Cyberattack on Leading Trading Data Service Provider ION Group Exposes Commodity Market Manipulation Risks?

Investing Pioneer – 2/10/2023 – 3:34 EST


Market watchers still await the next Commitments of Traders (COT) report by the CFTC, providing insights into aggregate commodities trading data. Now, it is 17 days since the latest release – a report that is typically updated on a weekly basis (Friday at 3:30 p.m. eastern time). The reason for the data drought: a successful ransomware attack.

At the center of this story is Ion Trading, a financial software and data firm based in Dublin, Ireland. Founded in 1999 by a former Solomon Brothers trader, it has experienced undoubted success in expansion, with noted acquisitions like that of Fidessa in 2018 for £1.5 billion1. Cumulatively, Fidessa alone is associated with $22 trillion in transactions annually, per available data3. According to the Financial Times, 2019, the combined enterprise value was
estimated at £7 billion1.

If Ion’s significant growth over recent years was making the little-known company less discreet, the recent compromise has certainly heightened the scrutiny the company and associated operations will receive, both by regulatory bodies and individuals alike. Some may postulate the blame, if it is found anyone on the receiving end of the hack is deserving of it, should be on the regulators first, who may have failed to ensure the companies security measures were sufficient based on readily available cyber-security information at the time.

The news of the Cyberattack first hit on January 31st, and it is believed the Russia-based Lockbit is responsible.

Ion’s integral position in the commodities and derivatives markets cannot be overstated. On February 2nd, the CTFC (Commodity Futures Trading Commission) issued a statement in response to the ION hack and “the impact to the derivatives markets”.

“This week, CTFC staff alongside fellow regulators, market participants, and impacted parties have worked to understand the issues surrounding the cyber incident and to help ensure the CFTC-regulated derivatives markets were not compromised.”

“As a result, the weekly Commitments of Traders report that is produced by the CFTC will be delayed until all trades can be reported.”

CFTC, February 02, 2023

According to The TRADE, the first information related to the attack was released by the Twitter account PriapusIQ.

“Basically, trading desks will be flying blind as no trades for today are going in on the
overnight process.” “This will have a HUGE impact.”

– PriapusIQ

Finally, The TRADE, stated they received confirmation from ION on “being affected by cyber issues”.7

In response, the deputy assistant secretary of the Treasury’s Office of Cybersecurity said, it is “currently isolated to a small number of smaller and midsize firms and does not pose a systemic risk to the financial sector.”8

The relevant regulatory body, the CFTC, says they will now seek more vendor oversight, presumably to minimize the risk of a future attack and its potential effects. For the days following the attack, it forced many operations to be done

Robert Kientz of GoldSilver Pros with an expertise in cyber-security and commodities has expressed his deep concerns for what this attack could mean, on his YouTube channel (here).

“This is tremendously powerful data.”

-Robert Kientz

He is concerned that too much of the data and operations of ION’s customers like the CME Group have been outsourced to ION, affecting the degree to which regulatory oversight is present.

Ransomware is common in these contexts, and Kientz cites that the two leading reasons for such attacks are sovereign and industrial espionage. Speculating, this could make the Russia connection particularly significant.

The group responsible for the cyberattack claims the ransom has been paid by ION.

Kientz highlights a quote by Tom Kellermann, a senior VP of Cyber Strategy, who stated, supply chain attacks like this are becoming increasingly common in the financial sector. “Shared service providers are being targeted by cybercrime cartels to manifest island hopping.” “Cyberattacks in the financial sector are no longer merely about conducting a heist [i.e., getting cash from the ransom victim] but rather to hijack the digital transformation of the victim so as to launch attacks against the customer base.”

Coupling the fact that these third-party providers are presumably easier targets and have a higher upside with a lack of sufficient oversight, potentially caused by virtue of the natural dynamics of out-sourcing much of the operations, is what makes this a vulnerable situation.

Kientz emphasizes the significance of the data itself, and questions why the criminal organization would not sell or share the data, which could have implications such as trading against and illegally manipulating markets. The group claimed in the ransom message that unless the demand was paid, the data would be sold somewhere else.

Some of the questions he poses are how long the data has been compromised, and the systemic
effects this poses.