Investors in the stock market, whether through individual shares or funds, face the threat of major losses and disruption from hackers, according to a number of Wall Street investors and regulators studying the issue, the Wall Street Journal reports. The possibility looks all the more real given already successful cyber attacks in recent years against high profile financial institutions including, among others: credit reporting agency Equifax Inc. (EFX); banking giant JPMorgan Chase & Co. (JPM); and the U.S. Securities and Exchange Commission (SEC). The threat is being taken so seriously at the highest levels of government that the Defense Advanced Research Projects Agency (DARPA), which oversees development of advanced technologies for use by the U.S. military, has been charged with identifying vulnerabilities in the financial system. (For more, see also: Was I Hacked? Find Out If the Equifax Breach Affects You.)
DARPA has been conducting brainstorming sessions with key players in the financial system to identify potential risks and to develop effective counter-measures against them. Particularly important in these discussions, the Journal notes, have been market participants engaged in high-frequency trading (HFT) or high-speed trading, the managers of quant funds, and other persons with deep knowledge of the automated systems that drive so much of trading today, often with reaction times measured in fractions of a second.
Several scenarios for widespread financial chaos that hackers could attempt to generate are cited by the Journal. Shutting down a huge payroll processor would leave tens of millions of households, many of which also are investors, without sufficient funds to pay for unsettled trades. ADP (ADP) would be a prime target since it generates salary checks and direct deposits for about 16% of U.S. workers.
Hackers could try to inject false price quotes into data feeds. Publishing “fake news” through social media may set off a panic, especially if it purports to come from a reliable news organization. Indeed, in 2013 hackers got into the Associated Press Twitter account, and sent out a false report about explosions in the White House that injured President Obama, sending stocks tumbling, according to U.S. News & World Report.
Seizing control of automated trading algorithms could be used to disrupt the markets. Another tactic might be generating an avalanche of phony sell orders to trigger a market crash. (For more, see also: Most Costly Computer Hacks of All Time.)
Hack, Pump and Dump
In 2010, the SEC uncovered what it called a “hack, pump and dump scheme” run by a Russian trading firm, per Wired.com. It involved buying thinly traded stocks in the trading firm’s own accounts, pumping up their prices by placing buy orders at inflated prices through hacked accounts belonging to investors at Scottrade, then selling the shares in the Russian firm’s own account. A short-selling variant also was used, with the Russian firm shorting stocks in its own account, then driving their prices down with sell orders placed through the hacked Scottrade accounts. An Indian man was convicted for running a similar scheme in 2008, Wired.com added. Scottrade has since been acquired by TD Ameritrade, a division of The Toronto-Dominion Bank (TD).
During the past several years, hackers have interfered with trading in various locales. In July, online brokers in Malaysia were shut down in a distributed denial of service (DDOS) attack similar to cyber blackmail previously waged against utilities and hospitals in more than 100 countries, the Nikkei Asian Review reported. In 2011, hackers disrupted trading on the Hong Kong Stock Exchange, per Reuters. In 2010, Russian hackers got into Nasdaq’s networks, according to Ars Technica, and were able “to roam unmolested for months and plant destructive malware designed to cause disruptions.”
A shady trading practice is secretly to acquire damaging information on a company, short the company’s shares, then release that information in an attempt to drive the share price down. Based on hacker lingo in which to “dox” is an attempt to damage the reputation of a person or organization online, so-called stock doxing has become a growing market manipulation technique, according to a report in Wired UK.