A gang of Ukrainian hackers broke into the networks of Marketwired L.P. (Marketwired), PR Newswire Association LLC (PRN), and Business Wire and stole press releases containing confidential nonpublic financial information relating to hundreds of companies traded on the NASDAQ and NYSE. Traders then made upwards of $30Million by trading the news.
It seems the hackers used used a series of targeted cyber-attacks, including “phishing” and SQL injection, to gain access to the computer networks. They then shared the stolen press releases with traders using overseas (from the US) servers that they controlled.
However they were caught due to a major flaw in the overall plan. The traders generally traded ahead of the public distribution of the stolen releases, and their trading activities shadowed the hackers’ capabilities to exfiltrate stolen press releases. In order to execute their trades before the releases were made public, the traders sometimes had to execute trades in extremely short windows of time between when the hackers illegally accessed and shared the releases and when the press releases were disseminated to the public by the newswires, usually shortly after the close of the markets. Frequently, all of this activity occurred on the same day. Thus, the trading data often showed a flurry of trading activity around a stolen press release just prior to its public release.
Which made quite a big footprint!