cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 9

Large Stock sold before hack announcement

Jump to solution
https://www.washingtonpost.com/technology/2020/12/15/solarwinds-russia-breach-stock-trades/?outputTy...

So the comments below not sure if yall looked but it was not only CEO, it was major share holders, VP, and CTO they all been dumping stock.

https://www.secform4.com/insider-trading/1739942.htm
Also a majority sold in May when the hack started. If you look none of them sold any share before May.
This doesn't make me feel warm and fuzzy about SolarWinds future.

Also why did SolarWinds have the password Solarwinds123 on the update server. I mean come on where is the security.
https://www.businessinsider.com/solarwinds-warned-weak-123-password-could-expose-firm-report-2020-12
1 Solution

Great response!

There seem to be a lot of people on the forum, trying to defuse this situation, and that is admirable.  But with the mounting evidence that is coming from the infosec community, and the lack of information coming from SW (This isn't surprising), then being diplomatic about the company and it's products isn't really warranted.

Clearly mistakes, very big ones, have been made.  This will result in massive reputation damage, and have massive financial implications for the company, which if we're all honest, will likely result in SW going to the wall.  There will be a considerable investigation into the who's, what's why's of this incident, majority of which will be behind closed doors.

Many companies will also have been affected by this intrusion, and difficult decisions will be required from those companies as to how they proceed, but I suspect that for many the wheels are already in motion to move away from Orion as a monitoring solution, with competitors already contacting companies to offer discounts of their services.

The dumping of stock by the aforementioned parties is insider trading, and I am sure that will be investigated accordingly, although it may be difficult to prove/remediate if/when the company goes into administration.  In all likelihood, the amount of coincidences will show that the hack was known about for sometime, and SW only released the information, as they knew that FireEye were going public, so their hand was somewhat forced.

Behind the scenes, I am sure there has been a full forensic investigation, likely by FireEye, which has highlighted the security failings of the company, and it's workforce, also giving the company time to shore up its defences, and develop the patches that are now being released.  Software development is not something that can be done overnight, so it is unlikely that the patches were developed, tested and released in 2 days.

There are much bigger implications in all of this, the workforce for instance, this will result in a loss of jobs for people, in a pandemic.  Hardly the best time to be seeking new employment.  Government agencies and private companies having possible data ex-filtration, result in reputation damage, and loss of business, and also secrets possibly falling into the wrong hands...  And that's before the financial implications, both regulatory and punitive, and no doubt lawsuits brought by 3rd parties.

As many have said, the full impact of this hack is still unknown, and likely wont be known for sometime.  And that is a worry!  An example of this would be the notpetya ransomware, a direct result of the NSA hording 0days, and then having their own tools stolen, weaponised, then used against them. 

Hacks happen, we live in a digital age, but yet again it has proven that WE are the weak link.  Not the software or hardware, but we the people writing the code, using the software, and administering the tools.  This should be another wake up call to practice good security, but it comes at a cost of convenience, and for some companies that is a massive trade off, that some are willing to take.  Information is priceless, other companies and agencies have proven this already.  Prism for instance, facebook, google.  2 sides of the same coin.

If you take anything from this incident it should be to practice good security.  Use a password manager, it seems simple, but it makes life much easier, RBAC, frequent pen tests, and security should be paramount, and not an after thought.  Until this is practised from the top down, then these incidents will continue to happen.

View solution in original post

14 Replies

This will I am sure be investigated, and the timing is really not good, as 2 + 2 can be made into any number at this point. From what I have seen from this, it has been in motion for some time that the CEO and some other members of the board were moving on and that the investment funds that own most of SW sold their stock at the same price as each other (https://investors.solarwinds.com/financials/sec-filings/default.aspx). This therefore has to be a large, no doubt negotiated for months position and the institute that bought them, if there was insider knowledge on this security issue known, will be suing them very quickly. 

If that happens, then I would suggest that is the first piece of real evidence, otherwise this looks like a plan that came to fruition at precisely the wrong time.

0 Kudos
Level 9

Thanks for sharing, not sure why people are saying this is normal and is just a coincidence.  

I'm sure they were well aware of the issue prior to releasing information to the public. I mean come on have you ever seen Solarwinds release a patch in 1 day????? Heck it takes longer than that to reach support to resolve an issue. 

It was around 3 days and it was very focused to removing trojan code and adding security function. When you have hundreds of developers working on a product the coding took probably the least amount of time in those 3 days.

0 Kudos

Jump-to-Conclusions-Game-Wins-Funding-On-Shark-Tank.jpg

Best reference ever.

0 Kudos

I'll defer to our local trading guru @designerfx to provide some insight, but from what we've seen this is what you'd call "wrong place, wrong time" and not criminal. An investigation will surely be conducted, though. 

