Attack on the US Securities and Exchange Commission: stolen data can be used for insider trading



    Image: Dave Center , CC BY 2.0

    The US Securities and Exchange Commission (SEC) announced that it was the victim of a hacker attack. Attackers managed to get into the system for storing documents of listed companies, which could potentially give them an advantage in transactions in the stock market.

    What is the problem


    The commission discovered a hack last year, however, until September 2017, the regulator’s representatives did not know that cybercriminals could gain access to insider trading information. When this became known, the SEC chairman Jay Clayton issued a statement - however, it did not contain information about exactly when the hacking occurred, whether the attackers were interested in information about a particular company, and what caused the delay in recognizing the incident.

    “Despite all efforts to protect our systems and manage information security risks, in some cases cybercriminals managed to gain access and misuse our systems,” Clayton said in a statement.

    Hackers attacked a system called EDGAR - it is used by investors to receive detailed financial reports, which are required to periodically publish all the companies whose shares are traded on the stock exchange. The system code contained a vulnerability that allowed attackers to gain “access to non-public information,” Clayton said in a statement.



    Interface of the EDGAR system

    As a result of the hack, there was no leakage of personal information, but the stolen data “could be used to extract illegal profits during exchange trading”. Investigation of the incident continues.

    Not the first attack


    The EDGAR system has already become the target of crackers. So in 2015, hackers managed to publish inaccurate information in the system about the upcoming takeover of Avon Products, which led to a serious increase in its shares. Earlier in 2014, several researchers found that in some cases, the information posted to EDGAR was available to some users 30 seconds earlier than others . This could give traders a serious advantage over other players - HFT-traders can make thousands of transactions in an instant, 30 seconds for them is an eternity.

    News of a new hack could jeopardize the Commission’s efforts to gather more detailed information on stock trading in US markets in a centralized database - the regulator seeks to create a tool that will detect market manipulations. Some leading Wall Street players such as the New York Stock Exchange (NYSE) have expressed their concern that such a default database would be the target for hackers.

    Other materials on the topic of finance and stock market from ITI Capital :



    Also popular now: