Audience remark at Andy Gluck's session at TD Ameritrade pre-event session sets off a tweet chorus
A college student needed two hours to break into an RIA's files and it took only minutes for Twitterati to pass the story along at TD
In Andy Gluck’s session of the TD Ameritrade Institutional National Conference in San Diego, the tech guru told his audience to use WPA2 encryption if they have a Wi-Fi network for their businesses.
One of the audience members affirmed his advice by commenting that the firm had set up a Wi-Fi network a while back, and subsequently asked a college student to try and test the security of the firm’s systems. See: A war of words flares up between Andy Gluck and Joel Bruckenstein.
In less than two hours, the student had full access to the firm’s files. (No word on whether he skipped to Brazil.)
The Wi-Fi used by the firm testing its security using 20 year olds had only WEP encryption, which can be cracked using free tools downloaded off the Internet.
In other words, it was a somewhat predictable result of a security test on a knowable porous system.
But it gained value for having come up at a conference — and then getting advisors at their desks across the United States involved in a discussion because of its timely delivery via Twitter. Bill Winterberg, principal of FPPad.com and known techie appears to have broken the story, so to speak. People were following the hashtag: #tdai2013. See: Why RIAs would rather go to Twitter than talk to a wholesaler.
Only two hours?
One of the chimers-in on Twitter was Michael Kitces who wrote this in a follow-up e-mail from his East Coast office:
“Certainly hits home one of the points I make regularly in my sessions and wrote about last year — if you think your servers are more secure because they’re in your office and not the cloud, you’re kidding yourself. Your equipment is radically less secure, both physically and virtually. Ironically, I suspect the primary reason RIAs think their servers are so safe is because their intrusion detection and defense capabilities are SO weak, they wouldn’t even KNOW if their client data had been stolen. After all, good data thieves don’t exactly leave a calling card; they want the theft to be a secret, so people don’t know they should be watching their credit cards/credit report/etc.” See: At FPA’s Norcal event, wary advisors are told how to stop worrying and love the cloud.
As is the case with Twitter, people who aren’t attending the TD Ameritrade conference got into the conversation on the popular social media site.
Daniel O’Leary, who describes himself as a person who tweets on bleeding edge technology, said he was surprised it took the college student as long as two hours to break into the system.
“With social engineering you could do it in 15 minutes,” he tweeted. See: Dreamforce review: Social media enters the business cloud and why RIAs should care.
CFP Nathan Gehring asked Winterberg how the security lapse happened. “Just a good ol’ brute force hack on a weak password, I presume?”
Winterberg then explained what happened. “It was a WEP encryption crack in the RIA’s Wi-Fi network.”
That led Kitces to chime in: “Another reminder that the cloud is probably a much more secure place for most firms’ data!”
It’s no surprise that several conversations on Twitter delved into the topic of passwords and ways to improve security. Winterberg Tweeted this, “So how good is “Wa1kd0g4495” as a password? Just asking.”
Another fellow techie Blaine Warrene who goes by the user name Blano on Twitter and is the co-founder of Arkovi then offered his insight. “I am hoping we can move passwords to phrases/sentences and away from jumbles – which still can be cracked,” he Tweeted.
Winterberg then followed it up with: “It’s going to take a combo of biometric and multi-factor authentication, but most of us have the tech to do this today.”
Five RIA Doubletakes: An RIA-only law firm breaks away • Kitces launches picker of 'best of breed' RIA software bundles • Vanguard targets 2070 just as media targets TDFs • SEC fishing for RegBI Scofflaws, including RIAs • CFP appoints first African-American chair
RIA Lawyers will reject RIA custodians• Kitces Nascar montage is now interactive and helpful • Vanguard's super long TDF draws critics• SEC supply lines are stretched with new battle front • Kamila Elliot is ex-DFA, diverse and calling CFP shots
January 12, 2022 – 3:13 AM
Robinhood gets 'brilliant' upper manager -- and a spare CEO -- by nabbing TD Ameritrade's ex-thinkorswim top exec, hopefully to throw a lifesaver to Robinhood's sinking stock
The Menlo Park, Calif., firm nabbed Steve Quirk as first-ever chief brokerage officer to 'bridge the gap between academia and reality.'
January 6, 2022 – 10:33 PM
Oisín's snippets: Charles Schwab brand goes up on Omaha's TD Ameritrade stadium, home of college baseball world series • Interactive Brokers lands an RIA custody insider, Charlie Latimer, to climb the custodian ladder
The TDA brand lives on until the techies figure out how to make two systems into one, but change is in the air in Omaha, while Interactive Brokers gets a leg up in the custody business with a new hire.
December 27, 2021 – 9:58 PM
Goldman Sachs nabs TD Ameritrade's Darla Sipolt for RIA custody; Kate Healy, Jim Dario and Peter Dorsey are among 1,000 staffers cut by Schwab post TD merger
Included in the wholesale reduction of the Omaha, Neb.-based broker's redundant talent, about 40% of TD Ameritrade's marketing staff also got word today they have no future with their San Francisco-based owner
October 27, 2020 – 1:20 AM
See more related moves