Crawling for dollars

Silicon.com: SEC in legal fight with Estonians over financial hack

Some folks apparently figured out a way to access BusinessWire press releases slightly before their official release, and used the information to trade stocks for profit. I'm guessing they speculatively crawled URLs where they expected releases to occur:

The SEC's complaint states that in June 2004 Lohmus became a client of Business Wire, which gave it access to its secure client website, after which a spider program was used.

However, the SEC could be moving into a grey area as a spider program does not circumnavigate access controls to a system but crawls around a site from weblink to weblink, reporting information back to its owner. The SEC may have to examine whether the spider predicted a weblink that was not publically available and then prove that was 'hacking' in order to prosecute the firm.

I'm not sure what law was broken. If anything, BusinessWire was lax in putting information at predictable URLs without access controls in advance of the official releases. You could think of the Estonians as simply engaging in very aggressive research; perhaps their true (or original) intent was just to be among the very first to see releases at the moment of their official release, and the viewing of releases even earlier just a 'happy accident' caused by the flaws in BusinessWire's system

Technorati Tags: , , ,

Comments: Post a Comment