Is anything online safe anymore? It seems not.
Even the SEC's EDGAR go hacked, and two Ukrainian miscreants made millions from trades made with purloined information. The PDF Indictment alleges that the two used directory traversal attacks and phishing attacks to obtain access to "test filings" prior to the actual release of company financial information to the public. By getting this head start they would anticipate how the market would move the stock price once the information was made public then make trades relying on the advance information. Source: Two charged with hacking company filings out of SEC’s EDGAR system.
This passage from the Indictment describes the phishing expedition:
7. It was further part of the conspiracy that the defendants and others employed phishing attacks to send malicious emails to SEC employees that were made to falsely appear as though they originated from actual SEC employees. As a result of the co-conspirators' phishing attacks, which misrepresented their identities, the co-conspirators successfully infected a number of SEC computers with malware. Once these computers were infected, the co-conspirators used them to probe the SEC's network and to steal information to use in their ongoing efforts to gain unauthorized access to Test Filings.
The two Ukrainians are currently on the lam.
But the lesson here is that practically anything online can get hacked.
------
1:54 PM 1/18/2019
Comments