Use your computer fearlessly.

[ Security | Consulting | Research ]

Stock Exchange Hacks

by Brent Kirkpatrick

(Date Published: .)

Digitizing the finance industry exposes our stock exchanges to the grave risk of hacking.

Financial exchanges can be hacked if they are digital. The hackers implement operations that either dump money in their accounts, defrauds customers, or use insider trading knowledge gained by hacking. For example, hackers could defraud customers or embezzle money from trades. As another example, hacking a company could deflate the stock price and shorting the price would line the pockets of the hackers. For a more direct example, the hackers could sell stock without permission and direct the money to their own account.

In 2016, a digital money hack took $55 million. A digital money fund, DAO, using ad digital currency, Ethereum, closed due to hacking of the exchange itself. The technologies used to run the exchange were hacked directly by hackers. Fortunately, the money was safe. The digital exchange imposed a 27 day waiting period before actually moving money, and DAO was able to roll-back the trades, effectively voiding the hacker's transactions. The hacker's account was frozen and all funds were safe. However, the digital currency tanked, dropping 38% on news of the hacking, effectively closing the market and fund.

Consolidated Audit Trail (CAT), a new exchange monitoring tool, required by SEC regulators, is vulnerable to hacking. Since the Equifax hacks, there is a growing concern among regulators and executives from the NYSE regarding the security of CAT. A flash crash in 2010 prompted the creation of this technology, which tracks orders from 61 trading venues (public and private). Since CAT includes personal information about customers (SSNs and dates of birth), there is concern about fraud should it be hacked.

The law that gives guidance and oversight to cybersecurity in the finance industry is called the Gramm-Leach-Bliley Act (GLBA). This act passed in 1999 regulates privacy of consumer data.

defendIT. AI-driven security measures derived from security incident data.

Paul Vigna. "Digital money fund hacked." The Wall Street Journal. June 18, 2016.

Dave Michaels. "Exchanges warn of hacking risks." The Wall Street Journal. Sept. 16, 2017.

© 2015, 2016, 2017, 2018 Intrepid Net Computing. All rights reserved.