SEC reveals it's corporate filing system [EDGAR] was hacked in 2016

Discussion in 'other security issues & news' started by hawki, Sep 21, 2017.

  1. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,061
    Location:
    DC Metro Area
    "SEC Discloses Edgar ** Corporate Filing System Was Hacked in 2016

    Breach may have allowed trading that profited from nonpublic information, regulator says

    WASHINGTON—The top U.S. markets regulator disclosed Wednesday that hackers penetrated its electronic system for storing public-company filings last year and may have traded on the information...

    The SEC said it was investigating the source of the hack, which exploited a software vulnerability in a part of the agency’s Edgar system, a comprehensive database of filings made by thousands of public companies and other financial firms regulated by the SEC...

    The commission said the hack was detected in 2016, but that regulators didn’t learn about the possibility of related illicit trading until August, when they started an investigation and began cooperating with what the SEC called 'appropriate authorities.'..."

    https://www.wsj.com/articles/sec-di...e-filing-system-was-hacked-in-2016-1505956552

    IRONY: https://www.wilderssecurity.com/thr...ailed-to-adopt-cybersecurity-policies.380393/

    **The SEC’s Electronic Data Gathering, Analysis and Retrieval system, or Edgar, is used by investors who access the online system to view companies’ earnings statements and other disclosures on material developments at companies.
     
  2. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,061
    Location:
    DC Metro Area
    It appears that the hack was not used to steal confidential info. Rather, the hackers were able to plant false information about stuff like a phony impending corporate takeover of a publicly traded company to boost the price of the stock and cash out before the ruse was uncovered.

    It appears that the hack was attributed to Bulgarian hackers.

    "SEC Admits US Public Filing System Was Hacked, "May Have Resulted" In Countless Illegal Profits...

    [SEC Statement]

    "...'In August 2017, the Commission learned that an incident previously detected in 2016 may have provided the basis for illicit gain through trading. Specifically, a software vulnerability in the test filing component of the Commission’s EDGAR system, which was patched promptly after discovery, was exploited and resulted in access to nonpublic information. It is believed the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the Commission, or result in systemic risk. An internal investigation was commenced immediately at the direction of the Chairman'..."

    Complete Story including the SEC's full statement:

    http://www.zerohedge.com/news/2017-09-21/sec-says-edgar-filing-system-was-hacked
     
    Last edited: Sep 21, 2017
  3. compleo

    compleo Registered Member

    Joined:
    May 3, 2016
    Posts:
    134
  4. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,061
    Location:
    DC Metro Area
    Do As I Say - Not As I Do Department:

    "U.S. Homeland Security found SEC had 'critical' cyber weaknesses in January

    WASHINGTON (Reuters) - The U.S. Department of Homeland Security detected five “critical” cyber security weaknesses on the Securities and Exchange Commission’s computers as of January 23, 2017, according to a confidential weekly report reviewed by Reuters.

    The report’s findings raise fresh questions about a 2016 cyber breach into the U.S. market regulator’s corporate filing system known as 'EDGAR.'..."

    http://uk.reuters.com/article/uk-se...-weaknesses-in-january-idUKKCN1BW27O?rpc=401&
     
  5. compleo

    compleo Registered Member

    Joined:
    May 3, 2016
    Posts:
    134
  6. compleo

    compleo Registered Member

    Joined:
    May 3, 2016
    Posts:
    134
  7. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    162,650
    Location:
    Texas
  8. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,061
    Location:
    DC Metro Area
    "SEC knew about weak security years before hack...

    The hack that compromised the US Securities and Exchange Commission was a shock and more than a little damaging, but could it have been prevented? Unfortunately the answer is very likely yes. The Hill has combed through the SEC's internal evaluations, and it's now clear that the Commission had been warned about digital security issues for years. An inspector general audit warned about "weaknesses" in the SEC's security measures back in 2013, and multiple warnings appear to have sometimes fallen on deaf ears. A June 2016 inspector general report said the SEC hadn't "fully addressed" some problems from previous audits, and was at "increased risk" of intruders taking sensitive data..."

    https://www.engadget.com/2017/11/26/sec-knew-about-weak-security-years-before-hack/
     
  9. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,061
    Location:
    DC Metro Area
    "SEC sues hacker, traders who stole earnings announcements from Edgar

    The Securities and Exchange Commission filed suit on Tuesday in a New Jersey federal court against a Ukrainian computer hacker, eight more trader defendants and four relief defendants it said in a court filing are responsible for the 2016 scheme to hack into the SEC's online EDGAR system to obtain nonpublic documents containing earnings announcements of publicly-traded companies.

    The defendants then allegedly used that information to make more than $4.1 million in profits from trading in advance of the information becoming public..."

    https://www.marketwatch.com/story/s...-announcements-from-edgar-2019-01-15?mod=bnbh
     
  10. guest

    guest Guest

    SEC Settles With Traders Accused of Hacking Its Edgar Database
    April 9, 2020
    https://www.bnnbloomberg.ca/sec-settles-with-traders-accused-of-hacking-its-edgar-database-1.1419904
     
  11. guest

    guest Guest

    US offers $2 million for info on Ukrainians charged for SEC hack
    July 22, 2020
    https://www.bleepingcomputer.com/ne...-for-info-on-ukrainians-charged-for-sec-hack/
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.