> The New York Stock Exchange has asked the SEC to consider limiting the amount of data collected by the CAT, which would include data on around 58 billion daily trades, as well as the personal details of individuals making the trades, including their Social Security numbers and dates of birth
Dropping SSNs for natural persons would be a good idea.
IMO, everyone's SSN should be public. Mine has already be compromised by both my undergrad and grad school. At this point, I operate under the assumption that it is public knowledge for bad actors.
Hiding SSNs is false security at best. If they were public, banks would stop hiding behind "identity theft" and would start having to acknowledge that its their responsibility to confirm who they are lending money to.
> Dropping SSNs for natural persons would be a good idea.
It would but it isn't the SEC's decision to make and the Treasury Department & DOJ would never allow it. This is one of the primary means of investigating the flow of dirty money through the financial system.
That data does not look suspicious at all. A very quick google search shows this article [1] that was published around the same time as the start of that growth.
It's worth noting that trading spikes in advance of public availability of news doesn't necessarily imply illegal activity. Overheard conversations between strangers, for example, are fair game.
insider trading has to be the easiest damn thing in the world. discreetly tell someone you know in person a piece of insider knowledge, and let them profit off it, then reimburse you some how. i find it insane people think this isn't happening virtually 100% of the time.
Some day I'd like to experiment with a press release driven trading strategy. I've seen plenty of cases where every man and his dog have been aware that $company sold $hugeNumber of $widgets, it can be open knowledge known industry wide, yet there is still a stock surge once the press release (or annual report or whatever) comes out.
I'm more curious about how they hacked into the SEC database? Did they use an email trojan? Exploit an existing flaw or backdoor? If they did this via e-mail, who did they send the mail to?
> The hackers used malicious software sent via email to SEC employees. Then, after planting the software on the SEC computers, they sent the information they were able to gather from the EDGAR system to servers in Lithuania, where they either used it or distributed the data to other criminals, Carpenito said.
Located documentation, thought okay this shouldn't be too bad. Ended up taking one day to understand the structure and another to implement the system. Finally got everything loaded in my tables and spot checked against the rendered versions on their website only to discover they truncate the most important text field. It's technically in the documentation that the value field is limited to 2048, but it's also in the documentation that the value field is for 'text analysis applications' and their website literally says: 'The information is presented without change from the "as filed" financial reports submitted by each registrant...' so I managed to gloss over this detail until I had already spent and entire weekend working on it.
I just can't wrap my mind around how they got 99% of the way there and then decided, 'hey lets just truncate this field, it's only the entire purpose of this dataset.'
The fact that the SEC can't secure this sort of information is an excellent argument against key escrow and government backdoors into crypto systems: it's completely impossible to prevent leakage or theft of that sort of incredibly-valuable information.
Long-story short is that it's not always obvious how the market will react to releases. Some of the hackers only traded with a ~70% win-rate after holding the releases.
> Hackers broke into an SEC database and made millions from inside info
Given the thirty minute window between copying the file to the server and the SEC posting the URL, I figure they guessed the URL from an easily predicted sequence.
> said the same criminals also stole advance press releases sent to three newswire services
Yeah I remember the charges against those people too
Basically newswire services get hacked and people get the earnings reports beforehand
SEC gets hacked and people get the earnings reports beforehand
I think public resources shouldnt be spent on that. Prosecute the hacking but just drop the “trading on material non public information but only in the equities capital markets and only when there is a duty from the source to keep things nondisclosed” sanctions. It is so narrow but extremely expensive to prosecute, has with little efficacy in stopping the behavior, and incorrectly effects the collective conscious on what can be traded and when. People at this point think its actually illegal to have a trading advantage in any context
I don't understand your argument for not prosecuting MNPI trading. Are you saying that because the general public doesn't understand what MNPI is, the law shouldn't be enforced?
Are you taking issue with reason the law exists, or just that the people don't understand it?
And what's your basis for saying it's ineffective? From my experience, insider trading laws are taken very seriously by most of the industry.
On the one hand, we want market prices to be accurate. This means we want people with material information to trade on that information.
On the other hand, we need some fairness in a market. This is mostly to ensure people keep trading. In a world were inside-info is commonplace, trading without it is just stupid. This would cut off a lot of people from investing.
The line needs to be drawn somewhere. The US approach of insider trading requires a broken 'duty to keep secret' isn't nice, but considering the above trade-off I think it is better than "All non-public information is off-limits". Especially because it captures the 'most disruptive' form of insider trading: people who work at a company that is getting acquired / going bankrupt.
Do the journalists believe Lithuania and Ukraine still somehow belong to Russia? I can’t see any explanation in the article on how was Russia involved.
Yes - certain filings are confidential while they are 'in process.' They then get released in batches on specific release dates, to the entire world, all at once. In particular, IPO registrations may be done confidentially in early stages. The information that is present in such filings is often valuable.
[+] [-] JumpCrisscross|7 years ago|reply
Dropping SSNs for natural persons would be a good idea.
[+] [-] wtvanhest|7 years ago|reply
Hiding SSNs is false security at best. If they were public, banks would stop hiding behind "identity theft" and would start having to acknowledge that its their responsibility to confirm who they are lending money to.
[+] [-] fixermark|7 years ago|reply
They're names, not passcodes.
[+] [-] burtonator|7 years ago|reply
What's WEIRD is that area of law around liability though.
IF you own a company and you're the only employee and someone dies you're in a world of hurt.
