Paid Wires Hacked Again

Over the years, the paid wires services – yes, they’re still a thing — have all had to endure the periodic PR crisis involving the inadvertent distribution of a fallacious news release. In other words, the safeguards used by the popular news release distribution companies for ensuring the veracity of what they disseminate have occasionally been breached, resulting in all kinds of headaches and regulatory scrutiny.

The first and still perhaps most famous case involved a worker at a paid wire service called Internet Wire who, in 2002, crafted and distributed a fake news release about a publicly traded company called Emulex. From CNET:

“Federal law enforcement authorities today arrested a 23-year-old Southern California student in the stock manipulation case of technology company Emulex, which saw its stock plunge more than 50 percent last week as investors reacted to a fake news announcement.”

logo-prnInternet Wire was so harmed by the breach, it was forced to change its name. Some eight years later, two other paid wire services also succumbed to hoaxes, as reported by PR News:

“Two major press release services, PR Newswire and Business Wire, both have been hit by fake press releases in the last week. A bogus notice regarding Javelin Pharmaceuticals Inc. made its way into the Business Wire service Friday night but was retracted soon after.”

bw logo

Today, the major paid wire services have in place very strict rules to thwart such breaches of their systems, i.e.,

“In its own press release yesterday, Business Wire said it was changing its press release submission policy and would no longer accept material via email. All releases will have to be submitted through the online “BW Connect” order-entry system, which is audited for security.”

Flash forward to today and the scourge of data-driven companies and organizations everywhere, captured by this CNN Money headline: “Traders made millions on stocks after hacking press releases” While the paid wires have bolstered their ability to prevent spurious releases from crossing their wires, they appear to have fallen short in preventing hackers from accessing potential market-moving news releases that are uploaded and queued up for eventual release.

MW_Logo_wBackground

This from CNN on the indictment of hackers who penetrated the paid wires between 2010 and 2013, and made millions from it:

“A group of U.S. stock traders teamed with Ukrainian-based computer hackers to gain access to corporate press releases to trade on news before it was public. The group allegedly made $30 million in illegal profits on the trades. Nine individuals face charges in two federal indictments, one that was unsealed in New Jersey Tuesday morning and another expected later in Brooklyn. The Securities and Exchange Commission is also expected to announce civil charges.”

Given the sophistication, prevalence and audacity of such data breaches, we’re almost ready to sympathize with the paid wires for the data protection shortcomings that allowed this to happen. On the other hand, if there ever was an industry ripe for a hacking, it’s the paid wire service business, which issues hundreds upon hundreds of material news releases each day.

I’m encouraged that the perpetrators have been indicted and remain hopeful (again) that those entrusted with this kind of potentially lucrative data step up their encryption game to deal with this most pernicious evil.