SEC Discloses Hackers Penetrated EDGAR, Profited in Trading (usatoday.com) 48
Chris Woodyard, writing for USA Today: Hackers made their way into the Security and Exchange Commission's EDGAR electronic filing system last year, retrieving private data that appear to have resulted in "an illicit gain through trading," the agency said. It was only in August that the commission learned that hackers may have been able to use their illegal activities to make ill-gotten gains through market trading, said Chairman Jay Clayton in a lengthy statement posted on the SEC's website. EDGAR, which stands for Electronic Data Gathering Analysis and Retrieval, is considered critical to the SEC's operation and the ability of investors to see the electronic filings of companies and markets. The SEC says about 50 million documents are viewed through EDGAR on a typical day. It receives about 1.7 million filings a year.
Assumption (Score:5, Interesting)
Lets just assume that everything has been hacked, and proceed from there.
Because if it hasn't been hacked, then it will be. And if you think you haven't been hacked, you probably already have been.
This is the safest assumption of all, and is more than likely to be accurate at some point.
Re: (Score:2)
Combined with severe and possibly violent, example-setting punishments
Yes yes, this will be the time that barbaric punishments will finally work as effective deterrents, right?
You ACs and your poorly-thought-out ideas.
Re: (Score:2)
But with AI we can finally unleash the full force of Roko's Basilisk on them and tell hackers that the AI will torture a simulation of themselves for billions of CPU cycles if they're caught!
Re: (Score:2)
If violence isn't working, you aren't using enough of it.
Re: (Score:2)
Accountants (Score:5, Insightful)
Re: (Score:3)
This will get worse and worse until the people who are supposedly guarding the data get financially destroyed when any breach occurs, and we can start locking up hackers. And since hackers can more or less remain anonymous, locking them up is hardly a deterrent when any script kiddy can hack any system from Mom's basement.
Re: (Score:1)
Re: Accountants (Score:3)
They like to use cost as an excuse for poor security. Cheapest hardware, outsourced IT personnel, and always slashing of the IT budgets. Security isn't an investment in their eyes, it's an expense. Is why they all like " The Cloud " because it offloads that responsibility onto anothers shoulders.
Not enough forward thinking to understand what happens to their stock price and / or litigation flooding when a serious breach goes public due to their negligence disguised as " cost savings ".
Start jailing the e
Re: (Score:1)
nehumanuscrede posited:
They like to use cost as an excuse for poor security. Cheapest hardware, outsourced IT personnel, and always slashing of the IT budgets. Security isn't an investment in their eyes, it's an expense. Is why they all like " The Cloud " because it offloads that responsibility onto anothers shoulders.
Not enough forward thinking to understand what happens to their stock price and / or litigation flooding when a serious breach goes public due to their negligence disguised as " cost savings ".
Start jailing the executives of these companies and they'll start taking things more seriously.
Your analysis of the roots of executive negligence is, IMnsHO, spot on - although I would have substituted the acronym "MBAs" for "accountants" in the title of my response. After all, it's rare that a mere accountant rises to the executive suite of any significant-size corporation. MBAs, OTOH, absolutely dominate the top ranks of major corporations across the Western world. It is they, and not the accountants who work for them, who prioritize spending and set corpo
Re: (Score:2)
Just one minor complaint on your rant (most of which I agree with).
The SCOTUS ruled based on the actual law, not what people think the law ought to be. The corporate charter laws are fairly clear on the language.
The easy fix is to pass the ability to revoke corporate charters for criminal activity. Simply revoking the charter would essentially liquidate and invalidate all assets leaving the shareholders empty handed. This would effectively create a culture of ethical profits, not amoral(immoral) profits.
Re: (Score:2)
You'd be surprised how seriously the exchange take security...and how seriously the SEC pretends to.
The SEC regularly audits...and digs into all kinds of inane, improbable scenarios while often ignoring gaping holes. Their auditors are usually far more interested in finding 'something' that suits the current trend then an actual look at overall security. I've been through the process with them myself more than once and it's a comical game of 'what if'
What if a hacker stole a terminal
It has a password
What
Re: (Score:1)
Re:Accountants (Score:5, Interesting)
Commander Adama didn't connect to the network... (Score:2)
Commander Adama in BSG had the solution to all of this! Pull the plug on the network connection!
Aren't filings on edgar public? (Score:2)
What could a trader gain by hacking into it?
Re: (Score:1)
One possibility they're submitting stuff that appears to be coming from the company, but really isn't.
This came up about two years ago regarding a fake company trying to acquire a real company, sending shares soaring like 20%...
Re:Aren't filings on edgar public? (Score:5, Informative)
Not everything in EDGAR is public. Some items are submitted to EDGAR in advance of actions, and aren't released to the public until later, on a set schedule.
Those items can be used for frontrunning trades, and are essentially "insider information".
Re: (Score:1)
Those items can be used for frontrunning trades, and are essentially "insider information".
But those in Congress can profit from "frontrunning" stock trading using their "insider information", it's only fair that others can as well, right?
Strat
Re: (Score:2)
Wow, modded 'Troll' for dissing Congress, as low as their approval polls have been?
Must be some bored Congresscritters or their staff are trolling Slashdot comments in between passing Acts and laws selling-out the US population and exempting themselves from insider stock trading laws.
Strat
My bet (Score:4, Interesting)
I bet that what they are talking about refers to people being able to see company's statements earlier than their nominal publication date. No hacking was required, that just had to make up a URL parameter
It will not get better any time soon (Score:1)
The SEC has really been focusing on security the last few years which is good in some ways, pointless in others, and dangerous at the same time. What auditors always want is documentation. If you create some really nice documentation then they are happy. I have never seen any real meaningful attempt to validate security by SEC or auditors. Some clients really try but they just want indemnification. One thing about the documentation is that if you create complete and accurate documentation and provide to the
Mattresses and buried coffee cans (Score:3)
Re: (Score:3)
Two people can keep a secret if one of them is dead, and the other doesn't have internet.
Government/Government Entity (Score:2)
And BAM! it is in the WILD!!
Trace the Money? (Score:2)
Let's see them trace the money to prove who the criminals are.
Many states are saying cryptocurrencies need to be regulated by them so that crimes can be traced, like fiat money.
Let's see the crime-fighting performance on this USD alt-coin, then.