Hedge-Fund Hack Is Part of Bigger Siege, Cyber-Experts Warn
The attack on a U.S. hedge fund’s network, which a cybersecurity contractor said last week disrupted the firm’s high-speed trading and stole its data, is but one among many.
That is the assessment of more than a half-dozen computer security experts, who in recent interviews characterized the hedge-fund industry as the target of multiple attacks, many successful. Over the past two years, computer networks at dozens of banks, hedge funds, law firms and other Wall Street companies have been infiltrated by hackers mainly from Eastern European countries, these people said.
The hackers’ methods range from crude to sophisticated: Would-be attackers sought to gain entrance to networks through websites often visited by fund workers -- so-called watering-hole attacks -- or tried “spearphishing” by sending e-mails with malicious links that would open virtual doors to the outsiders, according to these people.
The alleged incursions on the financial sector come amid the more publicly documented attacks against other high-profile networks, from government agencies to companies including Westinghouse Electric Co. and U.S. Steel Corp. (X)
The security firms didn’t identify any funds that may have been targeted. Several multibillion-dollar hedge funds in New York and Connecticut contacted by Bloomberg News declined to comment. Because such funds are closely held, they aren’t under the same obligation as publicly traded companies to report security breaches.
“Firms are intently focused on identifying emerging threats and employing the newest, best mitigation techniques,” Richard Baker, president and chief executive officer of The Managed Funds Association, which represents hedge funds and other investors, wrote in an e-mail. He said several members had made “sizable resource commitments” toward network safety.
The alleged attempts have the potential to disrupt the U.S. and international financial systems, said representatives of several of the cybersecurity companies. Banks provide electronic services to the $2.7 trillion hedge-fund industry that include brokering trades, lending cash and maintaining custody of assets.
One danger, these people say, is that hackers could enter intercompany networks through a vulnerable firm in order to reach other companies -- as with the recent hack of Target Corp., in which intruders used their access to an air-conditioner vendor to attack the retailer’s internal network.
“This is a broad attack against the financial services sector,” said Shawn Henry, a former executive assistant director at the Federal Bureau of Investigation, who is now a senior executive with computer security company CrowdStrike Inc. Millions of dollars have been stolen from multiple hedge funds over the last five years, he said in a phone interview.
The FBI and Secret Service declined to comment.
In one recent example, hackers stole passwords from the chief financial officer and treasurer of a U.S. hedge fund, said Eldon Sprickerhoff, founder and chief security strategist for the Canadian network-security company eSentire Inc. The hackers then drained about $1.5 million in under two minutes using three wire transfers -- each just under $500,000, the amount that would have set off an alarm at the fund -- said Sprickerhoff. He said his firm identified the intrusion earlier this year.
Sprickerhoff declined to name the firm and the allegations couldn’t be corroborated.
Sprickerhoff also said many hedge funds are linked to the prime brokers conducting trades for them either by secure Internet connections or by a direct line that doesn’t go over the Web. Such connections, he said, have a low vulnerability to attack, leaving hackers to seek entrance to networks by tricking employees to open so-called phishing e-mails.
The cybersecurity companies that described such attacks have a stake in selling services to hedge funds and banks. Keith Alexander, the former head of the National Security Agency, is entering the field by opening up his own cybersecurity consultancy focused on the financial sector.
Under pressure from regulators, lawmakers and their customers, financial firms are pouring hundreds of millions of dollars into barriers against digital assaults. JPMorgan Chase & Co. (JPM) will spend $250 million on cybersecurity this year, Chief Executive Officer Jamie Dimon said in an April letter to shareholders.
In all, the global market for network-intrusion detection and prevention equipment and services is estimated at $95.6 billion in 2014 and expected to reach $155.7 billion by 2019, according to the Dallas research company MarketsandMarkets.
A large portion of the attacks described by the cybersecurity experts originated in and around Russia, Ukraine, Estonia and Bulgaria, they said, based on their analysis of the attacks and the coding of the malware used.
Eastern European hackers have targeted more than a dozen hedge funds for at least two years, said Tom Kellerman, chief cybersecurity officer for Trend Micro Inc. in the U.S.
Hackers infiltrate financial companies for many reasons, such as mapping out networks, stealing cash and pilfering information that can be used to profit off stock market trading, according to the security experts.
In the attack publicized last week by BAE Systems Plc (BA/), hackers disrupted high-speed trading at a large hedge fund and rerouted data in a way that would have given hackers the potential to use the information to profit in rogue stock-market transactions.
The hackers inserted software that delayed by several hundred microseconds the ability to trade, said Paul Henninger, global product director for BAE Systems (BAESF) Applied Intelligence, a unit of BAE Systems. Henninger declined to identify the hedge fund or its location. The target was the fund’s order-entry system, he said.
‘A Few Microseconds’
“The difference in a few microseconds can mean a significant difference in the profitability of that trade,” Henninger said.
The attack was going on for eight weeks and BAE was called in by the fund at the end of 2013, said Henninger. He said it had “all the signatures of an organized crime attack.”
“This is the first time we’ve seen criminals actively go after a business system and effectively take over that system and create sabotage,” Henninger said in a phone interview. “The assumption is that this was a for-profit attack.”
Such attacks threaten to undermine the systems used globally for high-speed trading, Kellerman said in a phone interview.
In what may be a bigger concern, according to Henry, hackers have gained enough access to disrupt networks that underpin the global financial system. They could sever connections to bring down networks -- though they haven’t.
“It’s like killing the goose that lays the Golden Egg,” Henry said. “They’re getting money.”
Don’t assume hedge funds aren’t prepared for sophisticated attacks, cautioned Sylvain Ardiet, a managing partner at Alphaserve Technologies, which advises hedge funds, private equity funds and other financial firms on technology.
Firms that use quantitative models and algorithms to trade “are much more secure and better prepared for potential attacks than the average fund because they have invested more time and money in infrastructure and next-generation technologies,” said Ardiet. “I don’t think they are more prone to attack than other large financial firms.”
U.S. Representative Mike Rogers, a Michigan Republican and chairman of the House intelligence committee, has raised a broader fear that hackers, including those sponsored by China, could steal inside information that could be used to manipulate trading.
“We have seen nation states on our trading networks and we haven’t fully answered the question what were they going to do,” Rogers said in an interview.
Hackers would have an unfair edge by being able “to understand the value of trades and the value of mergers and acquisitions before they would happen,” Rogers said.
Beijing has dismissed such allegations and has accused the U.S. of conducting cyber-espionage.
Exchange operators have faced their own computer intrusions. CME Group Inc. (CME) in November revealed that its ClearPort clearing system had been breached and some customer information was compromised. In 2011, Nasdaq OMX Group Inc. (NDAQ) said it found suspicious files on a website it runs that lets corporate board members communicate with each other.
Cybersecurity has been flagged as one of the biggest threats to markets and governments by industry groups and regulators. A World Federation of Exchanges study in July found that computers at about 53 percent of exchanges around the world were attacked during the previous year.
In April, the Securities and Exchange Commission published a risk alert and started soliciting information from some of the biggest broker-dealers on their efforts to protect their technology from hackers.
To contact the reporter on this story: Chris Strohm in Washington at firstname.lastname@example.org
To contact the editors responsible for this story: Bernard Kohn at email@example.com Jeffrey D Grocott, Elizabeth Wasserman