Parsing: can hackers actually hack the stock exchange

Image: Christine Puccio , CC BY-SA 2.0

Millions of investors all over the world see in the stock market their enrichment tool. Their belief in the exchange is incredible. And of course, investors believe that the stock exchanges are well protected by default: the stock price may fluctuate, but they themselves will not disappear from the investor’s account anywhere, and the actions of unscrupulous players should not affect their value.
')
But can they actually hack the stock market? CNBC analysts have dealt with the issue in more detail - we have prepared an adapted version of this material.

Is it possible to hack the exchange

The short answer to the question is yes, the exchange can be hacked. But do not panic and sell stocks - any exchange platform takes serious precautions against hacker attacks or failures provoked by the actions of criminals and unscrupulous players.

“Hacking can lead to temporary disruption, but any fraudulent or operational errors on the exchange will not have serious consequences,” said Philip Lieberman, President of Lieberman Software in Los Angeles. When some serious failure occurs, the trades simply stop. “This has already happened many times, and it does not cause panic. The stock exchange resumes when everyone calms down. ”

But, despite all the protection measures taken on major exchanges, they do not always work stably. It is worth remembering the failure of 2010, when the US stock market fell sharply by 9% due to manipulations with E-mini S & P 500 futures contracts. Then we managed to win back more than half of the losses, but the case showed that the stock exchange is not insured against serious shocks.

A more recent example is that on the evening of July 3, 2017, the prices of Amazon.com, Alphabet, Microsoft Corp., Apple, and other companies ’shares suddenly dropped to $ 123.47. That is, the cost of securities Alphabet and Amazon.com decreased by 86% and 87% respectively. This did not lead to serious consequences: transactions at such prices were not conducted, and trading floors soon began to show the correct values.

In both cases, the cause was technical failures, not hacker attacks. And yet there are several ways that cybercriminals can use to attack financial markets.

Phishing

Phishing - a type of fraud that criminals use to steal user data by sending letters on behalf of well-known and respected brands - is popular and effective.

United Data Technologies Chief Information Security Officer Mike Sanchez gives an example: “Last week we checked security at a financial institution. We were given a list of 500 employees. Seventy-five percent of them, having received a phishing email, clicked on the link requesting their ID and password, and transmitted this data. ”

Injections of false information

Another method is to crack a reputable company or the media and publish information that could affect the course of trading. Thus, criminals can indirectly control high-speed trading algorithms.

“Attacks targeting information sources, such as The Associated Press Twitter, can affect stock prices,” says Nathaniel Gleicher, head of cybersecurity strategy at lllumio and former director of cybersecurity policy under President Barack Obama.

In 2013, hackers really hacked the Twitter of the Associated Press and sent a message: "Urgent: there were two explosions in the White House, Barack Obama was injured."

Because of this tweet, sent at 1:07 in the afternoon, the Dow Jones Industrial Average instantly dropped 150 points. Losses were quickly recovered because the fraud was revealed. But in this short period of time, stocks lost more than $ 130 billion in market value.



Image: Washington Post

Abduction of trading algorithms

Representatives of companies from the field of information security in 2015 told reporters about the cases of hacking of hedge fund systems and HFT firms in order to steal trading algorithms.

In particular, representatives of the information security vendor Kroll reported on several instances of attempts to steal trade algorithms — that is, programs that are used for automated trading operations on financial markets. At the same time, it was possible to prevent the leakage of algorithms in two cases; in one, the attack was successful. Also participating in the analysis of the security incident associated with the theft of trading algorithms, said the company FireEye.

Attacks aimed at stealing trading algorithms are rarely carried out with the aim of using program code for direct trading on the exchange. Much more often in the case of a successful hack, attackers can offer to return the stolen algorithms for a reward, threatening to publish data about the attack - this always provokes panic among the clients of the financial company.

Not so scary

While the manipulation of algorithms is troubling, the large exchanges have “automatic switches” that stop trading at certain rates of decline. For example, if the decline on the New York Stock Exchange is 7% per day, trading will stop. They will again stop with a decline of 13% and 20%. And if the suspicious rate jumps continue, any questionable transactions will be canceled.

A large-scale attempt to penetrate the stock market should be different. The main threat is not technology, but people. “It would be much worse if an attacker could stay in the trade network for weeks or months and subtly manipulate transactions,” says Gleicher.

In response to a question from journalists about whether this is possible, the NYSE declined to comment, and Nasdaq did not give feedback. But one case of a large-scale attack on corporate America, which was made possible by the human factor, was nonetheless.

In 2013, hackers stole from Target Corp. up to 40 million customer credit and debit card numbers. The attackers were able to collect this incredible amount of information, because their malware for quite a long time — 74 days — lived in Target data centers.

According to Mike Sanchez of United Data Technologies, hackers were able to physically access the Target data center, where they allegedly left usb-based malware devices on them. “Someone, perhaps an employee, placed him inside his PC,” says Sanchez.

Apparently, such cases are not uncommon. “We see it all the time,” says Sanchez. He believes that the large-scale attack on the stock market will be “absolutely” the same.

The forty million compromised credit and debit cards are staggering financial frauds. But if an attacker could somehow “penetrate” the exchange's data center, install malicious software on the servers with the core of the trading system, and manipulate transactions, this would have a tremendous impact on the financial market.

“The consequences of such an incident will hit the entire financial system, because regulators are struggling even with the manipulation of stock prices when making small deals. And to eliminate the consequences of a major attack, it will take a lot of money and time, ”says Gleicher.

However, at the moment such a scenario looks more like a horror story. Security systems on modern, including Russian, stock exchanges, are built quite well. For example, in 2015, our country established its own information security center, actively exchanging information with banks and stock exchanges. In 2016, the Moscow Exchange completely switched to the new information architecture and updated the equipment in order to minimize losses from technical failures.

If we talk about the security of a brokerage account of a particular person in comparison with a bank account, then the likelihood of hacking exists always - theoretically, an attacker can access it by stealing encryption keys and a password (for example, using a spyware program).

At the same time, it will be much more difficult to withdraw and withdraw funds - the fraudster will have to start manipulating the securities, selling or buying them from the victim’s brokerage account at unprofitable prices. However, this requires serious skills in financial markets that most hackers do not possess. The exchanges today limit the maximum range of price fluctuations during one trading session, so that an attacker is unlikely to be able to “withdraw” any serious amount from his account.

In addition, to minimize potential damage, brokerage companies are developing various customer protection systems. How this protection is implemented in the ITinvest MatriX trading system can be found here .

Other materials on finance and stock market from ITinvest :

• ITinvest educational resources
• Analytics and market reviews
• Big Jackpot: Why hackers attack SWIFT financial transfer system
• Lazarus: Who is behind the attacks on the SWIFT bank transfer system
• How Russian hackers have robbed the Nasdaq
• Russian hackers hacked Dow Jones and seized insider information