tuesday with stealing non-public information about corporate earnings to make more than $100 million in a case of hacking for trading advantage that officials called unprecedented in scope.
Over five years, two computer hackers living in Ukraine broke into U.S. newswire services including Business Wire and PRNewswire and stole more than 100,000 press releases for publicly traded companies before their release. Those documents, which included earnings data, were distributed to a network of traders who used the advance knowledge to buy or sell securities based on how they anticipated the market would react to the announcements, according to the Securities and Exchange Commission complaint…
The case shows how the financial industry is virtually playing whack-a-mole as hackers search for cracks to manipulate the markets. In December, Milpitas, Calif.-based FireEye said that in a yearlong investigation, it found a hacking group that targeted the email accounts of individuals who handled confidential information at more than 100 publicly traded companies. Those attackers sought communications on non-public merger and acquisition deals, as well as other market-moving announcements — insider information that could offer money-making trading advantages, the cyber security firm said.
The hackers even made promotional videos to “pitch” the pilfered stock-related information and illustrate how it could be used. The Reuters article suggests that “financial crime and cybercrime are now virtually one” — and indeed, since financial information and even most financial activity exist in digitized these days, it is a wonder this vulnerability was not realized earlier. Thus, we may be seeing the the floodgates of financial-related data breaches really opening up. Apropos of this, we leave you with the words of SEC chairwoman Mary Jo White from the article:
“Today’s case also serves as a stark reminder to companies that your computer systems are vulnerable targets,” SEC Chairwoman Mary Jo White said at a news conference. “Be vigilant in protecting your systems, taking measures to detect and guard against hacking, and working together with law enforcement to uncover the theft and misuse of stolen information.”