lolloj - Fotolia
The number of people charged in connection with insider trading based on information stolen by hackers has increased to 32, underlining the need for legislation to strengthen cyber security.
Initial reports indicated that only nine suspects were to be charged by US authorities in Brooklyn, New York and New Jersey in connection with insider trading based on stolen corporate press releases before they had been made public.
The insider trading gang is estimated to have netted more than $100m in illegal profits from 1,000 alleged insider trades over three years, up from initial estimates of $30m, reports the BBC.
The hackers – believed to be based in Ukraine and possibly Russia – broke into the computer systems of PRNewswire Association, Marketwired and Business Wire.
Information stolen by the hackers is believed to have been used by their associates in the US to buy and sell shares of dozens of companies, including Boeing, Hewlett-Packard and Oracle.
The fraud charges were made by the US Securities and Exchange Commission (SEC) and relate to suspects in several countries including the US, Russia, Ukraine, France and Cyprus. However, so far only five arrests have been made in the US.
The arrests and indictments come after a two-year FBI investigation of a suspicious trading pattern in the past five years identified by the SEC.
“This international scheme is unprecedented in terms of the scope of the hacking, the number of traders, the number of securities traded and profits generated,” said SEC chair Mary Jo White in a statement.
Read more about cyber crime
- Rising cyber crime suggests criminal law does not deter criminals and a better legal system is required to prevent further rises.
- Co-operation with businesses in the private sector is an increasingly important element in fighting crime, according to UK, US and EU law enforcement officers.
- UK law enforcement officers work with public and private sector partners to help businesses and consumers guard against cyber crime.
- Computer Weekly gets the low-down on cyber crime from law enforcement officers and investigators.
However, this is not the first case of cyber-enabled insider trading to make the headlines. In December 2014, security firm FireEye uncovered an attacker group, dubbed FIN4.
According to a FireEye report, FIN4 compromised account details of individuals in more than 100 organisations who had access to information about corporate mergers and acquisitions, major announcements and other events that have yet to take place, with the suspected goal of using the stolen information to make lucrative plays on the stock market.
In a statement, Business Wire said it was working closely with the US Department of Justice and had hired a cyber security firm to conduct “additional forensic testing” of the company’s systems.
“We devote substantial resources annually to security, including multiple security audits by leading industry consultants,” said Cathy Baron Tamraz, CEO of Business Wire.
Analysts said the case exposes the vulnerabilities of financial markets in the digital age and demonstrates how advance information can be acquired without using any insider contacts.
In September 2013, Scott Borg, chief of the US Cyber Consequences Unit, predicted that manipulation of international financial markets will be the next evolution of cyber crime.
Borg, who anticipated in 2002 the shift from mass disruption cyber attacks to professional, organised cyber crime, said the next shift to financial markets will transform the field of cyber security.
The latest insider trading case highlights the need for legislation to strengthen cyber security, according to international cyber security expert David Fidler.
“The insider trading case may stimulate more demand for the SEC to increase its regulatory activities against threats posted by inadequate information security to the fair and efficient operation of security markets,” said Fidler, professor of law and fellow in the Center for Applied Cybersecurity Research at the Indiana University Maurer School of Law.
“The case highlights something that is becoming all too familiar: that the continued, widespread vulnerabilities in corporate information systems contribute to the degradation of important national objectives, including privacy, the protection of intellectual property and – in this situation – the functioning of markets,” he said.
According to Fidler, the cyber theft of confidential information from companies that distribute business news and handle corporate public relations might also lead to more contractual efforts to protect business-to-business relations from information security problems.