back to article SEC 'fesses to security breach, says swiped info likely used for dodgy stock-market trading

The US Securities and Exchange Commission (SEC) has admitted that hackers broke into its corporate filling system last year. As-yet unidentified miscreants may have profited from financial tip-offs and other data obtained after hacking into its online EDGAR filing system, the US government's financial trading watchdog admitted …

  1. Alister

    Who watches the watchmen?

    So, irony of ironies, the SEC is supposed to be starting an investigation of Equifax...

    Who's going to investigate the SEC?

    1. Anonymous Coward
      Joke

      Re: Who watches the watchmen?

      'Who's going to investigate the SEC?'

      The KGB?

      Not sure if the icon is appropriate or not.

      1. Lysenko

        Re: The KGB?

        Belarus? They're the only country that still has a KGB as far as I know.

        1. Anonymous Coward
          Pint

          Re: The KGB?

          I realised my mistake after editing time was up, I knew I'd get corrected.

          Just one of the things I love about this place.

          Have a pint.

          FSB then?

          1. Lysenko

            Re: The KGB?

            FSB then

            More likely the SVR (Sluzhba Vneshney Razvedki). The FSB are somewhere between the FBI and MI5 in that their remit is primarily domestic. The SVR are the Foreign Intelligence Service (successors to the First Chief Directorate) so an investigation in the USA would likely fall under their bailiwick.

  2. Anonymous Coward
    Black Helicopters

    I wonder how big the breach has to be before the US government places the country’s internet entirely under its benevolent protection? You know, like China?

  3. Anonymous Coward
    Facepalm

    Software vulnerability in the EDGAR system

    "a software vulnerability in the test filing component of the Commission's EDGAR system"

    Any technical details as to the nature of the breech, technically speaking?

    "a recent .. review faulted the SEC for .. use of unsupported software among other failings."

    What was the name of this 'unsupported software'?

    July 2017: "the commission continued to use an outdated version of an operating system on its key financial systems although the operating system’s vendor stopped supporting this version of the software over a decade ago and no longer develops or releases patches for the software."

    No need to guess then :)

    1. tom dial Silver badge

      Re: Software vulnerability in the EDGAR system

      "Use of unsupported software" on any system should be the occasion for something between a formal reprimand and dismissal. If anything, it is more important on development and test systems to ensure that all software not only is supported but that support will be available until at least a half year into the scheduled deployment life, and ideally through the planned life of dependent software. Note that "support" might include support by in-house staff, for FOSS and in-house developed software.

  4. Anonymous Coward
    Devil

    "corporate filling system"

    "corporate filling system" - my mind is boggling right now.

  5. Anonymous Coward
    Anonymous Coward

    The rest of the US financial system

    ...is gamed in pretty much the same way. So what's so special here...??? An admission of guilt from a feeble regulator nobody outside of Wall Street really understands. Plus, by admitting liability as a Government agency, it excuses them totally from any accountability, never mind a hint of firing!

    Like the War on Drugs, which was a multi-billion-dollar multi-decade roaring success. Lets raise a glass to American Exceptionalism... Exceptionally good at ripping off the less fortunate and getting away with it... Because lets face it, if you're not a millionaire in America, YOU'RE A TOTAL LOSER!

  6. tom dial Silver badge

    The description of the vulnerable system as "the test filing component" suggests the possibility that business filers may have submitted genuine reports to a test system. That would put a significant part of the onus on them if the test system was very clearly identified as such and carried prominent warnings that it should be used only for test data. The public announcement was silent on that.

    The announcement also was not comforting in stating that "it is believed the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the Commission, or result in systemic risk." They have known about this for months and by now should know the answers rather than believing what makes things look least bad.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like