On December 1, FireEye, a cyber-security firm, released a report detailing a year-long coordinated cyber-attack on over 100 health care and biotech firms. These hackers targeted executives who had key clinical trial and regulatory data sitting in their email inboxes.
As you well know, this type of information is essentially gold in the biotech sector, because stocks expand and contract wildly overnrnight once it’s released. Getting this information before it goes public gives an enormous edge to whoever has it, especially if they’re well-versed on how to make low-key trades with it.
The hacker group was dubbed “Fin4”, because it’s one of a handful of hacker groups that seek only one thing — major financial gain. That is why they target these companies and then head for Wall Street to make their money. Based upon the FireEye report, these hackers appeared to be either from North America or Westernrn Europe and are presumed to have had extensive backgrounds in investment banking due to the lingo they used in communicating with each other during their attacks.
Fin4 practiced excellent “tradecraft” in their attacks, not leaving behind any form of traceable “malware” on the victim’s computers. If the word tradecraft seems familiar, you’re probably a reader of John le Carré or Tom Clancy novels. It refers specifically to the activity of intelligence.
The Simple Hook
Back to the hackers… their plan was quite simple and actually commonplace. They simply sent out “phishing” emails that were disguised as regular emails with attachments or links that captured the victim’s email logon credentials as soon as their victims clicked on the link or the attachment. All emails appeared to come directly from known customers or associates of each of the companies, making them extra hard to detect.
After gaining logon access to each executive’s email system, Fin4 simply read the emails, collected data and made low-key trades with it. FireEye would not release the names of the companies that were infiltrated but did mention that the group contained companies that were publicly traded on NYSE and Nasdaq.
Simply put, Fin4’s activity boils down to them utilizing information that was not widely known and then quickly make trading decisions to their advantage. Their methods for obtaining this information were highly illegal, but what if I told you there was a legal way to get similar information?
The key to beating the market is obtaining information that is “not widely known” to inform trading decisions and then place winning bets with it. As long as data is pulled from publicly available sources on the Internrnet, it’s fair game and legal to trade on.
The trick is that you need to take a “systems” approach and roll up millions of blogs, tweets, and chat messages on a daily basis in order to see the high level trends that no one else is seeing because they’re too focused on reading the messages directly at the lower level.
I currently track these trends utilizing my Social Media Collective Intelligence system (SMCI) and provide alerts in my Biotech Intel Trader service. If you’re interested in learnrning more about obtaining information that not everyone has access to then read up on my trading service here.
As always, I will continue to monitor the market’s social media collective intelligence and keep you updated on the latest trends.