Subscribe to our free daily newsletters
. Military Space News .

Subscribe to our free daily newsletters

Hack of US regulator a blow to confidence in financial system
By Rob Lever
Washington (AFP) Sept 21, 2017

The hack disclosed at the US Securities and Exchange Commission deals a fresh blow to confidence in the security of the financial system weeks after news of a potentially catastrophic breach at a major US credit bureau.

The stock market regulator said late Wednesday a software vulnerability allowed hackers to gain "nonpublic" information that could have enabled them to make profits with inside information.

SEC chairman Jay Clayton said the leaked information from 2016 "may have provided the basis for illicit gain through trading," while noting that the vulnerability had been patched and that an investigation was underway.

The revelation comes two weeks after Equifax, one of three major credit bureaus which maintain financial and personal data on consumers, announced that attackers had hacked accounts of some 143 million Americans, in what could be the worst-ever breach because of the sensitivity of the information.

Johannes Ullrich, dean of research at the SANS Internet Storm Center, said that while the two events are likely quite different, both could undermine confidence in online financial systems.

"A lot of our financial systems particularly online systems are based on trust, and if that trust is violated people could opt out of these systems," Ullrich said.

But Ullrich noted that even if people stop using online networks, that may not protect them against hackers.

"Even if you don't set up online banking the criminal may set it up for you," he said.

"If you don't want to use your credit card online and give your number over the phone, that person is entering the same information in the system."

Ullrich said the SEC breach underscores weak cybersecurity in government networks, after the federal Office of Personnel Management breach disclosed in 2015 affecting tens of millions of employees and contractors.

He said government networks "are really behind the curve in designing the right values and the right protection" of data.

Ironically, the SEC now must point a finger at itself for delaying the disclosure which it requires from publicly traded companies.

"The breach itself appears to be fairly minor, but it erodes trust in government organizations where companies are required by law to report confidential or insider information," said Tatu Ylonen, a computer researcher and founder of SSH Communications Security.

Ylonen said federal cybersecurity guidelines are "in pretty good shape" but that "a problem is that agencies are implementing these measures in different stages, and some agencies haven't made it a priority."

- Critical infrastructure at risk -

James Scott, a researcher at the Institute for Critical Infrastructure Technology, said the latest incident highlight the vulnerability of financial networks despite a threat-sharing system which aims to prevent attacks.

"All of our critical infrastructure systems are not doing a sufficient job of protecting their treasure troves of data," Scott said.

"We are lacking confidence in our election systems, we are lacking confidence in the health system in protecting patient records and now the financial sector."

Until recently, Scott said the health sector appeared the most vulnerable "but the financial sector is evolving in 2017 as a major problem."

Scott said the SEC hackers could be from any number of elements including "cyber mercenaries" or nation-states.

"Russia is notorious for gaining access to this type of information but they are not known for acting on it," he said.

A more likely source, according to Scott, would be an extremist group seeking to raise cash quickly or a state such as North Korea which is "pressed for cash."

The SEC attack is especially embarrassing because it comes following the July release of a congressional audit which said the agency had failed to implement security recommendations made two years earlier.

The SEC "had not fully implemented 11 recommendations" on protecting data and encrypting sensitive information, said the report by the Government Accountability Office.

Dan Guido, co-founder of the security firm Trail of Bits, said the SEC incident is not surprising given the current state of affairs in cybersecurity.

"It reflects the status quo of our digital security," Guido said. "It's not substantially different than the ones that came before it. We will continue to tolerate these repeated breaches until it's clear that people's lives are stake."

Saudi Arabia to unblock internet calling apps
Riyadh (AFP) Sept 20, 2017
Saudi Arabia will lift its ban on internet calling applications on Wednesday, authorities said, easing restrictions online as the conservative kingdom faces new criticism over censorship. Voice and video calling apps such as WhatsApp and Skype will be "widely available to users", a government statement said Tuesday, in a move aimed at improving business confidence as the kingdom transitions ... read more

Related Links
Cyberwar - Internet Security News - Systems and Policy Issues

Thanks for being here;
We need your help. The SpaceDaily news network continues to grow but revenues have never been harder to maintain.

With the rise of Ad Blockers, and Facebook - our traditional revenue sources via quality network advertising continues to decline. And unlike so many other news sites, we don't have a paywall - with those annoying usernames and passwords.

Our news coverage takes time and effort to publish 365 days a year.

If you find our news sites informative and useful then please consider becoming a regular supporter or for now make a one off contribution.

SpaceDaily Contributor
$5 Billed Once

credit card or paypal
SpaceDaily Monthly Supporter
$5 Billed Monthly

paypal only

Comment using your Disqus, Facebook, Google or Twitter login.

Share this article via these popular social media networks DiggDigg RedditReddit GoogleGoogle

Saudi intercepts Yemen rebel missile

PAC-3 MSE Test Successful from Remote Launcher

Lockheed Martin to replace USS Fitzgerald's SPY-1D AEGIS radar

Orbital ATK launches Patriot system target vehicle

Iran tests new medium-range missile, defying US warnings

Raytheon receives $31.5M contract for TOW missiles

Turkey signs deal to buy Russian S-400 missile systems

Leonardo, Thales integrating missile-protection systems in Britain

Wanted: Novel Approaches for Detecting and Stopping Small Unmanned Air Systems

General Atomics wins $27 million contract for Grey Eagle drone support

US Air Force Academy to Use VBS3 and VBS Fires for Remotely Piloted Aircraft Training

Drones can almost see in the dark

82nd Airborne tests in-flight communication system for paratroopers

Spectra Airbus SlingShot Partnership Extension

Airbus prepares the future European Governmental Satellite Communications programme

Northrop awarded contract for support of Air Force communications system

UK testing Ajax vehicles;supplies US Army buys Orbital ATK artillery guidance kits

Norway signs deal with Saab for Carl-Gustaf ammunition

In first, woman becomes US Marine Corps infantry officer

DARPA Rolls Out Electronics Resurgence Initiative

Saab eyes possible U.S. factory location

Britain suspends Myanmar training; Britain, Saudi Arabia sign military deal

L3 Technologies acquires Doss Aviation

US Senate passes $700 bn defense spending bill

Chinese ships sail near disputed islands with Japan

General's 'intervention' comment raises eyebrows in Brazil

US defence chief in India to boost military ties

Five key events that shaped Abe's career

Application of air-sensitive semiconductors in nanoelectronics

A new kind of optical nanosensor uses torque for signal processing

New insights into nanocrystal growth in liquid

'Nano-hashtags' could provide definite proof of Majorana particles

Memory Foam Mattress Review
Newsletters :: SpaceDaily :: SpaceWar :: TerraDaily :: Energy Daily
XML Feeds :: Space News :: Earth News :: War News :: Solar Energy News

The content herein, unless otherwise known to be public domain, are Copyright 1995-2017 - Space Media Network. All websites are published in Australia and are solely subject to Australian law and governed by Fair Use principals for news reporting and research purposes. AFP, UPI and IANS news wire stories are copyright Agence France-Presse, United Press International and Indo-Asia News Service. ESA news reports are copyright European Space Agency. All NASA sourced material is public domain. Additional copyrights may apply in whole or part to other bona fide parties. All articles labeled "by Staff Writers" include reports supplied to Space Media Network by industry news wires, PR agencies, corporate press officers and the like. Such articles are individually curated and edited by Space Media Network staff on the basis of the report's information value to our industry and professional readership. Advertising does not imply endorsement, agreement or approval of any opinions, statements or information provided by Space Media Network on any Web page published or hosted by Space Media Network. Privacy Statement