Could the Stock Market Ever Be Hacked?
July 28, 2017
By John Divine
Is the stock market actually safe? In truth, no system is impenetrable. Millions of Americans rely on the stock market as their primary wealth-‐‑ building tool. Without it, the “American dream” would be even more unachievable than it is today.
People put an incredible amount of faith in the stock market. By implication, investors must think Wall Street is well-‐‑protected – that when you buy a stock, it may naturally go up or down, but it could never disappear from your account or have its price manipulated by nefarious actors.
But, let’s just ask it: Could the stock market ever be hacked? And the short answer is yes.
Despite flaws, there are strong protections. First off: Don’t run out and sell all your stocks. The stock market has serious protections in place to prevent any sort of “hack,” or fraud-‐‑based fiasco brought on by hostile actors.
“A hack might cause a temporary outage, however any fraud perpetrated or operational mistakes on the exchange would be unwound by the participants or covered by the brokers and their insurance,” says Philip Lieberman, president of Los Angeles-‐‑based Lieberman Software.
“When there is an irregularity, the exchange is simply shut down,” Lieberman says. “This has happened multiple times and it does not cause a panic. The exchange is reopened when everyone is calmed down.”
Penny stocks, pink sheets and unregulated exchanges are a different story. “Generally, it’s bad news for all involved if there’s fraud on an unregulated exchange. You bought the ticket, you’re taking the ride to the end,” Lieberman says.
But despite all the protections that the biggest exchanges have, they don’t always function smoothly.
One need only look at the infamous 2010 “Flash Crash” – which in a matter of minutes saw the Standard & Poor’s 500 index lose, then regain, roughly 9 percent – to remind themselves that the market isn’t immune from rather serious hiccups.
More recently, on the evening of July 3, the stock prices for Amazon.com (ticker: AMZN), Alphabet (GOOG, GOOGL), Microsoft Corp. (MSFT), Apple (AAPL) and other tech stocks all magically went to $123.47, which seemed to imply that AMZN and GOOG had fallen 87 and 86 percent, respectively. No trades were made at those prices and their correct values were soon back on display.
At the end of the day though, these instances were all essentially glitches; moreover, they were brief and almost immediately corrected.
If you don’t find that too reassuring, consider this: The exchanges aren’t connected to the internet, rendering one of the most ubiquitous and effective scamming techniques completely impotent.
Go phish. Phishing scams, which are typically email campaigns where attackers pretend to be an authoritative entity you know and trust, are both popular and effective.
United Data Technologies’ Chief Information Security Officer Mike Sanchez says his company frequently tests enterprise security systems to identify and fix breaches.
“We performed an engagement just last week for a financial institution. They gave us a list of 500 employees,” to email, Sanchez says. “Seventy-‐‑five percent of them clicked on a link asking for their user ID and password information – and gave it to them.”
Since major stock market exchanges run on their own offline networks though, phishing just wouldn’t cut it.
One-‐‑off ways to “hack” the stock market. Russia sought to manipulate the 2016 election in part by using botnets to pump fake news stories on social media. The same method could be employed “to manipulate the high-‐‑ speed trading algorithms, convincing them there’s an issue with a company, which would trigger a short crash,” says Andrew Howard, and chief technology officer at Kudelski Security.
“Attacks targeted at sources of information, such as the AP’s Twitter account, can quickly impact stock prices,” says Nathaniel Gleicher, lllumio’s head of cybersecurity strategy and former director of cybersecurity policy under President Barack Obama.
Gleicher doesn’t draw this example out of thin air. In 2013, hackers gained access to the Associated Press’s Twitter account, tweeting, “Breaking: Two Explosions in the White House and Barack Obama is injured.”
That tweet, sent at 1:07 p.m., caused the Dow Jones industrial average to shed 150 points instantly, although the losses were regained quickly as the hoax was unraveled. But in that short period of time, equities lost over
$130 billion in market value.
A low-‐‑likelihood, high impact scenario. While manipulating algorithms is a concern, if it got too out of control, the major exchanges have “circuit breakers” that halt trading at certain pain points. For example, if the New York Stock Exchange falls 7 percent in a day, trading stops. It stops again at 13 percent, and again at 20 percent. And if fraud was under way, any questionable trades would be reversed.
A large-‐‑scale attempt to infiltrate the stock market would have to be different. And despite the exchanges operating offline, all security systems have pros and cons.
