The Pentagon’s research arm, the Defense Advanced Research Projects Agency (DARPA), is consulting with dozens of traders and quantitative hedge fund managers to understand the extent of the damage hackers could cause to the US financial system, the Wall Street Journal reports.
DARPA has spent the last year and a half consulting with executives from a range of financial companies in what has been described as an early-stage pilot project to identity market vulnerabilities.
The project is unclassified and DARPA confirmed its details to the WSJ. It’s called the Financial Markets Vulnerabilities Project.
“We started thinking a couple years ago what it would be like if a malicious actor wanted to cause havoc on our financial markets,” DARPA program manager Wade Shen told the newspaper.
In September, the Securities and Exchange Commission (SEC) admitted hackers accessed its corporate disclosure database in 2016 and may have made a profit from the insider information it stole. The SEC had patched the vulnerability in 2016, but only became aware of the trading in August.
The informal sessions involve brainstorming scenarios where hackers try to bring down the market, participants said.
Some of the possibilities include hackers taking down a payroll system, manipulating trading algorithms and flooding the market with fake orders to sell stock, which could lead to a market crash. Credit card companies and payment processors have been identified as potential targets.
DARPA hopes to create a simulated version of US markets, which it can use to test potential scenarios, Shen said.
The group even examined the possibility that hackers could use “fake news” to create negative stories about companies, and thus make investors nervous.
Consumer credit reporting agency Equifax Inc. suffered a massive security breach in July, when hackers stole the data of more than 143 million customers.
The Hong Kong stock exchange was targeted by hackers in 2011. Hong Kong’s bourse was forced to suspend trading after its website was hacked, which stopped investors from accessing information about companies.
New York’s Nasdaq was also also attacked in 2011, but hackers didn’t access the part of its system that deals with trades.