SEC left computers vulnerable to cyber-attacks - sources

Advertisement
By Reuters | Updated: 9 November 2012 13:13 IST
SEC left computers vulnerable to cyber-attacks - sources
Staffers at the U.S. Securities and Exchange Commission failed to encrypt some of their computers containing highly sensitive information from stock exchanges, leaving the data vulnerable to cyber-attacks, according to people familiar with the matter.

While the computers were unprotected, there was no evidence that hacking or spying on the SEC's computers took place, these people said.

The computers and other electronic devices in question belonged to a handful of employees in an office within the SEC's Trading and Markets Division. That office is responsible for making sure exchanges follow certain guidelines to protect the markets from potential cyber threats and systems problems, one of those people said.

Some of the staffers even brought the unprotected devices to a Black Hat convention, a conference where computer hacking experts gather to discuss the latest trends. It is not clear why the staffers brought the devices to the event.

The security lapses in the Trading and Markets Division are laid out in a yet-to-be-released report that by the SEC's Interim Inspector General Jon Rymer.

Advertisement

No data breached
The revelation comes as the SEC is encouraging companies to get more serious about cyber attacks. Last year, the agency issued guidance that public companies should follow in determining when to report breaches to investors.

Cyber security has become an even more pressing issue after high-profile companies from Lockheed Martin Corp to Bank of America Corp have fallen victim to hacking in recent years.

Advertisement

Nasdaq OMX Group, which runs the No. 2 U.S. equities exchange, in 2010 suffered a cyber attack on its collaboration software for corporate boards, but its trading systems were not breached.

One of the people familiar with the SEC's security lapse said the agency was forced to spend at least $200,000 and hire a third-party firm to conduct a thorough analysis to make sure none of the data was compromised.

Advertisement

The watchdog's report has already been circulated to the SEC's five commissioners, as well as to key lawmakers on Capitol Hill, and is expected to be made public soon.

SEC spokesman John Nester declined to comment on the report's findings.

SEC notified exchanges
Rich Adamonis, a spokesman for the New York Stock Exchange, said the exchange operator is "disappointed" with the SEC's lapse.

"From the moment we were informed, we have been actively seeking clarity from the SEC to understand the full extent of the use of improperly secured devices and the information involved, as well as the actions taken by the SEC to ensure that there is proper remediation and a complete audit trail for the information," he said.

A spokesman for Nasdaq OMX declined to comment on the security lapse at the SEC.

Since the internal investigation was concluded, the SEC initiated disciplinary actions against the people involved, one of the people familiar with the matter said.

The SEC also notified all of the exchanges about the incident.

The SEC's Trading and Markets Division, which has several hundred staffers, is primarily responsible for overseeing the U.S. equity markets, ensuring compliance with rules and writing regulations for exchanges and brokerages.

Among the division's tasks is to ensure exchanges are following a series of voluntary guidelines known as "Automation Review Policies," or ARPs. These policies call for exchanges to establish programs concerning computer audits, security and capacity. They are, in essence, a road map of the capital markets' infrastructure.

Although they are only voluntary guidelines, exchanges take them seriously.

Under the ARP, exchanges must provide highly secure information to the SEC such as architectural maps, systems recovery and business continuity planning details in the event of a disaster or other major event.

That is the same kind of data used by exchanges last week after Hurricane Sandy forced U.S. equities markets to shut down for two days.

Prior to re-opening, all of the U.S. stock market operators took part in coordinated testing for trading on NYSE's backup system.

SEC Chairman Mary Schapiro recently said the SEC is working to convert the voluntary ARP guidelines into enforceable rules after a software error at Knight Capital Group nearly bankrupt the brokerage and led to a $440 million trading loss.

© Thomson Reuters 2012

 
Post your comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Securities and Exchange Commission, cyber attack, cyber security, cyber space, cyber war
Icahn increases stake in video game maker Take-Two
Reliance Communications Q2 profit dips by 59.5 percent
Advertisement

Related Stories

Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. AI+ Nova 5G, Pulse Phones India Launch Today: How to Watch Live Event
  2. Amazon Prime Day Sale: Samsung Galaxy S24 Ultra Discount Revealed
  3. OnePlus Nord 5, Nord CE 5 Launch Today: Everything You Need to Know
  4. Apple Releases iOS 26 Beta 3 Update for iPhone With These New Features
  5. Amazon Prime Day 2025 Sale: iPhone 15 Discounted Price Revealed
  6. Samsung Smart Monitor M9 Launched in India Alongside Updated M8, M7 Models
  7. Honor X9c 5G With 6,600mAh Battery Launched in India: Price, Features
  8. Realme 15 5G, 15 Pro 5G to Launch in India on This Day
  9. Xiaomi Compact Power Bank 20,000mAh Launched in India: Price, Features
  10. Realme 15 Series Will Let You Edit Photos Using Voice Commands
#Latest Stories
  1. Realme 15 Series India Launch Date Set for July 24; Design, Colour Options Revealed
  2. Boat to Partner With Safari for Launch of Smart Luggage in India During Amazon Prime Day 2025
  3. iOS 26 Beta 3 Update for iPhone Released With New Stock Wallpapers, Darker Liquid Glass Appearance
  4. AI+ Nova 5G, Pulse India Launch Today: Know Price, Specifications and More
  5. OnePlus Nord 5, Nord CE 5 Launch Today: Know Price, Expected Features and Specifications
  6. Realme 15 Pro 5G Leaked Render Shows Design Ahead of India Launch
  7. Samsung Smart Monitor M9 With QD-OLED Display Launched in India Alongside Refreshed M8, M7 Models
  8. Samsung Galaxy S26 Ultra Said to Get 16GB RAM, Improved Telephoto Lens, More
  9. Xiaomi Compact Power Bank 20,000mAh Launched in India With Built-In Cable: Price, Features
  10. Forza Motorsport Team 'No More', Romero Games 'Completely Closed' Following Microsoft Cuts
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.