back to article Hackers crippled HALF of world's financial exchanges - report

Half of all the world's critical financial exchanges have suffered cyber attacks in the past year, a report has found. A joint investigation by the World Federation of Exchanges and‎ the International Organisation of Securities Commissions found that the attacks are increasingly aimed at destabilising markets, rather than …

COMMENTS

This topic is closed for new posts.
  1. auburnman
    Black Helicopters

    How long until Wall Street sharks are partnering with/paying hackers or social engineers to knacker specific stocks so they can short them? If it's not happening already of course.

    </tinfoil hat>

    1. Mad Chaz
      Terminator

      My vote is "it's already happening".

    2. Neil B
      Meh

      I have absolutely no doubt that is already happening.

    3. Christoph

      There have already been cases of companies trying to cripple their rivals by DDoSing them.

    4. Daniel B.
      Black Helicopters

      I think it's already true

      Isn't that what those HFT trading bots basically do? They game the market to both give them more profit *and* screw over the other trading bots. And they're prone to being 0wned by fake news, as seen with the fake news about Obama being shot at.

      It's kinda like BattleBots, but instead of bots trying to trash each other, these ones are trying to bankrupt each other.

      1. Anonymous Coward
        Anonymous Coward

        Re: I think it's already true

        Not sure how hacking exchanges works as market participants generally have access permitted via leased lines and from specified ip addresses. I know in Hong Kong the hkfe gateways only permit specified ip addresses for the participant.

        1. oolor

          Re: I think it's already true

          >Not sure how hacking exchanges works...

          In the case of the NYSE Euronext, the biggest players have their pertinent servers collocated. Apparently the closer to the exchanges racks the collocated servers are, the higher the fee.

          >Isn't that what those HFT trading bots basically do?

          HFT is over and done with. The costs are rising by multiples while the take has dropped to a fraction. Many companies went out of business last year and were not able to sell themselves off. At the end of the day, HFT was mostly front-running orders and the pennies per share became fractions of pennies as competition increased. It was a simple, time-limited arbitrage that has disappeared as new participants drove down the spread and execution times. Most larger banks/trading institutions make more money clearing trades in house first before sending the order to market. This is a much better arbitrage for them, often netting more than trading fees on the same trade.

          As for bot-trading ruining the market due to fake news and such, it seems to be more of a matter idiotic moves from large funds and their algorithms and the HFT in most cases actually acts as a buffer of liquidity in such a market.

          >How long until Wall Street sharks are partnering with/paying hackers or social engineers to knacker specific stocks so they can short them?

          This has been going on forever in the OTC market where regulations are more lax, the companies are smaller, unknown to the general investing public, and less liquid than an exchange-traded security. Usually it is more worthwhile to go after these for the crooks because they have more time to slip through the net. If they try to do it with the market at large or a large company, the rest of the market participants behaviour can make it so that profit is hard to wring out. It is through message boards and other social media that these modern-day boiler-room operations thrive. Pump and dump works better than shorting due to the risk of the operation going awry.

  2. Don Jefe

    Laws

    The reliance on laws to mitigate an already illegal activity never works. You'd think people would learn this in primary school history class.

    What it boils down to is the cheap ass bankers not wanting to spend on real security and foist responsibility off in the government. Legislators, bankers and hackers; three of the most despicable groups of people on Earth, it's just a real shame not terrible people get involved by virtue of having their money in the system. Otherwise I'd say let them tear each other apart.

    1. Tom 38
      Boffin

      Re: Laws

      It's amusing you think exchanges are run by bankers.

      1. Best Before:

        Re: Laws

        @tom38 my thoughts exactly, the article even makes that implication. Bankers are the customers of the Exchanges.

        I would be quite impressed to see any collective of hackers (Even banker/broker aided ones) DDoS an Exchange, it's not like it is a webpage or anything...

        1. oolor

          Re: Best Before

          I don't know guy, ever see Die Hard 4?

          1. jake Silver badge

            @oolor (was: Re: Best Before)

            That's a movie, moron. Has no bearing on real life.

            1. oolor
              Pint

              Re: @oolor (was: Best Before)

              sarcasm, cough, cough...

              Considering 4 minutes prior and a few posts above I make a long winded statement that shows I at least am pretending to know about what the fuck is behind the world's largest stock exchange and thus perhaps might fathom the stupidity of popular misconceptions about 'hacking' ...

              Oh the hell with it, you obviously have some butt hurt from previous exchanges, may I kindly suggest you get some rest as your comprehension filters seem to be running low. Thanks for the down vote, now piss off.

              1. jake Silver badge

                Re: @oolor (was: Best Before)

                "butt hurt"? Really? Are you serious?

                Please, shut up and grow up. It'll be for your own good.

                1. oolor
                  Thumb Up

                  Re: @oolor (was: Best Before)

                  >Really? Are you serious?

                  No, which you seem to miss.

                  You seem to see a lot of your own faults in others. Take your own advice, it may not go down well, but appears much needed.

                  Have an up vote, I'm outta gold stars.