The biggest con of a closed system like this isn’t actually technology – it’s people. “It would be much more concerning if an intruder were able to ‘dwell’ within the trading network for weeks or months and subtly manipulate trades,” Gleicher says.
When contacted, a spokeswoman for the NYSE declined to comment, and similar queries to a Nasdaq representative were not returned.
But there is precedent for a large-‐‑scale attack on corporate America that relied on human error for its success.
In 2013, hackers stole up to 40 million credit and debit card numbers from Target Corp. (TGT) shoppers. The attackers were able to collect that incredible amount of information because their malware had been “dwelling” in Target’s data centers for quite a while.
“I think for an average of 74 days – and all it did was scan and collect information,” Sanchez says.
The hackers were able to physically access Target’s data center, where they supposedly left USB devices – with malware on them – lying around, according to Sanchez.
“Someone, probably an employee, placed it inside their PCs,” Sanchez says. If putting a random USB in your computer seems like a bad idea, it is. But apparently it’s not at all uncommon. “We see this all the time,” Sanchez says.
Sanchez thinks a large-‐‑scale stock market attack would “absolutely” work the same way. “That’s how I would do it.”
Forty million compromised credit and debit cards a mind-‐‑numbing amount of financial fraud, but if somehow an attacker was able to “dwell” inside the financial system and manipulate trades, the impact on the stock market – which stores tens of trillions of dollars of wealth – is literally unfathomable.
“Trying to unwind the effects of this could send shock waves through the financial system, as regulators wrestle with how to deal with innocent trades made based on manipulated stock values. This would take lots of money and time to sort out,” Gleicher says.
Complete story here.
United Data Technologies Named to CRN’s 2017 Solution Provider 500 List
DORAL, Fla.–(BUSINESS WIRE)– United Data Technologies, a leading national provider of technology solutions and managed services in the United States, announced today that CRN®, a brand of The Channel Company, has named United Data Technologies to its 2017 Solution Provider 500 list. The Solution Provider 500 is CRN’s annual ranking of the largest technology integrators, solution providers and IT consultants in North America by revenue.
The Solution Provider 500 is CRN’s predominant channel partner award list, serving as the industry standard for recognition of the most successful solution provider companies in the channel since 1995. This year, for the first time since 2010, the complete list will be published on CRN.com, making it readily available to vendors seeking out top solution providers to partner with.
CRN has also released its 2017 Solution Provider 500: Newcomers list, recognizing 58 companies making their debut in the Solution Provider 500 ranking this year.
“We are honored to appear on this list again, since it’s symbolic of our continued commitment to innovation and helping our customers maximize their investment in technology,” said Henry Fleches, CEO and Co-Founder of UDT. “Our organization continues to grow significantly in all areas but especially around Cybersecurity, Cloud and Mobility! The team at UDT is deeply committed to our customers and their specific business outcome needs. I am extremely proud of our team and our accomplishments.”
“CRN’s Solution Provider 500 list spotlights the North American IT channel partner organizations that have earned the highest revenue over the past year, providing a valuable resource to vendors looking for top solution providers to partner with,” said Robert Faletra, CEO of The Channel Company. “The companies on this year’s list represent an incredible, combined revenue of over $318 billion, a sum that attests to their success in staying ahead of rapidly changing market demands. We extend our sincerest congratulations to each of these top-performing solution providers and look forward to their future pursuits and successes.”
The complete 2017 Solution Provider 500 list will be available online at www.crn.com/sp500 and a sample from the list will be featured in the June issue of CRN Magazine.
@TheChannelCo names @UDTCorp to @CRN 2017 SP500 list #CRNSP500 www.crn.com/sp500
About United Data Technologies
United Data Technologies is a technology enabler that helps clients in major industries evaluate, architect, provide, secure, and manage technology on the go, in the rack and in the cloud. UDT provides flexible and interoperable services, including mobility, cloud, collaboration, data, cyber security and software and IT as a service. The company also provides technical, professional and managed services. Accomplish more with UDT: www.udtonline.com
About the Channel Company
The Channel Company enables breakthrough IT channel performance with our dominant media, engaging events, expert consulting and education, and innovative marketing services and platforms. As the channel catalyst, we connect and empower technology suppliers, solution providers and end users. Backed by more than 30 years of unequaled channel experience, we draw from our deep knowledge to envision innovative new solutions for ever-evolving challenges in the technology marketplace. www.thechannelco.com
The Channel Company
Sorry, no posts matched your criteria