Level 11

I saw the quote from Jacob Frenkel in the article. I'd trust his opinions on the subject. I've known him and his family (mostly the family, though) for years.

0 Kudos
MVP
MVP

I'm sure the CEO is at least 50 something I hear. Possibly he is moving on to other things I'm not sure, or maybe retirement beckons? Especially when you have had a successful career. I've seen more shifting and moving about with shares and CEO's than ever before during this pandemic. It's a tumultuous time when people are definitely making money and losing money. I'm actually thinking about buying shares now so it's time to invest not to sell! So buy them while you can...

0 Kudos

This will be looked at but remember. 

  • The change in CEO's has been planned for many months. 
  • Trades like this are scheduled way in advance. 
  • This happened prior to the FireEye announcement.

I just do not see any smoking gun here when you look at the timeline.

Paul

as someone who trades and bots crypto/stocks and all the fun stuff, this is much ado about nothing. literally people are seeking conspiracy. this is up there with every other political hype

Its my belief that the FireEye forensic document itself took MONTHS to create.

I think this issue has been active and kept secret for months due to:

1. Presidential Election - imagine if they released this on October 20th. LOL!

2. Money - the stock dumps were epic and definitely timed

Looking at Edgar data, it is obvious that all of the hedge funds, directors, and the CEO dumping at the time that they did and the sheer volume is not coincidental.

Anyone that thinks so is being polite. 🙂

They knew.

And I think no one here, including me, is trying to play tin foil hat games. I believe we are mainly concerned that the damage they did keeping this secret, as long as they did is very suspect. That FireEye document was months in the making.

Many people knew. It was kept secret, and the damage it did was pretty breathtaking.

I predict FireEye and SWI execs will testify before senate/congress DHS & SI committees at some point under oath. There is some truth needed here that we're not getting.

Great response!

There seem to be a lot of people on the forum, trying to defuse this situation, and that is admirable.  But with the mounting evidence that is coming from the infosec community, and the lack of information coming from SW (This isn't surprising), then being diplomatic about the company and it's products isn't really warranted.

Clearly mistakes, very big ones, have been made.  This will result in massive reputation damage, and have massive financial implications for the company, which if we're all honest, will likely result in SW going to the wall.  There will be a considerable investigation into the who's, what's why's of this incident, majority of which will be behind closed doors.

Many companies will also have been affected by this intrusion, and difficult decisions will be required from those companies as to how they proceed, but I suspect that for many the wheels are already in motion to move away from Orion as a monitoring solution, with competitors already contacting companies to offer discounts of their services.

The dumping of stock by the aforementioned parties is insider trading, and I am sure that will be investigated accordingly, although it may be difficult to prove/remediate if/when the company goes into administration.  In all likelihood, the amount of coincidences will show that the hack was known about for sometime, and SW only released the information, as they knew that FireEye were going public, so their hand was somewhat forced.

Behind the scenes, I am sure there has been a full forensic investigation, likely by FireEye, which has highlighted the security failings of the company, and it's workforce, also giving the company time to shore up its defences, and develop the patches that are now being released.  Software development is not something that can be done overnight, so it is unlikely that the patches were developed, tested and released in 2 days.

There are much bigger implications in all of this, the workforce for instance, this will result in a loss of jobs for people, in a pandemic.  Hardly the best time to be seeking new employment.  Government agencies and private companies having possible data ex-filtration, result in reputation damage, and loss of business, and also secrets possibly falling into the wrong hands...  And that's before the financial implications, both regulatory and punitive, and no doubt lawsuits brought by 3rd parties.

As many have said, the full impact of this hack is still unknown, and likely wont be known for sometime.  And that is a worry!  An example of this would be the notpetya ransomware, a direct result of the NSA hording 0days, and then having their own tools stolen, weaponised, then used against them. 

Hacks happen, we live in a digital age, but yet again it has proven that WE are the weak link.  Not the software or hardware, but we the people writing the code, using the software, and administering the tools.  This should be another wake up call to practice good security, but it comes at a cost of convenience, and for some companies that is a massive trade off, that some are willing to take.  Information is priceless, other companies and agencies have proven this already.  Prism for instance, facebook, google.  2 sides of the same coin.

If you take anything from this incident it should be to practice good security.  Use a password manager, it seems simple, but it makes life much easier, RBAC, frequent pen tests, and security should be paramount, and not an after thought.  Until this is practised from the top down, then these incidents will continue to happen.

View solution in original post

$286 million dollars is not an accidental, non-coincidence.  🙂


https://www.theregister.com/2020/12/16/solarwinds_stock_sale/

Preaching to the choir 😉

0 Kudos