Attackers were able to delay and exploit a US hedge fund’s trades for months, according to BAE Systems
A US hedge fund was breached by hackers who stole trade secrets and interfered with its trading, according to security firm BAE Applied Systems, and observers have warned there may be plenty of other similar incidents.
The attackers installed malicious code on servers at one of the world’s leading finance companies, and slowed down its trading, while re-routing sensitive information to remote computers according to BAE, which told CNBC it had detected and fixed the problem – but only after the attack cost the un-named hedge fund “millions of dollars” over a period of months.
The attack disrupted the hedge fund’s trading and shared details of the trades themselves, according to Paul Henninger, global products director at BAE Systems Applied Intelligence (previously known as Detica). He described it as one of the most complex hits he had ever seen as the method would have allowed the attackers to benefit from advance warning of the victim’s trades.
The hedge fund – a BAE customer – has not been named, and it’s not known if the attack was reported to the Securities and Exchange Commission (SEC) or the FBI. However, the servers were apparently compromised in late 2013. BAE was called in and shut the attack down after eight weeks.
Security firms have lined up to describe other attacks, with Canadian eSentire telling Bloomberg of a hit which took $1.5 million from a hedge fund in two minutes, using three wire transfers. Again, the fund in question is not named, and no further details were given.
Such attacks normally use “phishing” emails which fool staff into clicking on unsafe links giving hackers access to their systems, from where they can gain access to the victim’s networks. A recent high-profile phishing attack at retailer Target exposed customers’ financial details and led to the exit of the company’s CEO and CTO.
How well do you know network security? Try our quiz and find out!