最有看点的互联网金融门户

最有看点的互联网金融门户
国际资讯

SEC透露被黑客攻击,泄密信息可能被用于非法股票交易

美国华尔街首席监管者证券交易委员会(后文简称SEC)上周三发布声明称,黑客去年攻击了其储存上市公司文档的系统,可能获得了可用来非法获利的数据。

SEC去年发现了这场攻击,但直到上个月才知晓泄露的信息可能被用来非法交易。声明没有解释迟报的原因,也没有提到系统遭受攻击的具体日期抑或是否有特定公司的信息被单独针对。

Clayton在声明中说:

"虽然我们努力保护我们的系统并管控网络安全风险,某些情况下网络攻击者还是能连接或滥用我们的系统。"

被攻破的系统是EDGAR,投资者使用该系统获取上市公司强制性阶段发布的财务报告。Clayton说该系统有"软件弱点,该弱点被利用并导致攻击者获得非公开信息。"

这场攻击没有导致个人可识别信息的泄露,但"可能为非法交易获利提供基础。"他说目前调查正在进行。

这不是第一次EDGAR系统被攻破了。该系统每天接收几千份文档,2015年诈骗份子在该网站上发布了Avon Products公司收购的假消息,致使该公司股价大涨。2014年,几名研究者发现提交的信息在公布之前30秒有些用户可以提前看到,这给予这些交易者潜在的不公平优势。(比如高频率交易者眨眼间就可以进行几千次交易。)

SEC委员Michael S. Piwowar在一份声明中说:

"有效管理内部网络安全风险对于SEC十分重要,让其完成使命并保护该机构受托的非公开信息。"

这份声明可能阻碍SEC收集股票交易更具体信息并储存在一个中央信息库里的努力。这一努力可以使SEC更简单地发现市场操控行为。一些华尔街主要势力包括纽约证交所曾警告称该信息库可能会成为黑客的攻击目标。

同时大众对于网络攻击的敏感性日益增长。信用报告机构Equifax宣布这个月早期的一场大型黑客攻击影响了1亿4300万美国人,在国会引起哗然,多项调查开启。

The Securities and Exchange Commission, the country's top Wall Street regulator, announced Wednesday that hackers breached its system for storing documents filed by publicly traded companies last year, potentially accessing data that allowed the intruders to make an illegal profit.

The agency detected the breach last year, but didn't learn until last month that it could have been used for improper trading. The incident was briefly mentioned in an unusual eight-page statement on cybersecurity released by SEC Chairman Jay Clayton late Wednesday. The statement didn't explain the delay in the announcement, the exact date the system was breached and whether information about any specific company was targeted.

"Notwithstanding our efforts to protect our systems and manage cybersecurity risk, in certain cases cyber threat actors have managed to access or misuse our systems," Clayton said in the statement.

The system that was breached, known as EDGAR, is a popular way for investors to access the detailed financial reports companies that sell stock to the public must periodically release. It had a "software vulnerability" that was "exploited and resulted in access to nonpublic information," Clayton said in the statement.

The breach didn't lead to the release of personally identifiable information, but "may have provided the basis for illicit gain through trading," Clayton said. An investigation into the matter is ongoing, he said.

This is not the first time EDGAR has been compromised. The system receives thousands of documents a day and in 2015, fraudsters posted fake information on the site about the takeover of Avon Products, driving the company's stock price up significantly before it was detected. And in 2014, several researchers found that information submitted was available to some users for 30 seconds before it became publicly available, potentially giving some traders an unfair advantage. (High-speed traders, for example, can make thousands of trades in a blink of an eye.)

"Effective management of internal cybersecurity risk is critical to the SEC achieving its mission and to protecting the nonpublic information that is entrusted to this agency," SEC Commissioner Michael S. Piwowar said in a statement.

The latest announcement could hamper the SEC's efforts to collect more detailed information about stock trades into a central database that could make it easier for the agency to detect market manipulation. Some key Wall Street figures, including the New York Stock Exchange, have warned the database could become a target for hackers.

This also comes at a time of heightened sensitivity to cyber breaches. The credit-reporting agency Equifax announced a massive hack earlier this month that affected 143 million Americans, sparking outrage on Capitol Hill and multiple investigations.


用微信扫描可以分享至好友和朋友圈

扫描二维码或搜索微信号“iweiyangx”
关注未央网官方微信公众号,获取互联网金融领域前沿资讯。

发表评论

发表评论

您的评论提交后会进行审核,审核通过的留言会展示在下方留言区域,请耐心等待。

评论

您的个人信息不会被公开,请放心填写! 标记为的是必填项

取消

潘, 妍媛未央编辑团队

101
总文章数

TA还没写个人介绍。。。

SEC:名人推广ICO等投资产品可能涉嫌违法

JD Alois 11-02

为打击网络犯罪,SEC成立新部门处理ICO与DLT违法行为

Pete Rizzo 09-28

未央今日播报:SEC成立新信息安全部门,监管虚拟货币和ICO

未央研究 09-27

史上最大规模信息泄露事件:美国征信巨头Equifax遭血洗

格隆汇 09-16

想起诉泄露数据的Equifax?这个机器人也许能帮到你

焦慧 09-15

版权所有 © 清华大学五道口金融学院互联网金融实验室 | 京ICP备17044750号-1