When Hackers Attack!

Discussion in 'Networking and Security' started by trimex, May 1, 2003.

  1. trimex


    In the fight for network and internet security, the odds are more and more favouring hackers, as an endless list of new hacker utilities are “coming off the production line.” I recently had my network breached with a large chunk of our data (music, etc.) taken by an invisible bandit. :confused: They were even able to burn out a couple of the hard disks in the RAID (5 terabyte array of hard disks) using some, I admit, really impressive viral software. Even though probably a rare case, I have taken various measures to prevent this in the future. My main concern now is trading platforms and the interception of transmitted orders and personal information. [​IMG]

    1) I would appreciate everyone’s insights on which trading platforms actually use 128 bit encryption for all data? (ie. as far as I know the IB Trading Workstation only encrypts password / login but not orders and account information which is a little bit scary :eek: considering how much money this software moves)

    2) Really, is the interception of orders a real issue? I mean is it hard to do? Are there hackers monitoring connections for this type of information?

    3) Is there anything more that can be done to ensure privacy while using IBs Trading Workstation?

    Thanks everyone,

  2. tomf


    Most of the platforms submit their data uncrypted. However, I'd keep the ball low. There's not too much that can happen.
    If uncrypted data is sent it can be intercepted by hackers as soon the data is routed over a proxy accessible by potential hackers. They could log the tcp/ip traffic and filter uncrypted data like passwords, etc.
    Anyway if you're directly connect to your trading software server in most cases you won't be routed through a proxy (if you're in an internal network and your sysadmin wants your uncrypted pass he could get that)
    2nd thing to ask oneself ... what would he do with the pass and acc number? First he would need to know where the acc is held, which software, etc. Most of the money withdrawal procedures need email verification.
    In the best case one could hack your account .. trade .. and make you some money ;))

    Oh and your impressive viral software was for sure a standard kiddy scripted trojan your pc was infected with by downloading porn.exe or whatever ;)
  3. maxpi


    I saw a posting on another list wherin the trader had a machine dedicated to autotrading with only his broker and data provider having access to get through the firewall and he said he averaged two trojan horses per day.

  4. minimi


    encrypting all data in a communication session is unrealistic. please do not implement this. It is always good to plan carefully, identify the needs, make tradeoff, and keep flexibility. establish a framework with different granularity of security. encrypt only important and vulnerable data. compromise between different schemes with different costs. or use flexible combination of them or change periodically such as key exchanges.
  5. tomf


    you probably mean scan attempts. That happens all the time ... they're scanning through whole subnets looking for open trojan ports. As long as you don't host this trojan "server" .. no prob ;)
  6. maxpi - what exactly does "he averaged 2 trojan horses a day" mean and what does that have to do with the computer being dedicated to trading?

    If your computer is not secured, a hacker can get in whether the computer is dedicated or not. However, I highly doubt that 2 people got in per day. Most likely, he had a firewall show that he had hits from people attempting. That does not mean he got 2 trojan horses each day :)
  7. CalTrader

    CalTrader Guest

    The ideal situation would be an encrypted channel that you authenticate and the provider authenticates: I am not aware of any retail broker or data provider that provides this capability.

    (2) Its not hard to do but it really is not a problem. There are other issues that typically require social engineering steps as part of the attack. This is a low probability issue and I would not worry too much about it: password/logins are typically encrypted and while even this could be broken, somebody would need to go to a lot of trouble to do so ...more than the value in your account unless its tens of millions.

    (3) A secure setup will work. With the right tools you can designate only the IB software the access it needs through your firewalls and thus a hacker would have an exceedingly difficult time attempting to gain access to your system.
  8. raszorz

    raszorz Guest

    Let me clarify your concerns:

    Once your computer is compromised, ANYTHING can happen.
    The network is a little different.

    Your LAN, unless you use an encrypted VPN or tunnel, is probably using cleartext transmission. Therefore, your entire communications (from chat to porn) is open.

    But encryption is only half the picture. The other half is authentication. Is the host your communicating with encrypted channels REALLY who you THINK it is?

    It is not impossible to encrypt/authenticate your entire communication. This will happen in the next Internet.
  9. I recently had my IB account hacked into. The damage could have been catistrophic had I not logged into my email account and noticed an email from my broker asking me to confirm my wire transfer directions? Sure enough minutes later an email came in confirming my request to withdrawl funds from my account! I quickly called IB and had my account frozen. When I logged into my trading account half of my capital was gone... and so were the email confirmations in my email account. Turns out someone got into my account manager and email account and changed my wire transfer directions and almost got away with half my money. The funds are back now and IB has been really helpful, but how do you prevent this? Has this actually happened to someone else?


  10. Yeah, ok dude.
    #10     May 15, 2003