Enterprise Security

NYSE, United Shutdowns Spark Cyberattack Rumors

The New York Stock Exchange on Tuesday halted all transactions for three hours, due to what it maintained was a technical glitch.

Trading continued on the other exchanges belonging to its owner, holding company Intercontinental Exchange.

“The markets did not plummet with the shutdown,” said Jim Wright, chief investment officer at Harvest Financial Partners.

While not a great day, it did not appear to be a trading disaster,” he told the E-Commerce Times.

What Happened at the Exchange

The official reason for the shutdown was a technical glitch caused by an update gone wrong.

However, “there is something seriously wrong when you’re effectively forced to shut a service like this down,” remarked Rob Enderle, principal analyst at the Enderle Group.

“They should have been able to roll back to the earlier version in a relatively short period of time, and the fact they couldn’t suggests a serious issue with their update process,” he told the E-Commerce Times.

“Was it really that much cheaper to deploy system-wide changes right before the opening bell, and bring the whole thing down, than to execute a careful deployment overnight, with sufficient time for testing and reversing the changes if needed?” wondered Igor Baikalov, chief scientist at Securonix.

The Conspiracy Theory

Several factors spurred disbelief in the claim of a technical glitch.

The Anonymous hackers’ collective on Monday had tweeted what appeared to be a threat.

Also, United Airlines was hit by a glitch that led it to ground its flights worldwide for two hours. That occurred just two hours before the NYSE shutdown.

Also, The Wall Street Journal’s main Web page went down for a short time on Wednesday.

The airline attributed this problem to a router issue, but “in a case like this, I’d assume there are multiple redundancies to avoid interruptions of such critical functions,” noted Pierluigi Stella, chief technology officer of Network Box USA.

“You don’t install only one router at every intersection — you use at least two, with mirrored configurations, so that if one breaks, you can replace it without anyone even noticing,” he told the E-Commerce Times.

The Bad Guys Are Winning?

The United States Department of Homeland Security said the NYSE shutdown was not due to a cyberattack. President Obama reportedly was briefed on all three shutdowns.

“What does it say that [a cyberattack] is the first thing everyone assumes?” asked Jonathan Sander, strategy & research officer at Stealthbits Technologies. “The good guys are not winning the PR battle in the digital security world.”

On the other hand, if a coordinated attack was the real cause of the outages, “we wouldn’t hear about it unless the hackers came out publicly themselves,” Salto Partners’ Managing Partner Andreas Scherer told the E-Commerce Times.

The insistence on multiple redundancy in companies the size of United Airlines, and the ostensible failure to adhere to sound update practices at the NYSE, “make me wonder if this wasn’t some kind of warning that DHS doesn’t want to talk about,” Enderle speculated.

United’s excuse “suggests it did something really stupid, and firms of that size just don’t do that,” he added. “This is part of what makes me think we aren’t getting the whole story.”

The Bigger Picture

There have been several technical glitches at the NYSE over the past few months.

Also, United last month grounded domestic flights, apparently because faulty flight plans had been uploaded to pilots.

If a cyberattack didn’t take down three organizations within hours, then our technological foundation is in really bad shape,” Securonix’s Baikalov told the E-Commerce Times.

The big question about Wednesday’s NYSE and UA failures is whether they were due to unusual circumstances or human error, said Daniel Castro, vice president at the Information Technology & Innovation Foundation. “The former is possibly excusable — the latter is not.” [*Correction – July 10, 2015]

However, policymakers should not let these glitches distract them from paying attention to real problems,” he told the E-Commerce Times, “such as the U.S. Office of Personnel Management breach or the FBI’s “continued assault on encryption.”

*ECT News Network editor’s note – July 10, 2015: Our original published version of this story identified ITIF’s Daniel Castro as “David Castro.” We regret the error.

Richard Adhikari

Richard Adhikari has written about high-tech for leading industry publications since the 1990s and wonders where it's all leading to. Will implanted RFID chips in humans be the Mark of the Beast? Will nanotech solve our coming food crisis? Does Sturgeon's Law still hold true? You can connect with Richard on Google+.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by Richard Adhikari
More in Enterprise Security

E-Commerce Times Channels