The Securities and Exchange Commission (SEC) is going after the biotech-focused hacking ring known as FIN4. Details of the group first emerged last year when security company FireEye reported on how it was breaking into email accounts in search of stock-moving news nuggets, a modus operandi that has put it in the crosshairs of the SEC.
Officials at the securities regulator have contacted at least eight companies that were the victims of the attacks, according to a Reuters' scoop based on quotes from anonymous sources. The SEC is reportedly seeking data on successful and attempted cyberattacks and the tactics FIN4 used to trick people into revealing their passwords. Such online trickery--known as "spear phishing" or "credential harvesting"--was central to how FIN4 gained access to the accounts of people who may be privy to market-moving news.
The identities of the companies contacted by the SEC are yet to be revealed--the regulator isn't commenting on the issue--but it is reasonable to assume some biopharma companies are on the list. When FireEye broke news of FIN4's activities, it said biotechs and other healthcare players featured prominently among the hacking ring's targets, something that is unsurprising given the frequency with which binary, crash-or-soar events take place in the industry. Knowing about a takeover or Phase III data ahead of the rest of the market could be a license to print money.
Stopping such unscrupulous profiteering is part of SEC's remit, prompting the regulator to start an investigation into the use of cybercrime to facilitate insider trading. SEC has initiated similar probes in the past--such as its case against an Ukranian trader who hacked into IMS Health--but its former head of internet enforcement said the contacting of the affected companies for information is an "absolute first." The Secret Service is also reportedly conducting a parallel investigation into FIN4 and FireEye has briefed the Federal Bureau of Investigation (FBI) about the group.
- here's Reuters' article
- and FierceBiotech's take