At 11:32 yesterday morning the New York Stock Exchange (NYSE) computers went down, causing a four-hour suspension of transactions. In a four-hour period the NYSE averages about $400 million in trades – a substantial daily loss. The NYSE and Homeland Security both quickly announced that the problem was not due to a cyber attack.
At virtually the same time that the NYSE went down, the Wall Street Journal’s public website went down. In spite if assurances to the contrary from Homeland Security, I felt that these two events were not coincidences and that a cyber attack, in all likelihood, did occur.
Traces of Attack
A couple of hours spent surfing the Dark Web confirmed my suspicions. The Dark Web was rife with communications among a small group of people (allegedly members of Anonymous) congratulating themselves on a job well done on Wall Street.
Returning to the Surface Web I even found a tweet from AnonNews – the Anonymous Public Relations group – tweeted 12 hours before the NYSE computers went down, saying:
“Wonder if tomorrow is going to be bad for Wall Street…. we can only hope.”
I predict that it will only be a matter of hours before Anonymous (if they are indeed the perpetrators) takes public credit for the attack.
Reaction a Worry
What interests me here is not so much the cyber attack itself, but the official reaction to it. I do not believe that the NYSE and Homeland Security purposely attempted to deceive the public. I believe that incompetence led them to their conclusions.
First and foremost, to determine whether a system as large as the one used by the NYSE has been hacked or not, cannot possibly be determined in a matter of hours. Every programmer, every systems engineer and every employee of an IT department in the world understands this well. But I truly believe that the upper management of most large corporations and most bureaucrats, directors and politicians within our world governments do not understand this basic truth of the cyber world.
Nothing to See?
Thus, when Homeland Security contacted the NYSE yesterday morning to ask whether an investigation would be necessary, they blindly accepted the NYSE’s assertions that it was not a cyber attack. One report:
“The Department of Homeland Security told CNN that there is “no sign of malicious activity” at the NYSE or with an earlier outage experienced by United Airlines. The FBI says it reached out to NYSE and “no further law enforcement action is needed at this time.” – Source: CNN
In light of the impossibility of anyone identifying a cyber attack in a couple of hours – absent the perpetrator going public with the attack – the above statements are preposterous. Keep in mind, the hack against the U.S. Office of Personnel Management (OPM) was ongoing for a year before someone noticed it. Most hacks are never noticed unless purposely looked for – a time consuming, costly and tedious process.
Cyber Insecurity Exists
So, what should concern us most? The fact that hackers can infiltrate whatever they want and do whatever they want whenever they feel like it? Or the fact that our governing bodies and corporate and financial managers are clueless about the cyber age in which they are living?
The latter, by far, frightens me the most. The past few months of high impact world cyber attacks (OPM, Adult Friend Finder (AFF), Homeland Security, Japan Pension System, etc.) have clearly shown us that a massive problem exists. Awareness of a problem is the first step in solving the problem. I would almost have paid Anonymous for carrying out the attack just for the awareness value.
But how do we solve the problem of the ingrained cyber inadequacy and ineptitude of our leaders and decision makers, some of which display a near pride in their lack of understanding of technology. Is this not the equivalent of someone showing pride in their inability to read and write, explaining: “I have my staff to read to me and my advisors understand words for me, so I am free to ponder larger issues.”
We are in a rapidly expanding crisis and we cannot afford to be buried by well meaning but dangerously unknowledgeable decision makers. We are at war – undeclared and of such a subtle nature that few have noticed – but war nevertheless. And it is a war on many fronts, in which it is difficult to identify who is friend and who is foe. I will predict now, as unintelligible as it may seem, that Anonymous will turn out to be more friend than foe.
Friends vs Foes
I need to note at this point that the hacker community, by and large has a positive influence on society. White hat hackers have proven indispensable in testing and locating holes in our cyber security structures and they are the first to warn us of potential problems (though we in most cases do not listen to them). They are our soldiers in this cyber war and they are our front line defense as well as our rear guard. Do not let the actions of a few black hat hackers blind you to the only defense that we currently have.
And where will our leaders and decision makers fall on the ambiguous line between friend and foe? I know this much, the attitudes if our leaders must change, and change rapidly. We can no longer afford to be hobbled and endangered by a technically incompetent leadership. This, more than anything else, must be addressed.
Source: Silicon Angle