The federal hack is extremely worrying. I know it’s gotten a good deal of press, but I don’t think the public in general realizes how scary this is. This hack will have legs. We will be dealing with the aftermath of this hack for decades to come.
For debate:
(1) Are these incidents (and possibly others not listed) part of a coordinated campaign?
(2) If so, who is ultimately behind them?
(3) On a scale of “shrug” to “panic”, where should we be?
My thoughts:
I think it’s safe to conclude that the German hack and the US federal government hack are the work of foreign governments. This isn’t “bored teen in his mom’s basement” level of hacking; it’s not even “organized crime” level. These are nation-state sponsored, in my opinion. The US government hack is almost certainly China. The German hack was probably Russia. No, I can’t prove this; but I think it’s the most likely explanation.
I don’t think we should panic, yet. But this feels very bad. Russia and China are likely testing the defenses of the West. In theory, this could be preparation for a larger, more devastating attack. Or it could just be flexing their muscles and gathering data to further their economic and political interests - just like the NSA has done for the USA for years. I’m in the “very worried, but not panicked” part of the spectrum.
Well, the NYSE one looks to actually have been an internal glitch, at least from what I’ve read. The WSJ one looks suspicious. Not sure about the other. I’d say, based on the early info available that this wasn’t a coordinated attack, just coincidence.
Well, if it WAS a coordinated attack you could take your pick I guess. I’d probably go with a nation state if the NYSE was involved, though, since that would take some serious tech cred to do (and probably some serious cash since you’d almost have to have someone inside, and you’d need to either have something serious on that person or pay them a boat load of cash since the world would be falling on them if they were caught). I’d go with China or Russia as the most probable since both have very good cyber groups, but it could be a lot of countries. There are also some very savvy cyber black hat groups out there that COULD do the NYSE, so you couldn’t discount them. But China and Russia (with China being the number one suspect) would be my first guess.
If someone hacked the NYSE and actually managed to bring it down? Oh, I’d give that a pucker factor of 11 on a scale of 1 to 10. :eek: That’s some serious shit if it had happened, especially right now when markets are already so volatile. You have the Greek situation (with possible wider implications to the rest of the EZ and EU) and then you have the Chinese stock market in the process of melting down. Throw in someone hacking and taking down the NYSE and we might be on the brink of finding out how nice hunting and gathering would be again.
The US government hack a few weeks ago was almost certainly China from what I’ve read. I don’t actually know about the German one…it wasn’t on my own radar so didn’t read about it much. The NYSE would probably take some serious guns to do though, so almost certainly a nation state. If it had been more than an internal glitch that it seems to have been I’d go with China as the primary suspect, at least initially. You could do forensics to determine where the hack came from (assuming it was an outside attack).
I don’t think there is any reason to panic at all at this point (and panic wouldn’t help in any case). Right now I’d say that it’s coincidence and that the NYSE one, at least, looks to be an internal glitch. Until we know more I’d stick with that, especially since things seem to be coming back up.
At least I’m not the only one wondering - numerous websites have been speculating as well. That said, the official line on today’s glitches has been pretty clearly that they were not hacks. Assuming that’s true, it’s definitely a relief - but still leaves the enormous federal government hack and the brown-trousers German missile hack to feed my worries.
Actually the big and interesting thing learned today from the whole thing is that is was no big deal in the end (to overall markets functioning…it is certainly a big deal to NYSE).
A major US exchange went dark but there were plenty of lit exchanges and business proceeded with little trouble.
Of course it is an inconvenience but overall this is good news. The markets are resilient enough to easily handle an exchange going off line. That would not have been the case 25 years ago.
I wept. I had a hundred lines of perfect code once. It was BASIC and you can pack a nice little program of perfect code in 100 lines, or a bigger program of wretched code if you’re trying to fit it into 16k. Of course, it’s long gone, backed up to cassette tapes then floppies then just to paper that got wet.
As for the NYSE, when I heard it was back up after a little over three hours I assumed the little bit was fixing the problem and the three hours was rebooting the system.
“Most people don’t even know what sysadmins do, but trust me, if they all took a lunch break at the same time they wouldn’t make it to the deli before you ran out of bullets protecting your canned goods from roving bands of mutants.”
One of my favorite quotes. Anyone who actually works with software isn’t surprised when things like the NYSE bug happen - they’re just constantly amazed that anything works at all.
I am one lucky programmer. For the last decade+ I wrote and maintained commercial software either alone or together with my partner, who’s just as good as I am. And whenever we use any libraries, we insist on getting them with code, so that if stuff breaks, we can go in and fix it without having to rely on the kindness of others.
We did have a few years interlude when we had to work in a corporate environment and I worked in big corporations before I settled into the current routine. That article is bang on target.
"The Patriot missiles, stationed on the Turkish side of the border under the Nato pact, were briefly taken over by an unidentified hacker, according to German civil service magazine Behörden Spiegel. "
This seems to imply that the missiles were connected to the Internet, so any hacker could have a go at them. Surely that can’t be true?
Likewise, I am always puzzled when people warn that nuclear power stations, water supply, etc etc. Could be sabotaged by internet. Unless I’m missing something, surely the answer is
Yeah, I think my wife thinks I have a dangerously cavalier attitude toward announcements of data breaches, hacks, software glitches and the like.
I don’t quite have the heart to tell her that all you’ll hear about on the news are the HUGE ones. For every Target hack, or NYSE glitch, thousands of smaller ones happen and never make the news.
A lot of this stuff, especially large system integrations involving ancient legacy systems, seem to be houses of cards stuck together with bits of bubble gum, snot, random hairs, and if you’re lucky, some scotch tape in critical spots. Oh… and the wind is blowing on the house of cards!
[QUOTE=XT]
Well, the NYSE one looks to actually have been an internal glitch, at least from what I’ve read. The WSJ one looks suspicious.
[/QUOTE]
What I’ve seen was that after NYSE was down, WSJ was simply overwhelmed with people looking to see what’s happening. Just an innocent capacity issue resembling a DDOS.
Adding to the “all software is terrible” thought - some software is eternal. I’m a security admin in an absurdly complex environment that has active applications that were written in the early 80’s talking to things written in Og-knows-what last month.
Did you notice, when you fly, that EVERY agent’s terminal is connected to a mainframe text-only 80s software?
When I was a contractor, I worked for quite a few insurance companies. Every one of them was running software on mainframes, and what we were doing were screen-scraper Windows software putting a pretty face on the underlying mainframe stuff. It’s scary. I have a friend who is doing mainframe FORTRAB and COBOL contracting. Has been doing it since 1985 or so. His rates and his general job prospects are going up and up every year.