The US brought criminal charges Thursday against a gang of Russian and Ukrainian programmers in what is the biggest hacking case yet in the United States. The men were indicted for a long-running scheme of stealing and selling 160 million credit card numbers from more than a dozen big American companies. But the case has bigger implications, according to a story in the New York Times today. One of the men was also able to hack into the servers of the Nasdaq stock exchange, raising fears among US and international authorities that the next financial crisis could be caused by rogue programmers.
One of the Russian men, Aleksandr Kalinin, was also charged Thursday in a separate case with having gained access to Nasdaq servers for two years between 2007 and 2010. The indictment reveals that Kalinin, who also went by the names Grig and Tempo, had access to an unknown amount of information on a bunch of Nasdaq servers, where he was able to enter commands to steal, change, or delete data, and at certain points could even perform systems administrator functions. According to the Times, federal prosecutors, international banking regulators, the FBI, and the financial industry are all worried that next time this happens hackers could gain access to even more tightly secured trading platforms and disrupt the financial system.
From the Times:
While Mr. Kalinin never penetrated the main servers supporting Nasdaq’s trading operations—and appears to have caused limited damage at Nasdaq—the attack raised the prospect that hackers could be getting closer to the infrastructure that supports billions of dollars of trades each hour.
“As today’s allegations make clear, cybercriminals are determined to prey not only on individual bank accounts, but on the financial system itself,” Preet Bharara, the top federal prosecutor in Manhattan, said in announcing the case.
It is a pivotal moment, just a week after a report from the World Federation of Exchanges and an international group of regulators warned about the vulnerability of exchanges to cybercrime. The report said that hackers were shifting their focus away from stealing money and toward more “destabilizing aims.”
In a survey conducted for the report, 89 percent of the world’s exchanges said that hacking posed a “systemic risk” to global financial markets…
At a Senate hearing on cybersecurity on Thursday, a representative of several financial industry groups, Mark Clancy, said that “for the financial services industry, cyberthreats are a constant reality and a potential systemic risk to the industry.”
The World Federation of Exchanges (WFE) report found that 53 percent of all stock exchanges had experienced a cyberattack in the past year.
My colleague Nick Baumann has reported on how mere programming glitches at the mid-sized financial firm Knight Capital a year ago caused losses at the firm of $10 million a minute, and set off turmoil in the stock market. But an intentional attack could have more drastic effects. Baumann pointed to a 2011 article by John Bates, a computer scientist who has designed software behind complicated trading algorithms. “Fears of algorithmic terrorism, where a well-funded criminal or terrorist organization could find a way to cause a major market crisis, are not unfounded,” Bates wrote at the time. “This type of scenario could cause chaos for civilization.”