What does the latest hacking prosecution say about online security?
The US Attorney for New York just disclosed the biggest hacking prosecution ever. In a news conference, Breet Bharara described it as securities fraud on cyber-steroids. A gang of criminal hackers from the US, Russia, and Israel broke into Scottrade, Dow Jones, and JP Morgan. They obtained the personal data and email addresses of over 100 million people. But rather than steal money directly, they used this information to solicit business for online casinos, bogus drugs, and pump-and-dump stock schemes.
They then took over a bank and a bitcoin exchange to launder their ill-gotten gains—to make them look legitimate, and to be able to use their hundreds of millions in other criminal enterprises. They also hacked into fraud-prevention companies to keep their operations from being flagged. But at the heart of the biggest cyber-crime enterprise ever were spam emails and solicitations to buy pick-sheet penny-stock shares.
This is actually encouraging. Our interconnected world puts a lot of financial data out in the cloud. But when the most sophisticated cyber-mafia in the world hacked into these networks, they still couldn’t rip people off without their help. If you didn’t play online poker or buy off-price Lipitor, or buy stock in a mining company no one’s ever heard of that claims to have billions in gold in Borneo, you probably weren’t a victim. Technology only took these criminal masterminds so far.
Most of our online security is working. These crooks monetized their stolen information via human greed and stupidity, manipulating people rather than manipulating databases. I’m happy the hackers were caught. But I’m even happier that their new-fangled crimes were so old fashioned.
Douglas R. Tengdin, CFA
Chief Investment Officer