The attack on a U.S. hedge fund’s network, which a cybersecurity contractor said last week disrupted the firm’s high-speed trading and stole its data, is but one among many.
That is the assessment of more than a half-dozen computer security experts, who in recent interviews characterized the hedge-fund industry as the target of multiple attacks, many successful. Over the past two years, computer networks at dozens of banks, hedge funds, law firms and other Wall Street companies have been infiltrated by hackers mainly from Eastern European countries, these people said.
The hackers’ methods range from crude to sophisticated: Would-be attackers sought to gain entrance to networks through websites often visited by fund workers -- so-called watering- hole attacks -- or tried “spearphishing” by sending e-mails with malicious links that would open virtual doors to the outsiders, according to these people.
The alleged incursions on the financial sector come amid the more publicly documented attacks against other high-profile networks, from government agencies to companies including Westinghouse Electric Co. and U.S. Steel Corp.
The security firms didn’t identify any funds that may have been targeted. Several multibillion-dollar hedge funds in New York and Connecticut contacted by Bloomberg News declined to comment. Because such funds are closely held, they aren’t under the same obligation as publicly traded companies to report security breaches.
“Firms are intently focused on identifying emerging threats and employing the newest, best mitigation techniques,” Richard Baker, president and chief executive officer of The Managed Funds Association, which represents hedge funds and other investors, wrote in an e-mail. He said several members had made “sizable resource commitments” toward network safety.
The alleged attempts have the potential to disrupt the U.S. and international financial systems, said representatives of several of the cybersecurity companies. Banks provide electronic services to the $2.7 trillion hedge-fund industry that include brokering trades, lending cash and maintaining custody of assets.
One danger, these people say, is that hackers could enter intercompany networks through a vulnerable firm in order to reach other companies -- as with the recent hack of Target Corp., in which intruders used their access to an air- conditioner vendor to attack the retailer’s internal network.