Should Investors Worry About A Stock Exchange Hack?

2FA security, Two-factor authentication, phishing attacksTheDigitalWay / Pixabay

After a cyber breach was found in one of the largest stock exchange in the Middle East relating to lax password management, the culprit has been found. Should investors be concerned?

biggest cybersecurity risks for 2018

cristianrodri17 / Pixabay

Oops: Stock exchange forgets to change password from factory installed “admin”

Oman’s Muscat Securities Market, with a market cap reported near $23 billion, was discovered to have not changed passwords on one of its routers, using the original “admin” as both the username and password for months, ZDNet first reported.

The mistake could have allowed for hackers to gain unfettered access to the network. “Actually, ‘owning the network’ is a breeze,” according to Victor Gevers, a security consultant for the GDI Foundation who discovered the vulnerability and promotes himself as an “ethical hacker.” Hackers often scan for such vulnerabilities because they are easy targets, he said.

“Our advice was to block the telnet protocol on your firewall because this protocol is not safe to use anymore,” said Gevers. “If you need to mitigate this problem quickly we suggest you change this telnet password for a long and complex one. And then immediately apply a firewall rule to block the telnet service to only allow on their local network and start a replacement for this Huawei router as soon as possible.”

While ZDNet reported the problem went unaddressed for months, the exchange said the problem was resolved shortly after it was discovered.

The culprit? The exchange claimed that an outside consultant who installed the router was to blame.

Hacking is a business and exchanges should be prepared, says consultant

“Hacking has now become a business, so it is very important to be secure all the time,” Fahad Al Moharbi, IT Director, Infrastructure Department at Muscat Securities Market, was said after the hack was discovered. “We have multi-layers of security starting from the end users and ending with external firewall.”

The extent to which exchanges are taking the problem seriously is of concern to Ilia Kolochenko, CEO and Founder of High Tech Bridge, a security consulting firm.

“Many companies have to sacrifice cybersecurity for innovation and growth,” he told ValueWalk, pointing to a rush to market without stringent security testing as a cause for concern. The result of such technical lapses can be costly. “A fine, or even a settled collective lawsuit, is usually much less expensive than a missed opportunity or lost market segment.”

The problem has been very real.

In 2014, Russian hackers were reported to have breached the NASDAQ stock exchange in what was described as an attack that was described as “easier than you think.”

More recently the US Security Exchange Commission was the target of such exploits, with hackers accessing the Wall Street regulators EDGAR database and potentially allowing the hackers to trade on the information.

This past December, a South Korean Bitcoin exchange, Youbit, was forced out of business as a result of the hack when cybercriminals electronically looted nearly one-fifth of client’s holdings.

But it is not just security of applications controlled by a corporation that matter, but the transference of data as well.

“One of the things that hackers do is to intercept traffic before it reaches the share values, and if this data is intercepted, you can use that data to manipulate the market, and the market is then not subject to fair market forces,” Naseer Khan, Managing Director of IT consultancy firm IEON, said.

Kolochenko, for his part, thinks financial firms need to pay even greater attention to cybersecurity.  “There are no clear policies, processes and procedures, and even when companies increase their information security budget every year – it does not help,” he said. “Cloud, mobile devices, IoT, and emerging technologies (e.g. AI, blockchain) just exacerbate the situation.”

A recent US News report pointed out that while hacking a stock exchange is a concern, the consequences can be limited. “A hack might cause a temporary outage, however any fraud perpetrated or operational mistakes on the exchange would be unwound by the participants or covered by the brokers and their insurance,” says Philip Lieberman, president of Los Angeles-based Lieberman Software was quoted as saying. “When there is an irregularity, the exchange is simply shut down,” Lieberman says. “This has happened multiple times and it does not cause a panic. The exchange is reopened when everyone is calmed down.”

For exclusive info on hedge funds and the latest news from value investing world at only a few dollars a month check out ValueWalk Premium right here.

Multiple people interested? Check out our new corporate plan right here (We are currently offering a major discount)






About the Author

Mark Melin
Mark Melin is an alternative investment practitioner whose specialty is recognizing a trading program’s strategy and mapping it to a market environment and performance driver. He provides analysis of managed futures investment performance and commentary regarding related managed futures market environment. A portfolio and industry consultant, he was an adjunct instructor in managed futures at Northwestern University / Chicago and has written or edited three books, including High Performance Managed Futures (Wiley 2010) and The Chicago Board of Trade’s Handbook of Futures and Options (McGraw-Hill 2008). Mark was director of the managed futures division at Alaron Trading until they were acquired by Peregrine Financial Group in 2009, where he was a registered associated person (National Futures Association NFA ID#: 0348336). Mark has also worked as a Commodity Trading Advisor himself, trading a short volatility options portfolio across the yield curve, and was an independent consultant to various broker dealers and futures exchanges, including OneChicago, the single stock futures exchange, and the Chicago Board of Trade. He is also Editor, Opalesque Futures Intelligence and Editor, Opalesque Futures Strategies. - Contact: Mmelin(at)valuewalk.com

Be the first to comment on "Should Investors Worry About A Stock Exchange Hack?"

Leave a comment