Money does not sleep: who wins in the confrontation of hackers and financial organizations

/ photo The Preiser Project CC

In our blog on Habré, we write a lot about the development of financial market technologies. Every year they are becoming more complex, and the fact that banks and exchanges attract huge amounts of money is not surprising that hackers are showing an ever-increasing interest in the field of finance. But how successful are their efforts?
')

What's at stake

In short, there is a lot of money in the global financial markets. For example, up to $ 60 billion is “pumped” through the New York Stock Exchange (NYSE) per day. The world's largest commercial bank, Industrial and Commercial Bank of China, manages about 140 billion dollars a year. That is, there really is something to fight for.

Banks: how much money do they get?

Consider the problem with examples. The clearest of all will be to turn to the Russian reality close to us. In April 2015, the world's largest cybercrime investigation and prevention company Group-IB published a report in which it told how much hackers steal money from accounts of clients of Russian banks. According to researchers, for the year the criminals withdrew nearly 100 million rubles, or 400 thousand per day. On the day there are about 70 attacks.

In this case, we are talking about direct hacking of the accounts of individuals and legal entities in the Internet banking system. The Security Department of the Central Bank of the Russian Federation in June 2016 provided statistics relating to the banks themselves. In 2015, more than 20 hacker attacks were committed on Russian banks. Although the Central Bank experts warned that in the near future the focus could shift to the exchange sector, at the moment attempts to break into the Moscow Stock Exchange were recorded in a public field by an order of magnitude less than attacks on banks. The loudest story happened in February 2015, when due to the hacking of the Energobank system from Kazan, the ruble exchange rate jumped by 14% in a day (not all observers believe in the version of the hacking, for some it seems a dubious attempt to hide financial company itself).

The most recent example of hacker activity against Russian banks is the attacks through the international payment system SWIFT. In June, hackers took 2 million euros from banks, simply sending phishing links to employees. As they write, "Izvestia", this is only the beginning. The fraudsters realized that hacking the system of Russian banks is quite simple. Technology attacks on SWIFT rehearsed on Western banks, and more recently, the first victims among Russian financial institutions. About the history of SWIFT hacking and the latest examples can be read in our recent article .

Is everything calm on the stock exchanges?

However, hackers are far from being interested only in banks, although attacks on stock exchanges and broker companies are relatively rare. If hacking and hacking attempts are considered to be quite commonplace in the banking sector, then each story with an attack on the stock exchange causes a serious public outcry (subject to leakage of information about the incident to the press).

From article to article, information wanders that, according to statistics from the US Securities and Exchange Commission, 88% of brokers have encountered hacker attacks in their work. Keep in mind that this is not about a specific period of time, but in general about the entire lifespan of such companies. Consider a brief history of known cyber attacks in the foreseeable past.

Today's loudest story dates back to October 2010, when the NASDAQ Exchange was hacked. A detailed story about this can be read here . The media readily attributed this attack to “Russian hackers” who used a malicious program allegedly developed in the FSB. The exchange itself did not disclose how painful the attack was and how much damage, apart from the reputational one, it did.

In 2012, the sites of NASDAQ and BATS sites were attacked, which led to short-term interruptions in the work of the sites. But the problem then managed to quickly stop.

On July 8, 2015, the 4-hour downtime on the New York Stock Exchange was also rushed to write off first on Anonymous, and when they promptly disowned, on “Russian hackers”. We recently introduced our readers to The Washington Post columnist James Lewis. He believes that it is too simple and not logical to write everything off on Russians. People, in his opinion, want to believe in the involvement of hackers to failures on the stock exchanges, because they readily accept any conspiracy theory. Hackers need money. To a lesser extent loud newspaper headlines.

What's the result

Despite the obvious interest of hackers in banks and stock exchanges, as well as occasional major successes of cybercriminals, when they manage to steal money or seize valuable insider information, the means of countering cyber attacks also develop. Financial organizations, regulators, special services and companies specializing in information security from different countries cooperate in the investigation of hacker attacks.

As a result, the media regularly receive news of the arrest of the organizers of another hacker group , who stole money from Russian financial institutions, or the FBI agents caught Russian-speaking hackers who stole financial information for dishonest enrichment on the stock exchange.

In addition, we should not forget that, for example, in the case of attacks on stock exchanges or broker companies, it is extremely difficult for hackers to count on immediate earnings. Rather, they can expect to use stolen confidential information for unfair insider trading. According to Group-IB experts, even in the event of an attack on Energobank, when the company lost 244 million rubles, the hackers themselves hardly received any of this money - they simply put orders at non-market prices, which was profitable in the first place quickly oriented ordinary traders.

That is, "you can not just take and steal money from a bank or broker," you still need to figure out how to make transactions so that you can transfer money to your account. This is quite a non-trivial task, moreover, in this way the chance to get caught is much higher - after all, it is impossible to open an exchange account for that, for this you need personal identification, and you still need to withdraw money from this account to the bank.

All this leads to the idea that hacker attacks are a serious, but not the main problem of financial markets. Successful people are caught from time to time, and it is much more difficult to resist insiders who are “inside the system” and use their position to share data that gives an advantage in trading. Especially if attackers use such non-trivial methods of communication as the Call of Duty gaming chats .

Other materials on finance and stock market from ITinvest :

• ITinvest educational resources
• Analytics and market reviews
• Big Jackpot: Why hackers attack SWIFT financial transfer system
• Lazarus: Who is behind the attacks on the SWIFT bank transfer system
• How Russian hackers have robbed the Nasdaq
• Russian hackers hacked Dow Jones and seized insider information
• Protect Algorithm: What Hackers Attacking the Stock Market Are Interested in