SECURITIES AND EXCHANGE COMMISSION HACKEDSeptember 30, 2017
We've seen a spate of hacking lately that makes one wonder what is going on and who is behind it: indeed, are we dealing with just one "who"? or a multitude? And if a multitude, are their activities coordinated in any way? If one looks at all the stories in recent years, going all the way back to 9/11 (and indeed further), then the total picture looks grimly compelling. There was the Sony hack, of course, but since then, we've heard stories and allegations of the hacking of major banks: JP Morgan Chase, even the Federal Reserve, and, just yesterday I blogged about the implications of recently fired Vatican bank auditor Libero Milone, who's short statement implicates similar activity against (or by?) the Vatican bank. Then the Social Security administration, credit reporting agencies like Equifax, and so on.
On 9/11, as I outlined in my book Hidden Finance, Rogue Networks, and Secret Sorcery, there were reports from workers at Deutsche Bank in New York that their system had been invaded and non-responsive for about seven seconds, apparently trades were executed, just before the planes struck. As is known, during the following week, normal securities clearing regulations were suspended, which allowed securities to be substituted for other securities that were scheduled to clear. We'll get back to the SEC in a moment.
Decades before, of course, there was the Inslaw-PROMIS scandal. Inslaw was a corporation begun by former National Security agent William Hamilton, to create a software database management program called PROMIS - Prosecutors' Management Information System - to shepherd data from cases moving through the federal judicial system. The software, however, was quite powerful and able to read databases in several programing languages, and created its own huge database. The software was then stolen by the Reagan era justice department under Attorney General Ed Meece, and then, so the story goes, was modified by the Department of Justice, the CIA, and other agencies with "backdoors", and then sold to - or was permitted to be stolen by - foreign governments, allowing the US intelligence community to read and track their goings-on in real time. The stories weren't just stories: affidavits were sworn out by people allegedly involved in this activity - Michael Riconoscuito and others - and these appeared in the House Congressional committee investigating the matter. The matter was under investigation by investigative journalist Danny Casolaro, who turned up dead in his motel room in Martinsburg, West Virginia, the clear victim of a highly suspicious "suicide." A sort of Christian-fundamentalist novel was even published about the affair whose title I presently cannot recall, in which it was alleged that one of the original programmers for Inslaw, a character in the novel called Barry Kumnick, had himself surreptitiously programmed a personal back door into the program. This character, so the novel would have it, went into hiding in fear of his life and simply disappeared.
Why all the fuss over a computer program? Simply because of its multi-lingual power and ability to assemble databases of all sorts and track them in real time through systems using various computer languages; one could track virtually anything, from federal court cases through illegal drugs, arms trade and money-laundering. In my view, even the notorious "Farewell" spy case of the 1980s and 1990s of the French mole highly placed within the KGB's technical directorate - the directorate responsible for the theft of Western technology - might be related to the case, as I outlined in Hidden Finance, Rogue Networks, and Secret Sorcery, for the French mole provided France with the KGB's complete "shopping list." Careful review of this list, which the French shared with the Reagan administration, showed that Russia severely lagged in computer software and hardware, and a scheme was hatched to let them "steal" it, in its modified backdoor version. Some time later, a massive explosion of about 3 kilotons yield occurred in a Soviet pipeline that had been infected with some of the "modified software." The mole was, of course, eventually apprehended by the KGB, tried, and executed for treason.
All of which brings us to today's story shared by Mr. G.K.:
There are a number of statements made here that deserve a little discussion. We'll start with this one:
Such incidents raise concerns about the security policies of these companies. (Emphasis added)
I submit that here the article misses the point entirely, namely, that the "concern" is not about the "security policies" of credit reporting companies, but about the security of cyber systems - all of them, without exception - themselves: no cyber system is completely nor permanently secure, and this should give everyone advocating for a cashless society, blockchain, and what have you, pause. Indeed, in my 9/11 book, I pointed out that the extension, modification and revision of the PROMIS software throughout the federal government may even have been the vehicle by which hackers rode into the system. Such was even admitted in one case of alleged Chinese espionage against secret US defense laboratories.
But then there's this:
On Wednesday, the SEC announced that its officials learnt(sic) last month that a previously detected 2016 cyber attack, which exploited a "software vulnerability" in the online EDGAR public-company filing system, may have "provided the basis for illicit gain through trading."
EDGAR, short for Electronic Data Gathering, Analysis, and Retrieval, is an online filing system where companies submit their financial filings, which processes around 1.7 million electronic filings a year.
The database lists millions of filings on corporate disclosures—ranging from quarterly earnings to sensitive and confidential information on mergers and acquisitions, which could be used for insider-trading or manipulating U.S. equity markets.The hackers exploited the flaw last year in the EDGAR system, which was "patched promptly" after its discovery, to gain access to its corporate disclosure database and stole nonpublic information, SEC chairman Jay Clayton said in a long statement on Wednesday evening. (Bold emphasis added)