Dow Jones Dismisses Russian Hack ReportFirm Denies More Serious Intrusion After Admitting to Customer Data Breach
Attackers operating from Russia hacked into servers operated by publisher Dow Jones and stole sensitive financial information - prior to its public release - that would have allowed them to profit from insider trading, a new report claims. But Dow Jones, which recently admitted to suffering a breach that exposed customer data, has dismissed the new report, saying it has no knowledge of any such breach or investigation (see E*Trade, Dow Jones Issue Breach Alerts).
See Also: Data Center Security Study - The Results
Bloomberg reports that the FBI, U.S. Secret Service and the U.S. Securities and Exchange Commission launched the probe into the Dow Jones insider-trading hack at least one year ago. According to Bloomberg, four unnamed sources with knowledge of the investigation say that the intrusion looks to be much more serious than the breach that Dow Jones detailed Oct. 9, which the company reported had compromised an unknown quantity of subscriber data, as well as at least 3,500 payment cards, although it said it had received no reports of any related fraud.
The Bloomberg report adds that it is not clear whether the two breaches are linked, and that U.S. officials still do not know exactly what the Dow Jones hackers stole or how they might profit from it.
But Dow Jones, which is a unit of Rupert Murdoch's News Corp., has issued a statement saying that it has no evidence to substantiate any such breach by Russians for insider trading purposes. "To the best of our knowledge, we have received no information from the authorities about any such alleged matter, and we are looking into whether there is any truth whatsoever to this report by a competitor news organization," Colleen Schwartz, vice president of communications at Dow Jones, tells the Register.
Dow Jones did not immediately respond to a request for comment. The FBI, Secret Service, SEC and U.S. Department of Justice also could not be immediately reached for comment.
If the report that hackers infiltrated Dow Jones to steal information for insider-trading purposes is accurate, however, it would not be the first such attack. Indeed, in August, the Department of Justice and SEC announced that they suspected that a gang of 17 individuals located in the United States, Ukraine and Russia had hacked into major newswires to steal 150,000 confidential press releases before they were to be published (see Feds Charge 9 with $30M Insider Trading, Hacking Scheme).
From February 2010 until August 2015, the gang hacked into three newswire and press-release services - Business Wire, Marketwired and PR Newswire Association - and used information contained in 800 releases to make more than $100 million in trades, earning $30 million "in illicit trading profits," according to court documents.
Dow Jones owns a number of well-known brands used by investors and financial analysts, including The Wall Street Journal, Dow Jones Newswires, Barron's, MarketWatch and Financial News. And if hackers were seeking insider information, then a likely target might have been the Dow Jones Factiva service. The service, according to the company's annual report, has 1.1 million users and features finance-related news from about 200 countries, including information that has not yet been publicly released, from about 32,000 different sources. "More than 4,000 sources make information available via Factiva on or before the date of publication by the source," the annual report says.
Ken Westin, a senior security analyst with security firm Tripwire, notes that insider information is being actively bought and sold on underground cybercrime forums, and that rogue traders will actively commission related hack attacks. "These underground forums are a place where I'm seeing a lot of fraudsters and hackers actually collaborate and work together," he says. "I'm even seeing a lot of white-collar-type criminal activity happen in these areas too, where someone who's a trader may talk to a hacker group ... and then pay them for information that may lead to a hot stock tip, for example."
Questioning Breach Defenses
While Dow Jones says that it cannot substantiate the Bloomberg report, security experts have cautioned that an inability to find evidence of a breach does not mean the breach never occurred (see E*Trade, Dow Jones: 7 Breach Lessons).
For example, the Oct. 9 breach notification letter from Dow Jones CEO William Lewis to the company's 2.4 million customers, pertaining to the customer data breach, noted that attackers had been accessing systems run by the company for three years - before it learned of the intrusion from an outside source - and admitted that it did not know how many customers' personal details may have been stolen. "To date ... our investigation has not uncovered any direct evidence that information was stolen, so it is not possible to identify the number of [affected] customers," Jones wrote.
That statement about the customer-data breach details less about happened in the hack attacks and more about the state of the Dow Jones defenses, says information security consultant Brian Honan, who's a cybersecurity adviser to the association of European police agencies known Europol. "It is worrying that an organization cannot say for definite what information has been compromised on their network," he says. "One would hope that organizations would have the appropriate tools, audit and security logs, and skilled expertise to help them analyze a security breach to determine exactly what was taken."