If you're Walmart and you kill 100 people by accident basically nothing will happen in most cases.
[+] [-] elliekelly|7 years ago|reply
It would but it isn't the SEC's decision to make and the Treasury Department & DOJ would never allow it. This is one of the primary means of investigating the flow of dirty money through the financial system.
[+] [-] btbuildem|7 years ago|reply
Three days before a positive press release, demand pressure beings to drive up the price. Coincidence? I'm too jaded to believe that.
[+] [-] enzanki_ars|7 years ago|reply
[1]: https://www.fool.com/investing/2019/01/09/why-canopy-growth-...
[+] [-] starpilot|7 years ago|reply
[+] [-] wildmusings|7 years ago|reply
[+] [-] AznHisoka|7 years ago|reply
[+] [-] lozaning|7 years ago|reply
[+] [-] the_cat_kittles|7 years ago|reply
[+] [-] flukus|7 years ago|reply
[+] [-] dbuder|7 years ago|reply
[deleted]
[+] [-] hkmurakami|7 years ago|reply
[+] [-] AznHisoka|7 years ago|reply
I would never expect a 90% success rate because of how random Wall Street is, but 77% over a period of time definitely is an advantage.
[+] [-] roadkillon101|7 years ago|reply
[+] [-] tgragnato|7 years ago|reply
Looks like a way to say “exfiltrating data from the endpoints”.
[+] [-] lawnchair_larry|7 years ago|reply
[+] [-] unwabuisi|7 years ago|reply
[+] [-] devin|7 years ago|reply
[+] [-] unknown|7 years ago|reply
[deleted]
[+] [-] eggie5|7 years ago|reply
[+] [-] jefe_|7 years ago|reply
Sat down one Saturday to create a database for their Financial Statement and Notes data set https://www.sec.gov/dera/data/financial-statement-and-notes-...
Located documentation, thought okay this shouldn't be too bad. Ended up taking one day to understand the structure and another to implement the system. Finally got everything loaded in my tables and spot checked against the rendered versions on their website only to discover they truncate the most important text field. It's technically in the documentation that the value field is limited to 2048, but it's also in the documentation that the value field is for 'text analysis applications' and their website literally says: 'The information is presented without change from the "as filed" financial reports submitted by each registrant...' so I managed to gloss over this detail until I had already spent and entire weekend working on it.
I just can't wrap my mind around how they got 99% of the way there and then decided, 'hey lets just truncate this field, it's only the entire purpose of this dataset.'
[+] [-] eclipticplane|7 years ago|reply
[+] [-] danaos|7 years ago|reply
https://news.ycombinator.com/item?id=17831975
[+] [-] zeveb|7 years ago|reply
[+] [-] lambdasquirrel|7 years ago|reply
[+] [-] ghayes|7 years ago|reply
Long-story short is that it's not always obvious how the market will react to releases. Some of the hackers only traded with a ~70% win-rate after holding the releases.
[+] [-] jandrese|7 years ago|reply
[+] [-] Drdrdrq|7 years ago|reply
[+] [-] CedarHill|7 years ago|reply
[+] [-] bredren|7 years ago|reply
Apple struggles with this with almost every product release.
[+] [-] snissn|7 years ago|reply
[+] [-] da_chicken|7 years ago|reply
[+] [-] gene_vache|7 years ago|reply
Given the thirty minute window between copying the file to the server and the SEC posting the URL, I figure they guessed the URL from an easily predicted sequence.
[+] [-] gammateam|7 years ago|reply
Yeah I remember the charges against those people too
Basically newswire services get hacked and people get the earnings reports beforehand
SEC gets hacked and people get the earnings reports beforehand
I think public resources shouldnt be spent on that. Prosecute the hacking but just drop the “trading on material non public information but only in the equities capital markets and only when there is a duty from the source to keep things nondisclosed” sanctions. It is so narrow but extremely expensive to prosecute, has with little efficacy in stopping the behavior, and incorrectly effects the collective conscious on what can be traded and when. People at this point think its actually illegal to have a trading advantage in any context
[+] [-] dnadler|7 years ago|reply
Are you taking issue with reason the law exists, or just that the people don't understand it?
And what's your basis for saying it's ineffective? From my experience, insider trading laws are taken very seriously by most of the industry.
[+] [-] rocqua|7 years ago|reply
On the one hand, we want market prices to be accurate. This means we want people with material information to trade on that information.
On the other hand, we need some fairness in a market. This is mostly to ensure people keep trading. In a world were inside-info is commonplace, trading without it is just stupid. This would cut off a lot of people from investing.
The line needs to be drawn somewhere. The US approach of insider trading requires a broken 'duty to keep secret' isn't nice, but considering the above trade-off I think it is better than "All non-public information is off-limits". Especially because it captures the 'most disruptive' form of insider trading: people who work at a company that is getting acquired / going bankrupt.
[+] [-] flatfilefan|7 years ago|reply
[+] [-] illgenr|7 years ago|reply
[+] [-] libertymcateer|7 years ago|reply
https://www.nytimes.com/2017/07/07/business/dealbook/sec-ini...
[+] [-] airstrike|7 years ago|reply
[+] [-] ceejayoz|7 years ago|reply
[+] [-] jaimex2|7 years ago|reply
[+] [-] unknown|7 years ago|reply
[deleted]
[+] [-] unknown|7 years ago|reply
[deleted]
[+] [-] stevespang|7 years ago|reply
[deleted]