In the era of telegraphy, a telegraph operator could delay horse racing results long enough for a confederate to make bets with a bookie. Anyone who has seen the classic 1973 American film, The Sting with Robert Redford and Paul Newman, knows that scam.
Today, it is stock market plays rather than horse racing results, and the crooked telegraph operator has been replaced by Eastern European hackers. But the concept is much the same. In a recent incident, hackers disrupted high-speed trading at a large hedge fund and rerouted data in a way that could have been used to profit in rogue stock-market transactions. Malware installed in the hedge fund’s trading system was designed to insert a lag time and record the details of orders, enabling the criminals to trade on the information themselves.
In the FI sector, hedge funds are a new favorite target of hackers. In addition to stock market tips, hackers have directly drained millions of dollars from hedge fund accounts. One cybersecurity authority described hedge funds as “woefully under-secured,” and claims that a lack of attention to network security “has placed them in the line of fire.” Experts say that Eastern European hackers have targeted more than a dozen hedge funds for at least two years.
The SEC has expressed growing concern with network security in the securities industry. The Commission recently announced that the Office of Compliance Inspections and Examinations (OCIE) will conduct examinations of more than 50 registered broker-dealers and registered investment advisers, focusing on cybersecurity governance. This includes advisors to hedge and alternative strategy investment funds.
Losses to individual hedge funds can be significant, but the larger concern is the vulnerability of the global financial services sector to increasingly sophisticated attacks. Not only are individual accounts and individual institutions vulnerable, the interconnectedness of the global financial markets means that the viability of online trading and other electronic financial transactions is at risk. Under-protected hedge funds are just one access point to the network that underpins global financial markets.
According to one expert, hackers now have gained enough access to disrupt the networks that make the global financial system possible. The SEC warns of “new risks of accidental or intentional disruptions which are capable of spreading across markets, international borders and institutional firewalls.”
U.S. Representative Mike Rogers, chairman of the House intelligence committee, has raised concern that hackers, including those sponsored by China, could manipulate trading.
In response to the growing number of attacks, more hedge funds are considering cyber insurance, according to Assured SKGC, an insurance advisory firm. Insurance solutions may indeed be appropriate for any given financial institution, but is the insurance industry prepared for an attack that reverberates throughout the financial services sector and spreads into the global economy?
Zurich and The Atlantic Council, in a recent report, warn of a “cyber-subprime,” since “the global aggregations of cyber risk as analogous to those risks that were overlooked in the U.S. sub-prime mortgage market.” The potential aggregation of risk is enormous.
Little did the crooked telegraph operator of an age-gone-by know that his scam to bilk a bookie would someday threaten to bring down global financial markets.