US Securities and Exchange Commission attack: stolen data can be used for insider trading

Image: Dave Center , CC BY 2.0

The US Securities and Exchange Commission (SEC) has announced that it has been the victim of a hacker attack. The attackers managed to get into the system for storing documents of companies traded on the stock exchange, which could potentially give them an advantage when making deals in the stock market.
')

What is the problem

The commission discovered a burglary last year, but until September 2017, representatives of the regulator did not know that cybercriminals could have access to information for insider trading. When this became known, SEC chairman Jay Clayton issued a statement - but it did not contain information about when the hack occurred, whether the attackers were interested in information about a particular company, and what caused the delay in recognizing the incident.

“Despite all the efforts to protect our systems and manage information security risks, in some cases cybercriminals managed to gain access and incorrectly use our systems,” says Clayton’s statement.

Hackers attacked a system called EDGAR - it is used by investors to obtain detailed financial reports, which are required to periodically publish all the companies whose shares are listed on the stock exchange. The system code contained a vulnerability that allowed attackers to get “access to non-public information,” Clayton said in a statement.



EDGAR system interface

As a result of hacking, there was no leakage of personal information, but the stolen data “could be used to extract illegal profits in the course of exchange trading”. The investigation into the incident continues.

Not the first attack

The EDGAR system was already becoming the target of hackers. So in 2015, hackers managed to publish in the system false information about the impending takeover of Avon Products, which led to a serious increase in its shares. Earlier in 2014, several researchers found that in some cases the information placed in EDGAR was available to some users 30 seconds ahead of the rest . This could give traders a serious advantage over other players - HFT traders can make thousands of transactions in an instant, 30 seconds for them is an eternity.

News of a new burglary could jeopardize the Commission’s efforts to collect more detailed information on stock trading in US markets in a centralized database - the regulator seeks to create a tool that will reveal market manipulation. Some leading Wall Street players, such as the New York Stock Exchange (NYSE), expressed their concern that such a database would become a target for hackers by default.

Other materials on finance and stock market from ITI Capital :

• ITI Capital Educational Resources
• Analytics and market reviews
• Big Jackpot: Why hackers attack SWIFT financial transfer system
• Lazarus: Who is behind the attacks on the SWIFT bank transfer system
• How Russian hackers have robbed the Nasdaq
• Russian hackers hacked Dow Jones and seized insider information