Lawyers targeted in sophisticated email hack attack seeking insider-trading info, consultant says
Often, attempts to get email recipients to click on bogus links are easily recognized because of grammar and spelling errors or ridiculous claims about vast sums of money a stranger is seeking the recipient’s financial backing to obtain.
But that isn’t true of a year-long scheme to hack into the email of health-care industry executives, general counsel, corporate law firms, scientists and others likely to know of information that could affect the price of stock in pharmaceutical companies, a security consultant says.
Apparently written by fluent English speakers with knowledge of Wall Street lingo, these emails were specifically targeted to each recipient. They often included an attached stolen corporate document or spoofed an email address of a longtime client of the recipient to add to their seeming authenticity, FireEye Inc. threat-intelligence manager Jen Weedon told Bloomberg.
Those who were duped by the scheme wound up on a fake log-in page that tricked them into providing the confidential information needed by the hackers to log-in to the target’s email account, says a FireEye report (PDF) provided by Computerworld.
One trick was to require the recipient to enter a Microsoft Outlook password to get access to an attached corporate document, explains the Wall Street Journal (sub. req.).
Then the hackers simply read the target’s email, apparently looking for confidential information that could affect share values in health-care-related companies.
Because the attack didn’t install obvious malware, it was difficult to detect. Plus, because the schemers altered the target’s email account protocol to automatically delete messages that included words such as “hack,” “phish” and “malware,” any email warning of issues with the account was likely to be blocked, reports the New York Times (reg. req.).
Some 100 publicly traded companies, law firms, consultants and investment bankers were targeted by the scheme, which sought information about mergers, regulatory developments and research that could affect share prices, FireEye says.
Because those involved in the scheme used Tor anonymity software when logging into victims’ email account, they are hard to trace.
“[W]e feel strongly this is the work of Americans or Western Europeans who have worked in the investment banking industry here in the United States,” Weedon told the Times. “But it’s hard because we don’t have pictures of guys at their keyboards, just that they are native English speakers who can inject themselves seamlessly into email threads.”
The FBI and U.S. Securities and Exchange Commission declined requests for comment by media organizations.
Related coverage:
Techwire: “Hackers Target Insider Information at Health Care Companies”
Digits (Wall Street Journal, sub. req.): “Did Hackers Gain an Edge on Wall Street? “