Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Stock market "wipe out" may be due to computer error InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Stock market "wipe out" may be due to computer error

Published: 2010-05-07
Last Updated: 2010-05-07 14:05:59 UTC
by Johannes Ullrich (Version: 1)
11 comment(s)

A number of stocks lost about all their market value yesterday in the span of 5 minutes, leading to the fastest ever drop in the Dow Jones index. Luckily, most of the value was recovered, but the index overall was still substantially lower. It is not clear yet what exactly happened, but computer issues are cites as a possible reason. One report suggested a data entry error (entering "B" for "Billion" instead of "M" for "Million"). But several stocks where affected. These company's stocks went from as high s $59 to a couple of cents in a few minutes.

Again, the investigation is just starting. But this overall reminded me of a scenario we put forward a few years back. John Bambenek published a nice diary [1] in September of 2005 estimating that $24 Billion worth of assets are under the control of bot herders at the time in the form of brokerage accounts owned by infected users. This number is of course just a guess, but it does support the scenario of a bot control "Market DoS". The scenario we put forward back then was that a botnet could cause economic mayhem if such a sell-off would be timed right to coincide with real world events that would cause "market jitters". Right now, the economic crisis in Greece and the oil spill in the gulf of Mexico can be seen as such events.

How do we protect ourself? Sadly, as typical in our approach to software security, incident handling and forensics will have to come first. Maybe then, we will learn what should have considered int he first place: How to write more secure software, how to put the controls in place to prevent these errors.

[1] http://isc.sans.org/diary.html?storyid=712

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

=====================================================

More thoughts on this - - if you want to a large financial influence (for instance in a cyber-war scenario), you don't need to control 24B in household assets through malware, you need to control one trader's workstation at a major firm.   Yesterday's event shows us just how vulnerable we are - one bad trade, and all the lemmings follow the leader over the cliff!  Fund managers would be good targets as well.  Through a lever like this, your control is multiplied potentially  hundreds of times.

Looking for targets like that?  I just searched linkedin for "hedge fund" (36,000 results)  or "fund manager" for targets (12,000 results) - all nicely searchable by city, company etc.

A targeted phish campaign against a narrowly defined audience like that ... hmmmm ....

 

============== Rob VandenBrink, Metafore  ================

 

Keywords: bots financial stock
11 comment(s)
Diary Archives