|
A number of stocks lost about all their market value yesterday in the span of 5 minutes, leading to the fastest ever drop in the Dow Jones index. Luckily, most of the value was recovered, but the index overall was still substantially lower. It is not clear yet what exactly happened, but computer issues are cites as a possible reason. One report suggested a data entry error (entering "B" for "Billion" instead of "M" for "Million"). But several stocks where affected. These company's stocks went from as high s $59 to a couple of cents in a few minutes. Again, the investigation is just starting. But this overall reminded me of a scenario we put forward a few years back. John Bambenek published a nice diary [1] in September of 2005 estimating that $24 Billion worth of assets are under the control of bot herders at the time in the form of brokerage accounts owned by infected users. This number is of course just a guess, but it does support the scenario of a bot control "Market DoS". The scenario we put forward back then was that a botnet could cause economic mayhem if such a sell-off would be timed right to coincide with real world events that would cause "market jitters". Right now, the economic crisis in Greece and the oil spill in the gulf of Mexico can be seen as such events. How do we protect ourself? Sadly, as typical in our approach to software security, incident handling and forensics will have to come first. Maybe then, we will learn what should have considered int he first place: How to write more secure software, how to put the controls in place to prevent these errors. [1] http://isc.sans.org/diary.html?storyid=712 ------ ===================================================== More thoughts on this - -
============== Rob VandenBrink, Metafore ================ I will be teaching next: Intrusion Detection In-Depth - SANS Rocky Mountain Summer 2020 |
Johannes 3880 Posts ISC Handler May 7th 2010 |
| Subscribe |
May 7th 2010 1 decade ago |
|
Okay, I think it is obvious that the United States financial sector is being attacked. This makes sense if you think about it because the financial sector does not have all the safeguards that the military sector has. Further, if our enemies are able to wreck havoc on the financial system and our money becomes worthless then it does not matter how much military technology we have because we still need to buy and sell to provide support for our armed forces. I feel that a comprehensive review of the financial sector computer systems must be done, ASAP. This must analyze whether third party code is used at the financial websites that could be a hacking entry point. Are websites using full encryption as well as additional safeguards. In addition, new and further safeguards could be implemented by having a human being have to sign off on huge computer generated trades thus not allowing the process to be fully automated.
|
Danster 13 Posts |
| Quote |
May 7th 2010 1 decade ago |
|
I think it would be safer if these trades were automated. Many transactions on the floor of the NYSE still happen through human beings (the traders) and where you have people, you have the potential for error, especially in a high-pressure, high-density trading environment.
|
AndrewB 24 Posts |
| Quote |
May 7th 2010 1 decade ago |
|
To suggest that this occurred in theory now just throws gasoline on the fire.
The system was made by humans and has all the imperfections they do, too. This is -not- news to most of the sane population. Get the emotion out of the equation. Over time, when cooler heads prevail, the thought process will correct the failures of the past, unless we choose to allow history to repeat itself. Lord protect us from those who never make a mistake, and those who make the same mistake twice. . |
Jack 160 Posts |
| Quote |
May 7th 2010 1 decade ago |
|
AndrewB, many trades are automated, which in reality is part of the problem. An error in pricing that triggers automatic sell orders could be devastating, value-wise.
|
Jack 2 Posts |
| Quote |
May 7th 2010 1 decade ago |
|
To anyone who's ever worked in the financial market [IT] business this event is trivial. Market readjusts rapidly, especially since Black Monday Yes, it can lead someone to devise an attack, and when you think of it, anybody who's ever worked in the financial market [IT] business can do the same, if not better. |
Jack 17 Posts |
| Quote |
May 7th 2010 1 decade ago |
|
Jim... Automated trades are not the problem. It's the person entering an extra zero or two that's the problem. When the automated systems see that, they react as they were programmed to. The root of it is still human error. We need to program computers to not trust humans hehe.
At any rate, time to go buy as much stock as I can. Gotta take advantage of the dips before it corrects itself... |
Anonymous |
| Quote |
May 7th 2010 1 decade ago |
|
Beware the Daemon, and the Major.
|
Syd 3 Posts |
| Quote |
May 7th 2010 1 decade ago |
|
Beware the Daemon, and the Major.
|
Syd 3 Posts |
| Quote |
May 7th 2010 1 decade ago |
|
A crash is often multi-faceted. However, the explanation for the one-cent stocks might be pretty simple. The NYSE went into slow-down mode on those stocks, which means that more time is allowed for a buy order and sell order to match up. This makes it LESS likely that a wild price transaction happens. However, it appears that some of the electronic trading systems run by other companies IGNORED the NYSE slowdown. You know how some places GUARANTEE 2-second trades, etc? Well, if the NYSE is going to 30 or 60 seconds, those other guys might decide not to come along.
The problem is that there are a lot less orders for NYSE stocks if you aren't looking on the NYSE. So if you put a wild 'SELL!'-at-market order in on the electronic platform, the only buy order might have been some joker with a standing 1-cent bid. So 1-cent was your price. market-ticker.denninger.net has more discussion of this, also pointing out that SEC rules should make this illegal, because brokers are required to provide the best nationwide price. They aren't allowed to ignore NYSE bids just because NYSE wants to take 60 seconds to fill. |
Syd 5 Posts |
| Quote |
May 7th 2010 1 decade ago |
|
It is odd that whilst we see numerous variants malware for banking and online game account stealing, we don't see much specific to online trading platforms.
|
hacks4pancakes 48 Posts |
| Quote |
May 7th 2010 1 decade ago |
|
- http://news.yahoo.com/s/ap/20100507/ap_on_bi_ge/us_wall_street_sec May 7, 2010 5:02 pm ET - "... identifying one possible cause: Conflicting trading rules for different markets. The Securities and Exchange Commission and the Commodity Futures Trading Commission say they are reviewing data related to Thursday's trading frenzy. They are looking at information from exchanges, self-regulatory groups and market participants. They say they will make any necessary changes to prevent the problem from recurring..." . |
Jack 160 Posts |
| Quote |
May 8th 2010 1 decade ago |
if you want to a large financial influence (for instance in a cyber-war scenario), you don't need to control 24B in household assets through malware, you need to control one trader's workstation at a major firm. Yesterday's event shows us just how vulnerable we are - one bad trade, and all the lemmings follow the leader over the cliff! Fund managers would be good targets as well. Through a lever like this, your control is multiplied potentially hundreds of times.Sign Up for Free or Log In to start participating in the conversation!
