The MFWire
Manage Email Alerts | Sponsorships | About MFWire | Who We Are

Subscribe to MFWire.com's News Alerts [click]

Rating:Which Fund Firm Was Attacked In the Great Financial Services Hack of 2014? Not Rated 0.0 Email Routing List Email & Route  Print Print
Wednesday, November 11, 2015

Which Fund Firm Was Attacked In the Great Financial Services Hack of 2014?

News summary by MFWire's editors

Federal prosecutors are trying to bring down what they describe as a vast, multi-year, multinational hacking conspiracy, and they say a mutual fund shop was one of the victims. [See MFWire's living timeline for more updates and history on the great financial services hack.]

Preet Bharara
U.S. Attorney for the Southern District of New York
Today U.S. Attorney Preet Bharara revealed a previously-sealed 68-page indictment, accusing Gery Shalon, Joshua Samuel Aaron, and Ziv Orenstein (each listed with one or more additional aliases) of masterminding a "cybercriminal enterprise operated through hundreds of employees, co-conspirators and infrastructure in over a dozen countries." The indictment says seven financial services companies, two financial news publishers, two software developers, and a "merchant risk intelligence firm" were all victimized by the alleged cybercriminal network. The scandal most-famously involves a cybersecurity breach of a giant bank, J.P. Morgan, but the Feds say a mutual fund shop was targeted, too. (The DoJ has posted the whole indictment online.)

The indictment describes "Victim-2" as "one of the world's largest financial services corporations, providing mutual fund, online stock brokerage and other services, with headquarters in Boston, Massachusetts." If you think that sounds like a certain 401(k) recordkeeping titan and mutual fund giant led by a family with the last name Johnson, you're not alone. Indeed, Bloomberg, Reuters (twice) and USA Today all point to Fidelity [profile] as one of the targets. And it sounds like the Fido tech team promptly fought the hackers off.

Here's what prosecutors claim happened to Victim-2:

... in April 2014, SHALON and his co-conspirators unlawfully accessed the network of Victim-2 by exploiting the so-called "Heartbleed" vulnerability, which had, at that time, just been widely identified as a previously unrecognized security vulnerability that exist in computer network servers on a widespread basis. While they succeeded in gaining access to Victim-2's network, shortly after they did so, Victim-2 recognized and repaired the Heartbleed vulnertability in its systems.

USA Today says that Fidelity declined to confirm whether or not it was "Victim-2".

"We have confirmed with the FBI that there is no indication that our customers were affected," a Fido spokesman told the paper.

The Boston Globe, CFO, the Chicago Tribune, the Financial Times, the Guardian, the New York Times, and the Wall Street Journal all also covered the unsealed indictment. The Feds claim that the cyberattacks were connected with illegal online casinos, payment processors for illegal drug suppliers, malware, an illegal Bitcoin exchange, and attempts to "artificially manipulate the price of certain stocks."

J.P. Morgan, online brokerages TD Ameritrade and Scottrade, and News Corp's Dow Jones unit all confirmed that they were victims of the alleged hacking conspiracy. 

Edited by: Neil Anderson, Managing Editor

Stay ahead of the news ... Sign up for our email alerts now

 Do You Recommend This Story?

Return to Top
 News Archives
2020: Q2Q1
2019: Q4Q3Q2Q1
2018: Q4Q3Q2Q1
2017: Q4Q3Q2Q1
2016: Q4Q3Q2Q1
2015: Q4Q3Q2Q1
2014: Q4Q3Q2Q1
2013: Q4Q3Q2Q1
2012: Q4Q3Q2Q1
2011: Q4Q3Q2Q1
2010: Q4Q3Q2Q1
2009: Q4Q3Q2Q1
2008: Q4Q3Q2Q1
2007: Q4Q3Q2Q1
2006: Q4Q3Q2Q1
2005: Q4Q3Q2Q1
2004: Q4Q3Q2Q1
2003: Q4Q3Q2Q1
2002: Q4Q3Q2Q1
 Subscribe via RSS:
Add to My Yahoo!
follow us in feedly

©All rights reserved to InvestmentWires, Inc. 1997-2020
14 Wall Street | 20th Floor | New York, NY 10005 | P: 212-331-8968 | F: 212-331-8998
Privacy Policy :: Terms of Use