The SEC Pinned Its Hack on a Few Hapless Day Traders. The Full Story Is Far More Troubling
When a notorious gang of Ukrainian cybercriminals hit a crucial database, the regulator quickly downplayed the breach. One of the hackers says the system is still a soft target.
For the US Securities and Exchange Commission, Jan. 15, 2019, was a day of redemption. The agency filed one of its highest-profile enforcement cases in years, capping the work of two dozen staff across five divisions.
The case, recounted in a 43-page complaint, read like an airport potboiler: Ukrainian cybercriminals had infiltrated a vast computer network containing soon-to-be-published earnings reports for some of America’s biggest companies, then sold the information to a shadowy web of traders. As well as being one of the investigating authorities, the SEC was the victim. Hackers had found a way into the agency’s Edgar database, perhaps the world’s biggest repository of corporate filings. These cybercriminals were already wanted by the SEC for prior offenses. They were like fugitives robbing the police evidence room while the precinct was out looking for them.