Tag Archives: Insider trading

Security News for the Week Ending December 24, 2021

Russian Hackers Make Millions by Stealing SEC Earning Reports

A Russian hacker working for a cybersecurity company has been extradited to the U.S. for hacking into the computer networks of two SEC filing agents used by multiple companies to file their quarterly and annual SEC reports. Using that insider information, the hacker traded stock in advance of the earnings being made public and earned millions. The hacker made the mistake of visiting Switzerland. I guess he figured that the U.S. did not know who he was. He was wrong. Credit: Bleeping Computer

Security Flaw Found in Popular Hotel Guest WiFi System

I always tell people not to use hotel guest WiFi systems because they are not secure. A researcher says that an Internet gateway used by hundreds of hotels for the guest WiFi are not secure and could put guest personal information at risk. The gateway, from Airangel, uses extremely easy to guess and hardcoded passwords. You can pretty much guess the rest. Credit: Tech Crunch

Feds Recover $154 Million in Bitcoin Stolen by Sony Employee

The U.S. has taken legal action to seize and recover $154 million stolen from Sony Life Insurance by an employee in a very basic business email compromise attack. The funds were supposed to be transferred between company accounts but were diverted. The hacker was not very smart, was in a country friendly to the U.S. (Japan), used a U.S. bank account and a Coinbase Bitcoin account, making it pretty easy to recover once found. The FBI managed, somehow, to obtain the private key for the hacker’s Bitcoin wallet, which made recovering the funds even easier. What the FBI has not disclosed is how they were able to recover the private key, probably because they do not want to disclose methods. Score one for the good guys. Credit: Bleeping Computer

Former Uber CSO Faces New Charges for Breach Cover-Up

Here is a tip about covering up a breach. Joe Sullivan, Uber’s Chief Security Officer between 2015 and 2017, faces more charges of covering up Uber’s breach. This time it is deliberately covering up a felony, which could bring him 8 years in prison and a $500,000 fine. Knowing Uber, they are probably not paying his legal costs. Moral: don’t lie. Credit: Data Breach Today

Russia Surging Both Tanks and Cyberattacks on Ukraine

In addition to moving 175,000 soldiers to the Ukraine border as Ukraine plans to join NATO, Russia is also stepping up cyberattacks on Ukraine’s financial system and critical infrastructure. In response, the US, UK and other friendly (NATO) countries have sent cyber experts to Ukraine to help defend their digital frontier. What war looks like now. Credit: Data Breach Today

Who Would Want To Steal My Stuff?

When I talk to some people, their first comment is “we are no one special, who would want to steal our stuff?”

The news today is an example of who and why.  The Justice Department announced charges against 9 defendants for breaking into several press release services and stealing information before it became public.  They would then execute stock trades to their advantage, leveraging the change in stock prices that occurred when the embargoed news releases come out.

There are a number of players in this game – the companies who created the news releases, the press release services, the hackers, the mules the hackers used to run the trades and the rest of the shareholders, to name a few.  Potentially – and that is a big if – they all could be involved in litigation.  Both the company and the news service for not doing a better job of protecting the information.  The hackers and their mules for breaking the law and the remaining shareholders who could claim that they were adversely affected by the stock price manipulation.  After all, if the hackers made a hundred million, what about the legitimate shareholders.

All will likely be on one side or the other of one or more lawsuits.  Lawsuits that, besides the potential of an expensive verdict against them, take time,  cost money and distract people from their primary business purpose.

The U.S. Attorney for New Jersey who announced the indictments said the 9 people mentioned above made $30 million off this scheme and another 23 people brought the total netted from this up to around $100 million.

PR Newswire, one of the firms that was hacked over that five year period, will have to explain how come they did not do more the kick the hackers out and keep them out.  Apparently, they knew at some level that the hackers were in their systems and thought they kicked them out.  Given they knew they had been hacked, did they “up their game” to make sure that the hackers were really out?  Also, it is unclear if they notified their customers when they discovered hackers in their systems in the past.  While there may not be any legal requirement to do that, their could be a contractual requirement.

From the company’s side, they are going to have to explain and justify their process for vetting their vendor’s security.  For many companies, the process is “What process?”  Given their vendor is at the center of a big mess, the company is likely to get dragged in.

The hackers and mules will face a variety of charges including identity theft, wire fraud and money laundering, among others.

The stockholders will likely sue the companies saying that they were damaged due to this insider trading.

And, since publicly traded stocks are involved, the Securities and Exchange Commission is involved and will likely contribute to the time lost.

So the next time you say “who me”, consider these companies (tens of thousands of press releases were stolen).  All they wanted to do is simplify the process of distributing press releases and now, for years to come, they are going to be distracted by legal proceedings.

Information from this post came from Dark Reading.