  3. Brewster's Angle Grinder Silver badge

    If the army were running round the streets, people would be complaining. But everybody seems fine with the army running round the internet.

    1. Don Jefe

      I think the difference is those online are more of a ragtag militia as opposed to a cohesive unit with top down command and integrated discipline. They can cause some headaches but the lack of a common structure and divergent goals limits their influence.

  4. Bakunin
    Holmes

    Everything has a reason

    "...the attacks are increasingly aimed at destabilising markets, rather than making financial gains."

    Surely "they" destabilise a market to gain financially? I very much doubt they're doing it for the lulz.

    1. Antonymous Coward
      Mushroom

      Re: Everything has a reason

      "Economic warfare" I sboze.

      1. This post has been deleted by its author

      2. Tom 7

        Re: Everything has a reason

        When you make money from share transactions a stable market is the last thing you want. Its in the traders interests to have instability so that people buy and sell more shares so they can take their percentage.

        For a conspiracy theory the idea that traders would actually fund hackers to cause instability in the market is pretty watertight but for two problems: 1) paying the hackers. 2) they can do it themselves.

        1. Sir Runcible Spoon

          Re: Everything has a reason

          You don't need hackers to destabalise the markets so the market makers can make a profit - that's what the news is for.

        2. ecofeco Silver badge
          Holmes

          Re: Everything has a reason

          >When you make money from share transactions a stable market is the last thing you want. Its in the traders interests to have instability so that people buy and sell more shares so they can take their percentage.

          For a conspiracy theory the idea that traders would actually fund hackers to cause instability in the market is pretty watertight but for two problems: 1) paying the hackers. 2) they can do it themselves.

          While your logic is sound, your real world experience is not.

          1. Read the book "Disaster Capitalism". Not to mention basic strategy and tactics includes disruption and diversions.

          2. If they don't pay the hackers, the hacker turn on them.

          3. Why use hackers in the first place? Plausible dependability and "cut outs".

          These are not the theories of conspiracy, but proven techniques that have been executed time after time throughout history and are well documented.

          1. ecofeco Silver badge

            Re: Everything has a reason

            "Plausible DENIABILITY"

            Dammit.

  5. plrndl
    Mushroom

    Bomb Proof

    "that people at the very top of the world's economic system are nervous that a concerned online assault could cripple markets." is precisely why such attacks occur. If a few bankers learned a little bit of technology instead of pooping their pants, they would be a lot happier: DARPAnet was designed from the ground up to function AFTER a nuclear attack.

    1. Peter Gathercole Silver badge

      Re: Bomb Proof @plrndl

      That may have been how it was designed, but that does not mean that it the way it now works.

      The current Internet had a number of very serious pinch-points, where disruption would not necessarily damage total connectivity, but would cripple performance. Certain organisations and particular buildings around the world are regarded as hubs, and have a disproportionate amount of the connectivity for a region, country or for international traffic.

      But that is not what this article is about. If you are a stock or futures trader, and either your systems or the systems that you need to talk to on t'internet are DDoSd, then you may be unable to trade. If this happens, and the news leaks, then your share price may take a tumble, and you may also end up losing company value as well as revenue. Ditto any company that relies on connectivity to trade or operate, and there are a large number of those.

    2. jake Silver badge

      @plrndl (Re: Bomb Proof)

      The "designed to survive nukes" is oft repeated, but completely untrue. ARPANET was just a research network designed to research networking. The "nuke" myth came about much later than I started mucking about with it. How long ago was that? Well, there were fewer than two dozen nodes on it. The term "internetworking" had not yet been coined[1]. Cerf & co were probably a year or so away from contemplating the project which eventually became TCP/IP.

      [1] Which was later shortened to the term "interrnet", which was nouned into "The Internet" much later.

  6. Maharg

    Difference between ‘crippled’ and ‘attacked’

    While I don’t doubt the impact there is a difference when saying half of them were crippled in the title and then saying attacked in the text is quite a discrepancy.

    For example I was ‘attacked’ by a daddy longlegs last night while reading in bed, however I was far from crippled due to the experience, it tried the old ‘rope a dope’ on me by moving around in the air in a seemingly random pattern almost as if it was unaware of my existence, but I used a magic spell, gained +10 on my attack power and defeated him with my cunning ninja skills and powerful weapon disguised as a hardback book, afterwards the townsfolk carried me on their shoulders and proclaimed me the new king and a bevy of fair maidens laid before me in awe ready to… ah sorry, went a bit off the point there…

    1. Anonymous Coward
      Anonymous Coward

      Re: Difference between ‘crippled’ and ‘attacked’

      I shake my fist angrily at low flying jets doing exercises over the Yorkshire Dales - this does not translate into terrorist anti-aircraft attacks on RAF

      - although these days it might so I'm posting anon !

      1. Maharg
        Thumb Up

        Re: Difference between ‘crippled’ and ‘attacked’ @AC

        Reminds me of the Simpsons where Homer and Grandpa are escaping in a car from people angrily shaking their fists at them “Shake harder boy, they’re getting away”!

