How much is that data in the window?
This week, the Securities and Exchange Commission (in partnership with British, Danish and other American regulators) brought charges against a number of hackers and traders from around the world for stealing financial newswire releases up to 30 minutes before release and using this information to make short-selling trades, netting more than $100,000,000 over a five year period. That’s right 100 hundred meellion dollars!
The scheme was spearheaded by (no surprise here, wait for it) Ivan Turchynov and Oleksandr Ieremenko who grabbed the booty and transmitted it to a secure web based location for consumption by greedy, bottom feeding, desperate, ugly criminal traders around the globe. Here is the SEC press release:
What the press release doesn’t mention is how the activity was detected. Was it through anomalous trading activities? Was the data leakage itself detected? We wait for the trial to see, but if we were having a bet here at ITC towers, our money would be on the trading activity being the clue, not the exfiltration, which would be a familiar story.
This also raises the question of ‘how much do you think your data is worth?’ For the journalists, engineers and administrators, the newswire data, although probably deemed ‘secure’ are just another newswire and part of the day job. Another batch to be processed before beer o’clock. To the hackers and traders however they represent gold, lots of lovely gold.
When we deploy an ITC NetSure360° managed security solution to a customer, we always conduct an asset modelling exercise to identify both what the customer has, and also how important that asset is. In this case the data containing the newswire would be of significant importance, both for the financial value (see above), and also the reputational damage that will no doubt shake the newswire businesses to the core in the forthcoming months.
We understand that a security budget cannot and should not be spread evenly like butter across an organisation, but rather applied at appropriate levels where it is required the most. This is to our mind the only viable way to manage security, especially when you are up against Turchynov, Ieremenko&Co who are clearly in possession of smarts and intent, a dangerous combination.
If you would like to know more about our philosophy, vision or even fancy a chat about the nuts and bolts of security engineering, please contact us on: 020 7517 3900 or email email@example.com