Part
01
of one
Part
01
Please provide 5 case studies for instances of cyber-security breaches in securities trading rooms (stocks, bonds, ForEx, etc…) over the past 2-years. Who did it; How they did it; How they were discovered; and how can financial institutions prevent it?
Hello! Thanks for your question asking for 5 case studies for instances of cyber-security breaches in securities trading rooms over the past 2 years. The short version is that the following case studies collectively shed light on how hackers are intelligently targeting a variety of trading spaces and financial institutions. The incentives for doing so are varied and carried out using varied methods. The financial institutions affected are having to respond rapidly in order to try and prevent further attacks. Below you will find a deep dive of my findings.
METHODOLOGY
Having searched through academic databases, corporate websites, industry reports, regulatory filings, government reports/databases and trusted media sites, my colleague and I found that the biggest cyber attacks on trading rooms seem to have happened more than 2 years ago. Having said that, in an attempt to cover every aspect of your request without reusing examples from the previous response, we have managed to find some case studies which are more recently published. Collectively, these case studies aim to provide insight into each element of your question - who carried out the cyber attack, how they did it, how they were discovered and how financial institutions can protect themselves from such cyber attacks.
CASE STUDY 1
Information from 2 different reports describes how the Decentralized Autonomous Organization (DAO), a virtual currency trading room or 'smart contract,' was hacked whereby $50 million dollars of virtual currency was stolen during a 3 hour period. The thief, whose identity has not been discovered, was able to make an automatically repeating transaction by cloning a bug, which was the result of a human error made in the programming language of the application. In order to fix the DAO, the developers decided to roll back the stolen funds by effectively performing a similar attack on the thief's cloned smart contract, as had been done to them. The idea behind a decentralized system is to offer an investment option giving people even distribution of funds while eliminating central control. Such an exploitation of a human error in a coding system, which was designed to eliminate the need to trust humans, can potentially undermine the confidence people have in the whole concept of decentralization. This particular heist has proven that if a coding system which is designed to eliminate human control can be compromised by humans, then some human administration is necessary to monitor transactions and hopefully prevent any further hacking.
CASE STUDY 2
Unlike case study 1, which is an example of money being stolen (albeit virtually) by an obviously anonymous thief, this example is of a protest where the hacker wanted their actions to be publicly known. The 'hactivist' group from the Philippines, called Anonymous, found a way to shut down the London Stock Exchange website for a couple of hours as a protest against the world's banks and financial institutions. This type of breach is known as a DDoS attack - distributed denial of service - disruption being caused rather than actual harm. The aim of the hacker in this case was to gain attention rather than inflict any direct form of damage. This type of cyber attack is more difficult for the individual financial institution to fix as it pertains to a social or political protest, which is of a wider issue.
CASE STUDY 3
This case study has been included as it is an example of a very sophisticated crime combining insider trading and cyber hacking. Through the hacking of newswire services, information on corporate earnings was stolen prior to public release. This gave the traders involved in the scheme a huge advantage over other traders making it possible for more than $100 million to be made over a 5 year period. In order to pull off this heist the traders worked with hackers based in the Ukraine by putting in orders for news of the companies they wanted access to. This allowed them to plan ahead what commodities to trade on. The conglomerate of this heist were brazenly communicating via email, messaging and even through video allowing authorities to track their activity. In all, 32 traders and hackers were prosecuted.
CASE STUDY 4
This case study has been included as it is an example of a specific malware attack where a virus called Corkow Trojan, developed by a Russian hacking group known as Metel, was used in order to directly alter currency exchange rates. This occurred in Russia where the hackers deliberately launched a virus on a Russian bank, which increased the rate of the ruble against the dollar. The attack only lasted for 14 minutes, enough time for them to buy more than $500 million. The crime was then discovered by Russia's central bank and the Moscow Exchange after analyzing the day's currency trading. The same virus, which spreads its infection rapidly across computer systems while simultaneously updating itself to avoid anti-virus programs, was also used in an attack on a Russian card system that enabled rubles to be stolen from ATM's. Although this case study specifically describes how the viral attack was directed at banks, it demonstrates how any computer system could be compromised very effectively.
CASE STUDY 5
Although not within the scope of the last 2 years, this case study has been included as it describes a very sophisticated breach of cyber-security. The hackers in this case installed disruptive malware onto the system of a hedge fund via phishing emails, in order to extract business strategy information for replication. Such attacks on hedge funds, which require a high level of both technical and financial intellect, are a distinctive type of cyber crime as they also require a combination of technical and financial savvy to investigate. The highly private nature of hedge funds means that often they are not very forthcoming to report these crimes. In order to tackle this type of crime, the FBI is encouraging hedge funds to cooperate with them so that they can examine patterns and behaviors to determine how they operate.
CONCLUSION
To wrap it up, the case studies provided for you collectively demonstrate how hackers are utilizing highly inventive methods and a high level of technical intelligence in order to breach cyber security. Incentives vary from stealing money, making political statements or acquiring information. Like any crime, the chances of the hacker being discovered depends on how visible they make their actions. The big challenge for financial institutions is that cyber breaches are difficult to predict as hackers are always one step ahead and their actions are often hard to detect. Financial institutions are having to respond with constantly updated and heightened cyber security and need to be more vigilant of unusual activity. Thanks for using Wonder! Please let us know if we can help with anything else!