The talk about the computer worm infecting the Iranian nuclear plant controllers has me wondering: if (in retaliation), a similar work were imported into the NYSE network, could it potentially halt trading?
That would be real financial chaos-no trading for days? There would be a nationwide panic-and possibly, runs on banks.
I hope the NYSE has some very good defenses against this!
The two are not directly comparable. Stuxnetis distributed by Windows systems and is targeted to a known flaw in a specific brand of industrial process controller. AFAIK, it would do nothing at all on the mainframes and Tandem systems that power the trading exchanges.
That’s not to say someone couldn’t buy some time on a few botnets to hammer away at every externally-facing server they can find at the NYSE and attempt a denial of service attack, but I don’t think they’d be able to get very far into the system to attack the transaction processing systems.
Of course, in your proposed scenario, just keeping people from being able to use the system would be sufficient and actually damaging the trading systems would not be needed.
(Assuming, as GotPasswords suggested, that we’re talking about Stuxnet, rather than the Truxnet, the shipping company)
Fundamentally, this the problem with virus/worms/malware/etc: you don’t really know what they’re doing. You can identify symptoms and aberrations, but… if it’s really well-designed, you might be missing something. Nuking all of the software on nuclear/SCADA devices is risky, too.
As an example, there’s a sans.org (safe for work) mention today about the continued prevalence of SQL Slammer seven years after the initial outbreak. We know its symptoms… but not why it’s still propagating the way it is, or what costs are associated with it (bandwidth consumption, mutations that are doing evil without detection, etc.).
The NYSE is run on IBM mainframes, not Windows PCs. Software like Stuxnet won’t run on them at all – different processor, different op codes, etc.
And the mainframe operating system used in quite a bit more robust & secure than Windows. It was designed with security & isolation in mind, and has been used & tweeked for many years.
Oversimplification. Sungard created/owns a lot of the software (a majority, if I’m not mistaken). There a lot of other hands in that pot, as well.
I thought they migrated to aix? (although your point would still substantially remain)
Edit: just googled because I thought I remembered this, looks like they went linux?
I am sure that there is an emergency procedure if something happens to the electricity. According to Wiki, the NYSE has been around since 1792, or about 208 years. How did they trade before electricity? Probably computers were not installed in the NYSE until the 1960’s, or the 50’s at the earliest. They used those funny tickertape machines.
The NYSE is basically a casino, with a bunch of gamblers playing a game that most of us don’t really know about. If the computers were fried, there is a backup plan, or they can just close house for the day and call the computer people. I don’t think a national crisis would ensue. The Security and Exchange Commission (SEC) are a big bunch of ball breakers and prison cell fillers, I just don’t think people have the balls to manipulate the system anymore.
Is there a stockbroker bar nearby?
Puny human, so quaint in your seeming assumption that the “bunch of gamblers” are also your fellow humans, processing information and placing trades at your glacial pace of puny human thought.
In other words, it’s all run by robots, dude.
Stuxnet is a targeted worm that uses Windows vulnerabilities to target specifically configured SCADA systems, and was developed by a well funded and organised team of programmers. There have been other targeted attacks on govt and commercial organisations (the US Military was hit by a USB-delivered worm, the Dali Lama and Google were also targeted by email based attacks), possibly sponsored by govt organisations.
There is no reason to assume that a similar approach could not be used to attack the NYSE, using Windows systems to spread and attack core Linux/AIX systems. There will be a security team running a variety of Network monitoring/Intrusion detection software to prevent this, but the security team have to identify and counter every attack - the hackers just have to get lucky once. Naturally, there are backups and paper trails and shutdown procedures to allow rollback. The real trick would be to introduce a subtle trading error that can run without detection for several weeks and causes longterm market confusion/loss of confidence that could take months to sort out.
Si
The NYSE being taken down by a computer virus is a plot point in a Tom Clancy book, IIRC - maybe Executive Orders? They just reopen a few days later and resume trading exactly where things stood at the time the system crashed.
As I recall it was a combination of an internal trojan that wiped the data record and a manipulation of the market to cause automated triggers to go off, causing the market to freefall. It was the fact that there was no record made it easier to roll back. Thats why I suggest that a real market-killer would have to be a bit more subtle than that.
There are already procedures in place to prevent the freefall cascades that can be caused by reliance on automated trigger software. If the market falls too rapidly, trading is suspended until people regain control from the computers.
Si
There’s a very pretty (and presumably good) DR site for the NYSE in another burough of New York. Not as big as the original, but has been used at times like 9/11 (IIRC it took a while to get folks back into the main building).
Interestingly, NYMEx was (again IIRC) the first to resume normal operations in its normal location. Which was really, REALLY close to a lot of buildings that got knocked out.
The tickertapes only reported trades after they were completed. They had nothing to do with the trade itself.
Also, the actual trading on the NYSE is done by human beings, not computers. The computers are used to record the trades and report. Trades can be ordered via computer, but the specialist is the one who matches buyers to sellers and sets the price.
Thus, if the NYSE computers crashed, the specialists would have to record trades manually, and wouldn’t get any computer-generated trades. People who wanted to trade stock would have to get their broker to phone the exchange to make the trade, just the way it worked before computers (and prior to telephones, they used the telegraph and mail). It would certainly have an effect – the market will be slow, and stock quotes will lag badly behind real-time – but it wouldn’t be a disaster.
The Stuxnet worm was coded to attack a very particular configuration of the Siemens PLC that is installed in a lot of places, but in the Iranian reactor in particular. Given enough time and effort, I’m sure an organization could spend some time researching the exact configuration of the NYSE’s infrastructure and construct a virus to attack a particular weakness of it, if they had the time and desire to do so.
Computers handles all of the trades that are requested to be handled by computers and humans handle all of the trades requested to be handled by humans. It’s a hybrid system implemented in 2006.
The NYSE closes all the time. They closed on Nov. 22, 1963 and I assume they closed on 9/11 for at least a couple days. They can be closed if the trading becomes too erratic (it is relatively common for the trading in one or a few companies to be suspended for an hour or a day). There are two reasons for buying stock. One is to make an actual investment in a company that you think will pay you back. The original purpose of stock was to allow companies to raise money by investing. This would be slightly, but not seriously, inconvenienced by a cessation of trading for a few days. Most investors wouldn’t notice at all. Only someone who suddenly had to liquidate for some reason would be bothered. The other reason is to participate in high volume gambling. They would have to do something else to feed their gambling habits and I, for one, wouldn’t miss them if they all disappeared. It’s funny how a poker room, say, is illegal in NY, but day trading is perfectly legal.