The hacking attack on a hedge fund that was described by a security official with BAE Systems Plc last month wasn’t real, a company spokeswoman said.
The attack was one of several “illustrative scenarios” that BAE internally developed and was “incorrectly presented” as authentic, Natasha Davies, a company spokeswoman, said in a telephone interview today. The company, based in London, sells network security services to government and corporate clients.
The notion of a serious hacking attack on a hedge fund fueled questions about network security at financial institutions and helped lead to the creation of a new group to promote computer security within the banking industry.
Paul Henninger, global product director for BAE Systems Applied Intelligence, said June 19 that hackers successfully inserted malicious software that delayed by several hundred microseconds a large, unnamed hedge fund’s order-entry system. Henninger said the hackers also rerouted data that might be used to make money in rogue stock-market transactions.
“Although the example was a plausible scenario, we believe that it does not relate to a specific company client,” Davies said. “We sincerely apologize for this inaccuracy. We are taking the necessary action to ensure this type of error does not occur again.”
The Center for Financial Stability on June 24 announced the creation of a partnership with the Federal Bureau of Investigation “to better assess emerging risks and facilitate coordination surrounding cybersecurity and threats.”
It cited at the time, “news about cyber-attacks against a major unnamed hedge fund.”
Henninger, while still employed by BAE, is “taking some time away from the business,” Davies said. He didn’t respond to e-mail requests for comment on his original statement, and efforts by Bloomberg News to locate him were unsuccessful.