Part
01
of one
Part
01
Please provide 5 case studies for instances of cyber-security breaches in securities trading rooms (stocks, bonds, ForEx, etc…) over the past 2-years. Who did it; How they did it; How they were discovered; and how can financial institutions prevent it?
Hi! Thanks for your request for case studies related to cyber-security breaches in securities trading rooms. In short, 5 examples of this situation include Scottrade, CommSec and Etrade, Bitfinex/Bitcoin, FXCM, and AMP. There are many threats in the financial technology (FinTech) industry, including lack of data encryption and increased risks associated with technological advancement. Financial institutions can take steps to minimize the risk, such as implementing data encryption, using multi-factor authentication techniques, and regularly assessing the infrastructure and network to identify and eliminate potential threats. Below, please find a deep dive of my findings.
SCOTTRADE
Scottrade Bank announced in April, 2017, a breach where 20,000 customers' personal information was exposed as a result of a third-party vendor, Genpact, uploading a file without implementing proper security protocols. This breach was discovered by security expert Chris Vickery, who was able to download a bank-related MSSQL database that consisted of plaintext passwords. He then notified the bank of the breach. When Genpact realized the error, they immediately secured the information and were able to trace the issue to a configuration error during the upload; however, the information had already been exposed by that time.
COMMSEC/ETRADE
In August, 2015, it was discovered that a Russian hacker had gained access to CommSec and Etrade Australian customer accounts, buying shares without their knowledge. The hacker maintained an overseas account, trading through Morgan Stanley. Thirteen ASX-listed penny stocks were targeted, the share prices artificially inflated, then traded out of position, with the hacker accumulating $77,000 in profits. The articles do not disclose how the breach was discovered; however, it is noted the breach was the result of the clients' computers being compromised, allowing hackers the ability to access their passwords and trading accounts.
BITFINEX/BITCOIN
In August, 2016, hackers were able to steal nearly 120,000 units totaling $72 million worth of bitcoin from accounts at Bitfinex, a Hong Kong cryptocurrency exchange. The breach was the result of at least two compromised private keys that were stored in a BitGo hosted multisignature wallet. The amount of bitcoins released was able to be increased by the hackers without BitGo realizing it. BitFinex employees discovered the breach through the website.
In June, 2015, BitFinex received a $75,000 fine from the CFTC in relation to not following rules associated with margin financing for commodities. In response to the fine and in order to meet CFTC requirements, the company moved away from the omnibus wallet method, which retained secure data offline to minimize the risk of hacking, and began using the multisignature wallets, keeping funds in individual accounts. While this method should be more secure, in theory, as it requires multiple signatures to approve any transactions; however, many claim this approach could have actually weakened the security instead of strengthening it, as intended, allowing for the August, 2016 breach.
FXCM
FXCM is a New York City-based global foreign exchange broker. In October, 2015, they announced a major security breach where numerous unauthorized transfers had occurred when a hacker wired money from customers' accounts. This was due to a breach in FXCM's cyber security protocols. The breach was discovered when several of the customers reported receiving notifications of the unauthorized transfers, which they reported to the exchange. Additionally, the exchange received an email from a hacker claiming they obtained sensitive customer data.
AMP
AMP is a Chicago-based online futures trading platform. In 2017, Chris Vickery discovered a breach that exposed approximately 97,000 files, including passport scans, customer chat logs, internal emails, and credit reports, affecting over 10,000 account applicants. The breach was caused by a misconfigured backup device that was managed by a third-party IT vendor. Vickery discovered a 70GB dump of the files that exposed them to the web.
PREVENTING BREACHES
Numerous threats exist in the FinTech industry. The lack of data encryption has resulted in an increase of financial data breaches, and hackers are able to immediately use any data obtained. Financial institutions should use data encryption methods in order to ensure sensitive data is secure, and encrypt data when it is not in use. This method goes a long way in decreasing the costs associated with recovering lost data. IoT and cloud computing provides cybercriminals with increased opportunities to strike. The installation of CCTV cameras can be used as a botnet to steal the bank's sensitive data. Financial institutions should consistently check for suspicious activity on the network, identifying and strategically addressing any symptoms noted.
Foreign governments are more frequently sponsoring cyberattacks. Conducting risk assessments in accordance with the NIST guidelines can assist in the development of an effective cybersecurity policy. Financial institutions must also stay updated on government alerts. The use of third-party vendors also increases the risk of security breaches. These risks can be minimized through regular testing and updates that provide protection before third-party engagement.
The rise of mobile banking presents a unique set of challenges. Financial institutions are faced with the task of providing convenient banking options, while still protecting sensitive data. This can be accomplished through encryption of the complete dataset and cross-platform testing of mobile apps. With the increase of individual's owning/using their own devices, malware threats are also increased. If an infected device connects to the network, sensitive data can be hijacked. In order to minimize the risk, financial institutions should identify potential back doors, as well as use security methods such as advanced firewalls to restrict website traffic.
Hackers have the ability to alter or manipulate the user's or institution's data, which poses a significant risk. Regular data backups by the financial institution can assist with this, along with assistance from IT security professionals, who can identify risks and threats. Hackers are also now using sophisticated spoofing techniques, using similar URLs that appear legitimate to customers. Two-factor or multi-factor authentication techniques, as well as controlled user access, can help minimize these risks.
CONCLUSION
To wrap it up, significant security breaches in the FinTech industry include those associated with Scottrade, CommSec and Etrade, BitFinex, FXCM, and AMP. Threats most commonly occur as a result of the lack of data encryption, as well as issues associated with technological advancements, such as increased mobile device usage, along with the IoT and cloud computing. Financial institutions must take steps, including implementing data encryption methods and performing regular checks to identify and eliminate threats, in order to ensure sensitive data remains secure.
Thank you for using Wonder! Please let us know if we can assist with anything else!