Sqrrl Blog

Aug 13, 2015 9:18:00 AM

Cyber Incident Matrix: Insider Trading

Complexity Score: 3
Severity Score: 3
How did we get these numbers?

Incident Summary

  • What was breached: Business Wire, Marketwired and PR Newswire

  • Delivery: February 2010 - August 2015

  • The Attackers:  Attackers from US, France, Cyprus, Russia, and the Ukraine


Beginning in early 2010, a ring of hackers breached financial wire companies Business Wire, Marketwired, and PR Newswire, patiently exfiltrating press releases related to a number of Fortune 500 companies (including HP, Home Depot, and Caterpillar) before the releases were made public. After the press releases were exfiltrated, they were analyzed by traders who would buy or short stock depending on the information contained in the press releases. According to the SEC filing, the hacker-trader ring made over $100 million in insider trades over the five year period.

Sqrrl_Cyber_Incident_Matrix_Insider    OPM Breach IRS Breach Anthem Breach ATM hacks Kaspersky hack Insider Trading hacks

Complexity Score:

Plan Time Indirect Attack Cyber/Human Coordinated Zero-Days Used Time Undetected Advanced  TTPs Total
1 0 0 0 2 0 3

The hackers gained access to the financial wire companies through relatively simple phishing attacks on employees. After they gained access, they moved laterally through the systems until they were able to access the press release databases. At several points in the five year period, the hackers were denied access by routine security updates and password changes. However, they were quick to regain access, sustaining their phishing attacks and leveraging malware they had installed while they still had access to the system. 

Severity Score:

Incident Costs Physical Damage Lives Lost Nat. Sec. Impact Total
3 0 0 0 3

The court documents from New Jersey indicated the ring of 32 hackers and traders executed about 800 trades on the 150,000 press releases stolen from the wire companies over the five year period. According to SEC chairwoman Mary Jo White, the hack was “unprecedented in terms of the scope of the hacking, the number of traders, the number of securities traded and profits generated,” adding the hack serves a stark reminder that the markets face increased risk of attack and manipulation. While this particular hack leveraged information to trade unfairly, other incidents (such as the SEA hack of the Associated press) could result in nosedives that cost billions of dollars and destabilize the consistency of the American market.

Cybersecurity Analytics

Topics: Data Breach, Phishing, Hacking, Insider Trading, Market Manipulation