The Internet is not a safe place these days. It is fast becoming a safe haven for thieves and all manner of cyber criminals, all intent upon using their cleverly designed malware to penetrate servers in the financial services industry and drain your financial accounts for all they are worth. It is easy to stand on the sidelines and watch the action, but sooner or later, you may hear that your forex broker or one of its banking partners has been breached. Suspicious cyber activities have been ongoing in the UK for some time, starting first with banks and payment transactions, but crooks are now stepping up their technological game of late and focusing on the brokerage industry and their clients.
Reports recently released in the past few weeks indicate that cybercrime has already overtaken traditional crime in the UK, where London is recognized as the undisputed capital of the foreign exchange industry. Crooks are no fools. They have always known to target places where money is in abundance, and this latest crime wave is doing just that, at least according to the Bank for International Settlements (BIS). The BIS report, entitled “Guidance on Cyber Resilience for Financial Market Infrastructures”, was released “amid growing concerns of cyber-related hacks, and the ongoing need for improved security measures to be taken to protect market integrity and underlying participants.” Financial Market Infrastructure is an elegant phrase for bank or broker.
According to data compiled by the UK’s National Crime Agency (NCA), “In a notable sign of the times, cybercrime has now surpassed all other forms of crime in the United Kingdom.” Cyber-related crimes now constitute 53% of the crime “pie”, versus 47% for all other crime related activities, and these figures may be understating the problem since security professionals admit that most cyber attacks go unreported. Another firm, ThreatMatrix, whose electronic network verifies over 20 billion transactions over the Internet on an annual basis, has seen a 50% increase in cyber attacks after blocking 112 million cyber attacks during the second quarter of 2016.
In an apparent attempt to close the barn door after the cows have left, EU officials are quickly mandating the formation of a regional database for recording all digital cyber attacks to get a handle on the demographics of the situation. Those in the know claim that the major classifications have not changed a great deal in the past year. These types remain fraud resulting from: web app attacks, point-of-sale intrusions, insider and privilege misuse, miscellaneous errors, physical theft and loss, malware, payment card skimmers, cyber espionage, and denial-of-service attacks. The advent of mobile commerce and online trading has only pored gasoline on this criminal fire spree.
What are the implications of these cybercrime trends for retail forex traders?
Bankers have been dealing with the potential for cyber fraud for years and have developed adequate firewalls and security processes to thwart an average hacker attack. The criminal element within our society, however, is well financed and knows the value of investing heavily in the latest technology. Software robots and malware are freely sold on the Internet black market with such intriguing names as “Dridex”, “Dyre”, and “Corkow” (also known as “Metel”).
These sophisticated bits of code can infiltrate a broker’s server platform or client access device, disguised as a “Trojan Horse”, continue to morph into new virus strains to avoid detection, and then report back sensitive log-in and password information for financial accounts to the crooks for further processing. Sadly, your vital information may have already been compromised, while the fraudsters play a waiting game. Without notice, transfer requests could be initiated on your account, with funds directed at a new account at the broker or to a new external account in your name at a service like PayPal. From there, a simple ATM withdrawal is all that is needed to complete the online theft.
Since late 2015, several significant incidents have been reported in the forex industry that are causes for concern. The “Big Hit”, so to speak, as when major retail chains or banks have had millions of private accounts breached, has yet to take place in our world. The lack of big headlines is a bit of a smoke screen. According to Thomas Peterffy, chief executive of Interactive Brokers Group Inc., a provider of online trading services, “It is a huge issue for foreign exchange brokers. They (the hackers) bombard you…We don’t know whether messages are real or not.”
Insiders believe that many of the recent attempts have only been a test. The real action may come later. Hackers, on a continuous basis, are testing the barriers to entry on a daily basis, but, once inside, a simple hacking exercise can turn into fraud in an instant. One tactic is to generate multitudes of trades in one direction, thereby upsetting the market, and then profiting from the market reaction from accounts elsewhere. We may only be witnessing the beginning of such “pump-and-dump” schemes, but here is a brief review of a few high profile cases:
- FXCM: News broke last October, feeding off notifications sent to trading customers, that there had been a serious breach in the cyber security protocols of FXCM, a global foreign exchange broker in New York City. Although the company tried to play down the threat, it advised clients that there had been several “unauthorized wire transfers from customers’ accounts.” A company spokesperson claimed that all monies had been returned to client accounts and that the hacker had been blocked.
