recommended reading

Hackers Breached a Major Hedge Fund to Steal Information on Trades


In 2013, the servers of a large and powerful hedge fund became the target of hackers. The culprits installed malware, bringing the firm's high speed trading to a halt, and redirecting trade information to the hackers' machines. 

While BAE Systems Applied Intelligence declined to provide CNBC the name of the hedge fund when they revealed details of the hack on Thursday, this is a worst-case scenario for any large firm. While most corporate hacks go directly for credit card information or personal data (in some cases, pizza topping preferences) this hack aimed for trade details. By stealing trade information, the fund's trading strategy was jeopardized.

Paul Henninger, global product director at BAE Systems Applied Intelligence, told CNBC this was one of the most complex hacks he has seen in the realm of data extraction. "It's pretty amazing. The level of business sophistication involved as opposed to technical sophistication involved was something we had not seen before."

These hackers possessed two kinds of evil genius: the ability to break into a trading system, and knowing how to use the information they found for their own high-speed trading. Henninger has also seen this two-prong strategy used by hackers attacking insurance companies. They would hack into the system, create fake policies, then file claims against them for profit. 

For a hedge fund, this undermines the trust of the clients: "It often takes a while for firms to get comfortable with the idea of exposing what is in effect their dirty laundry to a law enforcement investigation," Henninger said. "You can imagine the impact potentially on investor confidence." In the case of this hedge fund, strategies were lost to hackers and the firm lost several million dollars over the course of several months. 

While BEA was able to determine the hack was going on and remove the malicious software, the SEC and FBI can also get involved. Henninger was unsure if the hedge fund had reported the attack to these authorities, and the authorities declined to comment. 

(Image via voyager624/

Threatwatch Alert

Credential-stealing malware / User accounts compromised / Software vulnerability

Android Malware Infects More than 1M Phones, Adds 13,000 Devices a Day

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.