How would you rate your experience?

Awesome sauce!

It could be better

Lame

What did you like about it (or not) and why?

Send Feedback

What will you do with my feedback?

Here's how you and 129,712 other users rated Enhanced Tiles:

Awesome sauce!

XX,XXX

It could be better

XX,XXX

Lame

XXX

SECURITY

They say crime follows opportunity.

Computer security experts say hedge funds, with their vast pools of money and opaque nature, have become perfect targets for sophisticated cybercriminals. Over the past two years, experts say, hedge funds have fallen victim to targeted attacks. What makes them such ripe targets is that even as hedge funds expend millions in moving their trading operations online, they have not made the same investment in security.

The latest evidence comes in the form of a new report Wednesday from BAE Systems, a computer security firm, that an unnamed hedge fund lost millions of dollars after criminals installed malware on its trading systems late last year. The malware was designed to insert a lag time in the hedge fund’s trading system and record the details of orders, so the attackers could trade on the information themselves.

According to BAE Systems, the attack began with a so-called spearphishing email, which contained links purporting to be about capital markets. Once they were clicked, an employee inadvertently downloaded malware onto a computer that gave criminals deeper access to the fund’s trading systems. The attack was noticed only after the fund’s analysts and tech staff discovered the lag times in its algorithmic trading strategy and abnormal file movement on its network. The breach, which was first reported by CNBC, cost the fund millions of dollars in recovery, according to BAE Systems, which did not name the fund.

But security experts say the crime is hardly new. “Hedge funds have been victims of targeted cyberattack over the past two years,” said Tom Kellermann, the chief cybersecurity officer at TrendMicro. “Hedge funds are woefully undersecured. The lack of investment in their cybersecurity has placed them in the line of fire.”

The first such attacks on capital markets, Mr. Kellermann said, began in 1999, right around the time brokerage houses began to move private computer networks online. Early on, the most common mode of attack was to hack into a broker’s account to steal user names and passwords so that hackers could trade securities under a victim’s name. More recently, the most common attack on the financial industry has been distributed denial of service or DDoS attacks on banks from hackers based in Iran. 

But unlike the DDoS attacks, which are a costly nuisance, the attacks against hedge funds are more sophisticated and profitable, experts say. The hedge fund industry has grown enormously in recent years and many have moved to digital trading systems, which allow funds to profit by trading milliseconds faster.

By moving their trading operations online, though, funds have also become a target. “The cybercrime underground is cognizant that convergence in the securities market has fostered a fertile environment for fraud,” Mr. Kellermann said. “These attacks are conducted for the purpose of front-running market participants.”

Almost a decade ago, Mr. Kellermann wrote a report for the World Bank about financial fraud. The report outlined seven attack scenarios — all of which had been realized by 2005 — and warned that “certain costs and risks associated with the e-finance revolution have yet to be fully appreciated.”

Since then, Mr. Kellermann and others say the problem has only become worse. In addition to online trading swindles, in recent months numerous funds have been struck by Cryptolocker, the particularly vicious, so-called ransomware that encrypts infected users’ files and demands a ransom to unlock them. Often, security experts say, these crimes go unreported by victims who fear that law enforcement agencies will dig through their systems.

But increasingly, government officials are asking companies to step forward so that they can learn more about criminals’ tools, techniques and patterns. At the annual RSA security conference in San Francisco last February, James B. Comey, the director of the Federal Bureau of Investigation, asked companies to start disclosing attacks.

“We understand that you are reluctant to report intrusions, either because you’re worried the government will start rummaging around your networks or because you fear your reputation will take a hit in the marketplace,” he said. “We need to examine patterns and behaviors, to determine how they operate, and how best to stop them.”