Cybersecurity researchers revealed earlier this week that they have uncovered a computer espionage ring that has been stealing corporate secrets from dozens of pharmaceutical and healthcare firms. They argue that the hackers seem to have been stealing data that would give them an illicit leg up making stock transactions.
Background of the Story
The publically traded computer security firm, FireEye Inc, disclosed that over the past eighteen months this group of hackers, dubbed FIN4, has been attacking the e-mail accounts at more than 100 U.S. healthcare and pharmaceutical companies that trade on the NYSE or NASDAQ.
Executives at FireEye explain that FIN4 has only targeted people at these firms who have access to material non-public information which the hackers could profitably trade on before the data was made public. In addition, FIN4 seem to have attacked key advisers outside the companies including investment bankers, attorneys and investor relations firms.
The kind of information collected by the hackers include drafts of SEC filings, merger and acquisition documents, discussions of pending legal cases, key board documents, and the results of medical research.
FireEye management believes that members of the FIN4 ring were trained at Wall Street investment banks, enabling them to knowledgeably identify their targets and draft convincing phishing e-mails. In addition, the security firm says that the hackers are likely from the US or Europe based on the language and sentence structure used in their phishing e-mails.
While FireEye says it does not know whether FIN4 traded on the information it stole, it has turned over what it’s learned about the hacking ring to the FBI. Shares of FireEye were up more than 4% after the company disclosed that it had been tracking this hacking ring.
What’s interesting about this story is that it marks the first significant case where potential insider trading activity could have resulted from a prolonged effort by hackers to steal sensitive corporate information.
Ultimately, this means that the DOJ and SEC will need to shift its focus from investigating insider trading activity at hedge funds to a new type of insider trading scheme – one engineered by computer savvy hackers. While we suspect this won’t make it any easier on hedge funds, we do think it could make it more difficult for federal authorities who will need to investigate new types of criminal cases with limited resources.