With the rise of web based and mobile financial tools, I’ve been something of a late adopter. Actually, I’m more of a “no” adopter. Sure, I trade a few stocks online or I’ll purchase a few gifts using a one time use only credit card number, but other than that, my trust in placing all my personal information into “secure” personal finance software is zero.
Because no system is invulnerable to attack.
Case in point:
In May, the Dow Jones Industrial Average plummeted 1,000 points in less than half an hour after a trading algorithm malfunctioned, exposing the vulnerabilities of stock exchanges that increasingly rely on digital infrastructure. This weekend we got another reminder when the Nasdaq OMX Group, which runs the Nasdaq stock exchange, revealed that hackers broke into a service for corporate officers to share confidential documents.
Investigators are trying to determine whether the attack was an act of terrorism or an effort to obtain trade secrets or illegal trading advantages, the Wall Street Journal reports. The hackers planted malware files inside Nasdaq’s Directors Desk web application but didn’t acquire private information or breach Nasdaq’s trading platform, which accounts for around 19 percent of U.S. stock trading. While some evidence suggests the hackers were from Russia, they may have simply been using Russian computers.
The screaming conclusion: if the Nasdaq can get hacked, what chance does the little guy have?
Whether they stole information, of which I’m 99% sure the Nasdaq, NYSE, and every other stock exchange would do their very best to downplay as much as possible to save face fearing a drop in investor confidence, is immaterial to me. Moreover, such a security breach makes the flash crash look like drop in the bucket because it proves their systems are no where near as tight as their marketing and public relations efforts has stated all along.
But that’s not as important to me — the user.
What is important is that a single or group of motivated hackers penetrated the honey pot of the financial capital of the world. They managed to sneak into the world’s most secure — presumably — financial marketplace in the world, drop some code, and based on the press releases, appears to have gotten away without even so much as a scratch.
And that, ladies and gents, is why I put as little financial information into the Internet ether as possible. In today’s day and age, if someone wants the data badly enough, I seriously doubt any security system will prevent them from getting it. Sure, there are governmental agencies with nation state sized budgets (e.g. unlimited resources) that can actively fend off hackers, but I seriously doubt a basic personal finance website that outsources it’s security for a few bucks a month could stand up to this sort of cyber attack.
If I’m wrong, by all means correct me.