Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    SEC Employees Brought Sensitive Data to Hacker Con: Report

    Written by

    Robert Lemos
    Published November 19, 2012
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      The group responsible for protecting computers at the U.S. Securities and Exchange Commission’s Trading and Markets Division traveled with laptops that contained sensitive, yet unencrypted, information on the security of the financial agency, Reuters reported earlier this month.

      Members of the group even attended the annual Black Hat Security Briefings conference in Las Vegas, where hackers and security professionals meet to exchange information on threats and defenses, stated the article, citing the yet-unreleased report by the SEC’s Office of Inspector General. The Trading and Markets Division sets regulations and oversees compliance for the nation’s equity markets. The division tracks information on the information infrastructure of the exchanges and their disaster management policies.

      The information, if stolen, could give attackers insight into the way that the U.S. equity markets operated and strategies for disrupting the markets, Adam Levin, chairman and co-founder of Credit.com, said in a post on the potential leak published Nov. 15.

      “The fact that SEC employees brought Wall Street’s blueprints to a Black Hat hackers’ conference is both terrifyingly dumb and dumbfounding, despite the fact it appears … that no data was breached,” Levin stated. “Nevertheless, it is hard to conceive of a less secure venue than this get-together where computer security experts and government intelligence leaders swap notes with all stripes of cyber-ninjas.”

      Contacted by eWEEK, the Office of the Inspector General for the SEC declined to comment, referring requests for the report to the agency’s Freedom of Information Act (FOIA) and Privacy office.

      The degree to which the information was ever at risk is unclear. However, the agency did hire a third-party security firm to conduct an audit of the information and found no evidence that it had been improperly accessed, the article stated. The cost of the audit was $200,000. The responsible staffers have been disciplined for their actions.

      In October 2011, the SEC published guidance for public companies, requiring that they disclose breaches that could matter to investors. Numerous state laws require that companies report breaches that leak personally identifying consumer information to the Internet. In some ways, the SEC guidance holds companies responsible for any major breach.

      “Registrants should disclose the risk of cyber-incidents if these issues are among the most significant factors that make an investment in the company speculative or risky,” the guidance states. “In determining whether risk-factor disclosure is required, we expect registrants to evaluate their cyber-security risks and take into account all available relevant information, including prior cyber-incidents and the severity and frequency of those incidents.”

      The SEC’s Trading and Markets Division regularly checks exchanges’ compliance with voluntary guidelines known as Automation Review Policies. Under the voluntary policies, the companies that run the exchanges submit to security audits as well as testing of their infrastructure and business processes. Laptops used for such audits may have included maps of the exchanges’ infrastructure, disaster recovery plans and audit results, according to the Reuters article.

      Credit.com’s Levin slammed the SEC and called for legislation that would set prison time for people who put infrastructure in jeopardy, stressing that such information could be used to dismantle the systems that Americans rely on for their way of life.

      “If hackers ever managed to steal one of these laptops or gain unauthorized access to the data contained on the hard drives, they not only could have shut down America’s largest stock exchanges, they also could have thwarted emergency efforts to bring those exchange systems back online, perhaps indefinitely,” he said.

      Robert Lemos
      Robert Lemos
      Robert Lemos is an award-winning journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's written for Ars Technica, CNET, eWEEK, MIT Technology Review, Threatpost and ZDNet. He won the prestigious Sigma Delta Chi award from the Society of Professional Journalists in 2003 for his coverage of the Blaster worm and its impact, and the SANS Institute's Top Cybersecurity Journalists in 2010 and 2014.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×