Hackers target hedge funds

August 17, 2012   Lawrence Delevingne

Read more:

A virus cleverly disguised as an email from the Carlyle Group about carried interest is identified by a security company.

Screen capture of an email sent to a hedge fund and blocked by Barracuda (with captions)

It’s the type of thing that keeps a hedge fund manager up at night: hackers watching their trades and tapping into their investment accounts using discrete, remote computer access. Investment ideas stolen. Bank accounts drained. Erroneous trades placed.

That’s what someone was apparently trying to do in targeting employees at hedge funds with a so-called keylogger virus, according to online security company Barracuda Labs.

Keylogger viruses are designed to capture keystrokes and then load them to a remote server from the infected computer. They can be used to steal sensitive passwords, such as an online trading platform or bank account.

In one example provided by Barracuda, the virus is cleverly disguised as an email about "carried interest fees" from "A. Friedman" at the "Carlyle Group" in Boston, presumably a reference to Adena Friedman, the firm’s Washington, D.C. based chief financial officer. The email, of course, is not actually from Carlyle.  

"I apologize for the late reply. Please find attached the doc. requested (regarding the NYSE crrie interest fees)," reads the email. While "crrie" is apparently a sloppy spelling of "carried," the NYSE reference could be a sly use of Friedman’s role before Carlyle: head of corporate strategy at NASDAQ OMX. Carlyle did not respond to a request for comment.

Folders representing infected computers, via Barracuda

When double-clicked, the attachment opens an actual PDF file stolen from law firm Morrison & Foerster about reporting trades to the Securities and Exchange Commission. At the same time, "the program is installing a keylogger which captures keystrokes and loads them to a remote server using FTP," according to Barracuda.

"It basically logs every keystroke," said Mary Catherine Petermann of Barracuda. "So in this case the spear phishing tactic if successful is able to get into anything and everything that a hedge fund manager would have access to."

It’s not clear how many hedge funds received the spam ads and Barracuda told AR the emails were blocked by their clients who use the company’s spam filter. Who those clients are is private. However, an image posted by the company shows 21 folders, which appear to represent as many infected computers.

Related Articles

Latest Poll

How will hedge funds finish 2017?

 - 72%
 - 11%
 - 17%

View previous results