subject: Hackers Mack Unauthorized Trades In Online Brokering Accounts [print this page] In recent news, some clients of online stockbrokers in Australia have had their accounts compromised and they have been advised to change their user passwords. Investigations are currently being conducted by the Australian Securities and Investments Commission. The ASIC believe that the hacking attacks were organized, but they havent determined how client passwords are being compromised as of yet. Hacking attacks like these could have been prevented if proper security measures were in place for the brokers clients and their systems. Using layered security measures such as multi factor authentication dramatically reduces the likelihood of online user accounts being compromised.
According to the ASIC, the hackers used the accounts to engage in trades that lost the clients money. About a dozen share-trading accounts have been hacked across several brokers and the ASIC is cooperating with international authorities to trace proceeds reaped by the other party in each transaction. The ASIC has also said that the attacks are not believed to be associated with the attacks that shut down online brokers E*TRADE and Directshares.
Representatives at E*TRADE and Directshares have recommended that their users who have online brokerage accounts keep their anti-virus and anti-malware software up to date on their PC devices. E*TRADE was targeted by hackers late in 2011 to access a small number of online broking accounts to make unauthorized trades. E*TRADE has stated that their systems was not the source of their security systems, but rather the users accounts were compromised. E*TRADE has recommended users to change their account passwords and also to check their computers to make sure there is no malicious software that logs their keystrokes. Users that have online brokerage accounts should also check their transaction history for unusual trades and to report any unauthorized trades to the authorities and their broker.
The user accounts that were hacked could have been protected from unauthorized persons accessing their account if stronger authentication measures were used to authenticate the users accessing the account. Layered security such as multi factor authentication identifies users using multiple methods. Two factor authentication is a form of multi factor authentication and could have been used to thwart the hacking attacks. If two factor authentication were used to authenticate the brokers online clients, the chance of the hackers accessing the data would minimal. A users login, or something they know, and a users mobile phone, or something they have, are two factors that can be used to authenticate them. The most secure way of authenticating someone through their mobile phone is to send a one-time password to the mobile phone because the user has the phone on them and is able to enter the one time password along with the login credentials to verify them. In the case of the brokers clients accounts being hacked, the hackers would only have the login credentials and the access would have been prevented because they wouldnt be able to receive the one time password sent through the mobile phone. This type of authentication is a standard in industries such as banking and healthcare. The best way to prevent these type of hacking attacks is to scan your computer for viruses, malware, and to incorporate two factor authentication as an additional layer of security to protect against unauthorized access.
by: Mitchel Smith
welcome to Insurances.net (https://www.insurances.net)