    2. Anonymous Coward
      Paris Hilton

      Re: Difference between ‘crippled’ and ‘attacked’

      Saw the author on twitter protesting innocence on that one - headline writers have something to answer for - no mention of "crippled" in the article.

      Paris, because she doesn't understand the difference between the two either.

  7. Antonymous Coward
    WTF?

    >"I sat down with a top-ranking general,” said MacDermott, “and I asked what kept him up at night. He told me that when he was in the military, warfare was simple. You stood on either side of a field, marched into the middle and fought.

    Eh? How old was he? 400?

    1. This post has been deleted by its author

    2. Maharg
      Thumb Up

      Baaah!!

      I think someone mentioned it was General Sir Anthony Cecil Hogmanay Melchett VC DSO KCB

    3. This post has been deleted by its author

    4. Robert Grant

      @Antonymous Coward

      I was literally about to post the same sentence. Possibly this is one of those generals who's never been in a war?

      1. Destroy All Monsters Silver badge
        Devil

        Re: @Antonymous Coward

        He just said something about marching and fighting. He didn't say anything about survival rates.

  8. Barry Rueger

    I Estimate You're Lying

    The report said that cyber crime costs the world between $38bn and $1tn, although it is impossible to produce entirely accurate figures due to the indirect costs which are often left out of such calculations.

    Eh? Maybe be impossible because a) half of the victims will never admit to being attacked, and b) estimated losses tend to be grossly inflated, esp. if insurance can pay for them.

  9. Anonymous Coward
    Anonymous Coward

    ..but

    You could make a case that financial institutions are already hacking financial systems, that's what some accountants do for a living. The ability to manipulate markets at ever accelerating speeds and the complexity of the systems such markets employ, means that in order to even compete in such a market, you must know the rules better than the rule makers and use loopholes and bugs to your advantage. Sounds like hacking to me. Legal, but reprehensible.

    The only difference here is that many other people who don't wear house-priced suits and correctly coloured ties are now hacking their systems, only these crazy hackers don't expect to make money from it or destroy the lives of poor folks, and that is terrible and illegal...

  10. Destroy All Monsters Silver badge
    Trollface

    > destabilising markets

    I'm sorry? That door is already open.

    Like trying to destabilise a casino full of retards doing quant shit fuelled by easy money from government presses.

    Close the doors, let in the gas.

    1. Destroy All Monsters Silver badge

      Oh quant shitters are reading El Reg?

  11. Brian Miller

    Private networks, leased lines, anyone?

    If a high-speed critical trading network is hanging off of the public network, then is it any wonder that it's being attacked? My IP address gets attacked over 1,000 times a day (yes, I ran a honeypot to find out), and that's from pure automation, and not anything malicious. If a gargantuan financial institution is too cheap to lease a private line, they deserve what they get.

    If you don't want something attacked, don't expose it. Simple.

    1. Anonymous Coward
      Anonymous Coward

      Re: Private networks, leased lines, anyone?

      Whilst what you are suggesting sounds sensible, you can't exactly force your clients to buy fibre into your darknet now can you? Well, not if you expect to stay in business.

      However, there is a way to alleviate some of the pressure at the front door if you only allow clients to connect via VPN, then you can filter out at the ISP layer before it even gets to you.

  12. Adam Christie-Grant

    Is it just me...

    Or was this ALWAYS going to happen while sections of society consider the banks worse than evil? Why is this surprising? And why on Earth would anyone immediately start saying this is not about financial gain - Seriously people with half the planet feeling aggrieved; Either Western 2007 or the Asian 2000 crisis; what exactly did they expect - A couple of power hippies standing outside the banks Or did someone somewhere actually wonder what all the unemployed annoyed people would do?

    1. ecofeco Silver badge
      Paris Hilton

      Re: Is it just me...

      >Or did someone somewhere actually wonder what all the unemployed annoyed people would do?

      Aren't they supposed to go away and die quietly or become high tech workers?

      Either way, let them eat cake!

      1. Brewster's Angle Grinder Silver badge
        Coat

        @ecofeco - somebody had to hit the meme

        "Either way, let them eat cake!"

        The cake is a lie!

        Mine's the one with the portal gun in the pocket. And no, I'm not pleased to see you - I'm not that sex.

  13. BornToWin

    It will all work out

    Eventually the perps will be caught and prosecuted. What goes around generally comes around. Prison will be a good education for the perps.

    1. Sir Runcible Spoon
      Joke

      Re: It will all work out

      You need to get back to the set, the Z-Cars are running out of fule (sic).

  14. Anonymous Coward
    Anonymous Coward

    Was it Zero Cool to blame?

  15. null 1
    WTF?

    "He told me that when he was in the military, warfare was simple. You stood on either side of a field, marched into the middle and fought."

    This has to be one of the stupidest things I've read in a long time. I have trouble believeing that this unnamed "top general" even said that! Just how old IS THIS GUY? We're not living in the age of Napolean anymore. Even then, as always, it was generally the loser who thought like this.

    ""... It's sort of like having a water pistol and going up against someone with a cyber weapon of mass destruction."

    This has to be a joke...

This topic is closed for new posts.

Other stories you might like