A hedge fund has announced that it was hacked by cyber attackers – and it’s being labeled as one of the most complex cyber attacks ever.
BAE Systems Applied Intelligence said that its technicians stopped an attack while it was happening. BAE did not mention which of its clients were hacked during the attack.
The BAE has estimated that the attack cost the firm millions of dollars.
The attack, however, has been in the making for a long time. Cybercriminals planted the “bug” back in 2013 – a malicious computer program that has been stealing trading strategies from the firm’s computers. Hackers were focusing on the hedge fund’s trade order entry system. The bug corrupted the system, disrupting trade strategies while sending details of the trades to computers outside the firm.
This attack is just one of a series of cyber attacks happening against big businesses. Recently, Target and Neiman Marcus have been attacked; those attacks, however, were for credit card numbers.
Paul Henninger – the product director at BAE – said that this represents one of the most complex attacks he has ever seen.
New attacks are looking to not only make a quick buck but also provide a long-term return. In this case, the program was designed to uncover trading strategies. It combines both business and technical sophistication.
Henninger calls cyber attacks such as this one “the perfect crime.” This is because the attack is extremely difficult to trace and the fact that companies are reluctant to go to law enforcement.
“It often takes a while for firms to get comfortable with the idea of exposing what is in effect their dirty laundry to a law enforcement investigation,” Henninger said. “You can imagine the impact potentially on investor confidence.”
Henninger said that he is unaware as to whether or not the firm alerted law enforcement.
The SEC announced that it has been encouraging hedge funds to increase their cyber security over the past couple of years. At the beginning of the year, the SEC announced its plan to review security policies.
Jane Jarcho, an associate director at the SEC, said that it is looking at policies for a variety of fronts – such as IT training, vendor information and vendor access.