Company loses millions against sophisticated attack

Jun 23, 2014 09:39 GMT  ·  By

An undisclosed major hedge fund company in the U.S. is the victim of a spear phishing attack that resulted in the firm’s trading strategy to be leaked to the cybercriminals and trade orders to be executed with a delay.

The breach occurred towards the end of 2013 and the company affected is a customer of BAE Systems Applied Intelligence, which dealt with the incident.

Paul Henninger, global product director at BAE, told CNBC that the attack's level of business sophistication was unlike something BAE technicians had seen before.

The attackers lured the hedge fund employees with an email message which appeared to be about the capital markets industry, and which carried the malware. As soon as opened, the hedge fund’s systems became infected.

One of the effects observed by the financial analysts at the firms and the IT departments was a difference between the time a trade offer was issued and the time when it was executed. The lag was in the range of hundreds of microseconds to a few milliseconds.

These tiny delays in their trading system would allow the cybercriminals to apply the trading strategy to their own benefit. A remote server could receive the information and initiate trade offers automatically.

Another suspicious behavior noticed by the IT department was that files were moved “on the system in ways that couldn't be explained by normal business operations.” This is when they called in the technicians from BAE.

The entire spying period extended over a few months and the estimated costs for the trading firm amount to millions of dollars.

Henninger does not know if the incident has been reported to the Securities and Exchange Commission or the FBI, but he said that this type of companies are generally reluctant to appeal to law enforcement agencies because they would have to expose “their dirty laundry” to the investigation.

He also said that this type of attacks can be considered as the perfect crime because tracing the criminals is generally extremely difficult.

This attack is significant because it shows that criminals have become more sophisticated in how they make their money. Breaking into a trading system and, most importantly, the ability to profit from the leaked trading information is far from being a common combination.

Another attack spotted by the BAE team recently consisted in compromising the system of an insurance company and creating fake policies against which the criminals would file claims.

[UPDATE]: In a later statement to media publications, BAE Systems said that the aforementioned attack was not real, just an internal scenario.