- OANDA: Not long after the FXCM incident, OANDA notified its customers that it was having a “platform issue”. The situation had the earmarks of what is called a “denial-of-service” (DoS) online attack. Hackers inundate the server with messages, thereby slowing reaction times down to a crawl. OANDA corrected the problem, but never provided any details thereafter.
- MT4 Brokers: In a more serious affront in May of this year, a group of Chinese hackers held several MT4 brokers at ransom after online DoS attacks brought the brokers’ servers to a screeching halt. A few brokers were blackmailed to the tune of as much as $200,000. Others worked with MetaQuotes, the developer of the highly popular trading platform, to fix the obvious system vulnerability that was being exploited. In these cases, the traffic bottleneck “is launched by a botnet, consisting of thousands of infected computers and servers, which simultaneously send millions of access requests to the target, thus “clogging” the normal data flow and disrupting the normal operation of the website or the internet service.”
- Russian FOREX Trading System: A report released in February spoke to cyber attacks launched in Russia during 2015 that resulting in unauthorized trades of $400 million. The report noted that, “A team of Russian-speaking cyber criminals, possibly colluding with unidentified brokerage firms, used a Trojan virus or malware called Corkow (also known as Metel), to loot the trading systems. The malware constantly updated itself to avoid detection from antivirus programs and allowed the criminals to have remote access to trading systems.” The attack lasted only 14 minutes, but officials believe the crooks were testing their ability to influence the pricing of the Ruble versus the U.S. Dollar.
Is this just the tip of the iceberg? Without a tracking system in place, it is difficult to know the depth and breadth of the problem and to be able to forecast the how and where of future attacks. The threat is definitely real. Criminals have the technology and are quite willing to leverage it to their advantage, especially in regions where their probability for gain is the greatest. One might suspect that these attacks my concentrate in developing markets in Asia or elsewhere, but there are a number of components necessary for success. Electronic payment systems with mobile applications provide a multitude of options when the time comes to launder ill-gotten loot. Why venture into countries where the infrastructure breaks down when you can profit in style in the UK or Europe?
What can you do to protect yourself if and when your forex broker is attacked?
The report from the NCA in the UK has confirmed that organized crime is determined to strike a financial center with complex malicious software, which is “aimed at emptying consumer and business bank accounts in the U.K. and elsewhere.” Why pick on the UK? Avivah Litan, a fraud analyst with the Gartner Group sums it up this way: “If organized cybercrime gangs prefer to pick on U.K. banks, businesses and consumers, it may have more to do with convenience for the fraudsters than anything else.” Time zone proximity and familiarity with the English language define convenience for these crooks.
What should you do if you think your broker has been attacked? First things first, be wary of any email that requests that you change your log-in and password information. The email may look real, but verify that the address matches prior correspondences from your broker. Contact your broker, too, and ask direct questions. Yes, you should change your log-in credentials, but do it by going to the broker’s website, not from an email that may be re-directing you to a fraudster’s server. Your broker should also send you a confirming email that your private information has been changed.
Of course, if you should ever receive one of these confirmation emails without having made a change beforehand, then you know you have a real problem. Contact your broker immediately. Better to be safe than sorry!
The forex industry is not immune from cyber crime threats, far from it. As insiders in the brokerage community have admitted, the hackers “bombard you”. Most of the attacks on forex brokers in the past have tested security boundaries, inundated servers with messages, revealed vulnerabilities and provided system access to sensitive data, made attempts at manipulating the market, or managed to extract ransoms directly from brokers themselves. The battles are ongoing on these fronts.
Unfortunately, the latest technology being deployed by fraudsters, according to security professionals, is much more insidious by nature, designed to take the battle down to the client level. The crooks have already focused on the UK and non-banking financial service companies. You cannot fix the problem at that level, but you can do things to protect your own interests. If you encounter pronounced delays, check with your broker and read the latest industry headlines, but before you leave your PC or smart phone, be sure to change your password directly from your broker’s website. Then verify your broker’s subsequent confirmation email as valid. Stay vigilant!