A collection of hackers, known only as “FIN4,” are being investigated by the U.S. Secret Service under suspicion of hacking into corporate email accounts for confidential merger information, to be used for insider trading.
The Securities and Exchange Commission (SEC), in an unprecedented move, has asked directly requested details from eight companies regarding these break-ins. This is part of an increasing concern for information safety and defense against cyber theft and attack.
John Reed Stark, once the lead of internet enforcement at the SEC, now a private consultant for cybersecurity, said the SEC has never before come to companies directly about breaches to investigate insider trading. He said that, “The SEC is interested because failures in cyber security have prompted a dangerous, new method of unlawful insider trading.”
Stark claimed to have seen SEC’s document requests for documents, but he did not now how far the investigation reached. He would not offer the company names due to confidentiality.
According to sources involved, the SEC and U.S. Secret Service’s investigations were motivated by a report in December, written by security company FireEye Inc, about a highly intelligent group of hackers called FIN4.
The security group, based in California, said the FIN4 hackers used perfect English and understood financial and investment work thoroughly, and, therefore, might be from either the U.S. or Europe. FireEye Inc. reported that these hackers have tried to break into corporate accounts at over 100 companies, at least 60 of which include biotechnology companies and other medical-related groups, whose profit is more valuable.
The SEC made no comment on the progress of their investigation into this hacking incident by FIN4, the related insider trading, or other similar incidents. Whether the Secret Service is pursuing other hackers besides FIN4 is unknown, and they also declined to comment on the ongoing investigation.