Here's a fun fact: Hackers, just like bankers, real estate agents and collectors of Star Trek memorabilia, attend conferences. Even better: they play games at the conferences. One of the games they play has attendees aggressively competing to access any device in the hall, thereby demonstrating prowess in obtaining sensitive information. The goal is to exploit any vulnerability, or crack that which is perceived to be impenetrable, and share details for both educational purposes and bragging rights. This is the kind of thing you'd expect at a Black Hat hacker conference and why people with sensitive information on computers probably shouldn't bring them to the party. Especially employees of the Securities and Exchange Commission Trading and Markets division. And they really shouldn't have brought their computers with them. Except they did. Yes. This really happened.
Computers owned by the Securities and Exchange Commission Trading and Markets division were brought by SEC staffers to a hacker convention. They contained unencrypted, step-by-step instructions to shut down our financial trading system. Essentially: A Hacker's Guide to our Financial Universe.
Consider for a moment the kind of information that was hanging out in these computers, according to a recent Reuters story:
The fact that S.E.C. employees brought Wall Street's blueprints to a Black Hat hackers' conference is both terrifyingly dumb and dumbfounding, despite the fact it appears, according to Reuters, that no data was breached. Nevertheless, it is hard to conceive of a less secure venue than this get-together where computer security experts and government intelligence leaders swap notes with all stripes of cyber-ninjas.
With the sensitive information purportedly contained on these hard drives, even a run-of-the-mill hacker arguably could possess the foundational knowledge to potentially shut down Wall Street like he was flipping off a light switch. Yet there it was at a convention center overflowing with hackers, brought by public servants whose job is to secure the American financial system from natural and man-made disasters. Imagine the value of that data on the black market?
Let's be clear about this. The Trading and Markets Division of the S.E.C. is responsible for monitoring compliance with "Automation Review Policies," a set of voluntary but crucial rules regarding security measures and business continuity plans for how the various stock exchanges will respond to disasters. And yet there they were, courting disaster.