Black hat hackers and white collar workers with a dubious moral code are teaming up in schemes designed to acquire valuable corporate data to sell in underground marketplaces.
It was earlier this month when the US Securities and Exchange Commission (SEC) charged a Ukrainian national with hacking the agency in order to steal private corporate data from its EDGAR system and pass this valuable information on to other parties who profited by way of insider trading.
The cyberattacker was also found guilty of hacking three press release newswire services, and at least $1.4 million in profit is believed to have been made through the illegal insider deals.
According to Ken Westin, a Splunk cybersecurity specialist, the increasingly “cozy” relationship between these groups, such as in this case, is focused on the monetization of business data.
Insider information can be lucrative as it can give those with confidential data the upper hand in the trading of stocks & shares based on company acquisition and merger plans not yet made public, or give them the edge when investing into products due to receive official approval, alongside many other business deals.
Insider trading is illegal as it gives participants an unfair advantage in the market. However, this information is always valuable — and may have become even more so as a new business opportunity for cybercriminals in a market which is now saturated with stolen credit card data worth far less than in past years.
Westin outlined an investigation into the evolution of these schemes in a blog post. As the researcher noted, years ago, credit card data which could be stolen and sold on was a key product in underground forums.
The market is still awash with this kind of data, but financial institutions are now beginning to implement more protections and anti-fraud systems, which can make it far less valuable considering cards can quickly be blocked and credit score reports can be used to detect suspicious activity quickly.
It is also worth noting that such information can now be purchased in bulk for as little as a few dollars.
These criminal revenue schemes have now evolved into blackmail in the form of ransomware, as such data can be monetized more effectively by tapping into the information’s worth not to external actors, but to the victim themselves.
See also: Facebook slammed over covert app that pays teenagers for data
Over the past year, however, insider trading schemes have risen in popularity, as business-specific information can reach high prices if sold to the right people, albeit illegally.
While investigating this criminal trend, Westin came across a forum which specialized in the trade of insider, non-public information including earnings reports, mergers & acquisitions, FDA approvals, and patient data.
Participants in the forum asked not only for information from insiders but also for hackers that may have access to such data to get in touch.
Delving deeper into this world revealed a “number of hidden services and forums” established not only for information requests but to facilitate the sale of insider information.
TechRepublic: 57% of IT workers who get phished don’t change their password behaviors
In some cases, payment was offered through cryptocurrencies, whereas in others, white collar and hacker teams were willing to seal the deal in return for shares in earnings based on traded data.
PR firms, alongside major newswires, were targeted for the data they hold in confidence, and this stolen information — such as press releases — was advertised as for sale in these groups.
CNET: UAE’s ‘Karma’ hack tool spied on iPhones just by sending a text, report says
“Initially, access to the data was provided for a fee. However, over time the traders set up accounts for the hackers so they could make more money from their exploits,” the researcher said.
In the case of the hackers targeting EDGAR, the correlation of logs gathered from SEC, the targeted PR firms, brokers, and the hacker’s equipment revealed the connections between traders and hackers — and in such a lucrative market, insider trading made possible through cyberattackers is unlikely to vanish anytime soon as long as money can still be made through the theft of data.