Credit: © User:Colin/Wikimedia/CC-BY-SA-4.0

Hackers used stolen press releases to make $100m

US authorities have charged hackers with stealing market updates and profiting to the tune of $100m.

by Jack Torrance
Last Updated: 19 Aug 2015

Once focused on stealing credit card information and defrauding banks, hackers nowadays are looking at more intricate ways to make a buck. The world got a glimpse of that last night when the FBI and Securities Exchange Commission (SEC) said they had arrested a group of cyber criminals accused of stealing secret information about listed companies and using it to game the stock markets.

The hackers allegedly broke into the systems of three corporate news wires (PR Newswire, Marketwired and Business Wire) and stole unpublished press releases about businesses' performance. Journalists used to being deluged by these services might be amazed to discover they were worth anything at all, but the hackers passed these on to traders who were able to use the edge they had on the market to make a total profit of more than $100m (£64m). Nine of the accused were criminally charged by the FBI and accused of making $30m, while a further 23 were the subject of civil lawsuits by the SEC. 

'This cyber hacking scheme is one of the most intricate and sophisticated trading rings that we have ever seen, spanning the globe and involving dozens of individuals and entities,' said Andrew Ceresney, director of the SEC’s enforcement division.

The audacity of the scheme is pretty remarkable. The conspirators were allegedly able to begin making trades just 10 minutes after the information was received by the newswires and hackers even created a video tutorial to help traders view the information.

The episode also highlights the increasing threat posed to businesses by cyber crime. In this case it was the hacked news wires rather than the corporations themselves that were left red-faced, but it's clear to see that hackers aren't just interested in stealing money.

Last month, for instance, computer security firm Symantec identified a group it calls Butterfly, that it says has carried out dozens of financially-motivated attacks against major corporations including Apple, Microsoft and Facebook, and even pharmaceutical firms, in a bid to steal corporate secrets and intellectual property.

'This group operates at a much higher level than the average cybercrime gang,' Symantec said. 'It is not interested in stealing credit card details or customer databases and is instead focused on high-level corporate information. Butterfly may be selling this information to the highest bidder or may be operating as hackers for hire.'

The likes of Symantec are always saying business leaders need to take cybersecurity more seriously. While they obviously have a vested interest in that happening, this latest news shows that they've definitely got a point.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events