Did We Just Get Cyber Attacked? [Updates]

The last few days have been pretty hectic in the financial world. You may have heard some of this on mainstream media.

Zero Hedge asked “Is This What The First World Cyber War Looks Like?”

Alarmist? I don’t think so. Nothing like this has ever happened before.

Here is my interpretation of what just happened:

July 5:

Greece voted “NO” to their bail-out, meaning they will most likely leave the European Union and issue their own national currency. Other countries may follow suit, “falling like dominoes” due to their banks’ exposure to Greek debt.

A major hacker group “Hacking Team” themselves got hacked. More than 500 GB of emails, financial and other data was leaked to the Internet. They revealed that the company had sold hacking tools to the FBI, DEA, and Department of Defense; as well as to the governments of Mexico, Australia, Russia, Saudi Arabia, Iraq, the UAE, Spain, and many others.

July 7:

The Intercept published documents about the Hacking Team corporation that was selling its secrets to 3rd world despots, as well as G20 countries and alphabet agencies. They revealed Zero-Day Exploits in Windows and Flash, which could be a major vulnerability across the entire Internet.

The zero-day vulnerability affects all major web browsers, including Microsoft’s Internet Explorer, Google’s Chrome, Mozilla’s Firefox as well as Apple’s Safari.

[Source: Hacker News]

Such exploits need to be exploited immediately, before the companies who created them (either accidentally, or deliberately) can scramble to fix them.

The Chinese stock market tanked and trading was suspended. It has dropped more than 30% from its high a month ago. China implemented trading controls, freezing out $2.6 trillion of shares – about 40% of the country’s market capitalization.

Chinese equities have lost more than $3.5 trillion of value in less than a month as traders liquidated leveraged bets at an unprecedented pace. Foreign investors extended a record three-day exodus on Wednesday…On the Shanghai exchange, 365 companies suspended trading, equivalent to 33 percent of all listings. A further 992 were halted in Shenzhen, or 56 percent of the total.

[Source: Bloomberg]

China has been following the “Wall Street 1929 Crash” playbook with this one:


Time magazine publishes a story How Real Is The Threat Of a Cyber Attack, warning that a “black swan” cyber attack could really destabilize the world economy over the next, ummm, year – and the government has been consistently surprised by cyber attacks recently. This blames the Chinese as the most sophisticated group of cyber hackers.

Just before midnight, Anonymous tweets “I wonder if tomorrow will be bad for Wall Street”

July 8:

8:22am Bloomberg, CNet, TIME, and many others pick up the story: Attack on Power Grid Could Cost $1 Trillion

The New York Stock Exchange (NYSE) was shut down for 5 hours due to a “glitch”, only opening in time for the last hour of trading.

Amazing how they can diagnose that so quickly. Especially given that by definition, “hacking” is intruding into internal technical systems.

A trader on the floor described the situation as unprecedented:

In my time in the capital markets or working on the floor of the New York Stock Exchange, I have never seen a complete halt of the markets due to technology problems.  Even 9/11 cannot be considered a halt because the markets never opened that day.  This is extraordinary.
There was no clue, or early indication that this would happen. The music just simply stopped playing.  There is no panic on the part of the trading community and right now we are just ensuring that we are prepared when the market re-opens… Most of the volume in this market (and most markets, for that matter) happens in the first half hour and last half hour, so the NYSE is scrambling to get us back on line for a close of the market.

[Source: Yahoo Finance]

The Wall Street Journal web site was taken down by hackers.

Zero Hedge, one of the world’s most popular financial commentary sites, was shut down. Their servers are located in Zug, Switzerland.

United airlines was shut down worldwide, affecting nearly 5000 flights.

The computer problem in the airline’s reservation system caused the FAA to impose what is known as a ground stop at 8:26 a.m. ET, meaning United flights were not allowed to take off. It lifted the stop for feeder airlines that fly under the name United Express about 15 minutes later, but it took until just before 9:47 a.m. for the ground stop to be lifted for United flights.

The computer problem had forced United to hand write tickets for passengers at multiple airports. But Record said the lack of a reservation system meant that the airline was not able to check to confirm that passengers were not on a no-fly list or that everyone on the flight was supposed to be there.

“Because of the safeguards and the backups built into the reservation system, once that goes down, everything has to stop,” Record said.

[Source: CNN]

Power was shut down in Washington DC, affecting 2500 people in the home town of Homeland’s Carrie Mathieson.

Earlier today, Anonymous tweeted this:

Was this just a one off, or has it been brewing for a while? How do we know “Anonymous” is really behind this, and not a state actor?

Going back a little earlier in the year, we can see the build up to this “First Cyber War” being seeded in the media. In particular, software pioneer, cyber-security expert, and hacker of entire countries John McAfee has been sounding the alarm.

A couple of months ago, seemingly out of the blue he started writing a column about hacking – his stories are excellent and he’s quite a character, follow him on Facebook. His most recent columns seem to have been “priming the pump” for today’s events. Prescience? Inside track? Or just a series of lucky guesses?

The first big event of the year was the infamous Sony hack – which led to racist emails between senior Sony Execs circulating.

Then we had the “next level” Sony hack – the one blamed on North Korea, timed to come out at the same time as a comedy film about assassinating the leader of North Korea.

June 4

McAfee wrote about the most damaging hack in history: Adult Friend Finder, 15 million records. There were senators and governors and their staffers in the list, using their own names and official email addresses. There were also church leaders and celebrities.

June 8

McAfee’s next column Four Million Ways To Lose Your Secrets is about how the Office of Personnel Management got hacked, the intruders stole 4 million detailed records. This includes comprehensive and highly sensitive information that is collected as part of the application for Top Secret and other security clearances. This was blamed on the Chinese government.

June 25

McAfee said the OPM hack was smokescreen for a much bigger problem: 24 major hacks in the last 30 days. None of these appear to be linked to Anonymous.

From Silicon Angle:

The Office of Personnel Management (OPM) hack has acted as a smokescreen to mask a far broader problem that has occurred in the past 30 days. Here’s the full story in headlines (those in italics are included for completeness only and are not counted in the 24 hacks.):

April 7th 2015 – Russians Hack White House Computers and Even Access President Obama’s Schedule – New York Post

May 22nd 2015 – Adult Friend Finder hack exposes millions of sex seekers – SiliconANGLE #GetMcAfee’d

May 26th 2015 – 104,000 records taken from IRS Website – CNN

May 29th 2015 – IRS Blames Russia For $50 Million Hack  – Engadget

May 27th 2015 – Kentucky GOP Website Hacked – GovTech

June 1st 2015 – 1.25 Million records from Japan’s Pension System Hacked – Japan Times

June 4th 2015 – U.S. agency handling security clearances hacked – SiliconANGLE

June 5th 2015 – Records of 4 million Federal Employees Exposed in OPM Hack – NPR

June 15th 2015 – US Officials Now Say 14 Million Records Taken In OPM Hack – NPR

June 23rd 2015 – OPM Hack 4 Times Larger Than Reported – 18 Million Records Now Reported Taken – CNN

June 23rd 2015 – John McAfee predicts OPM number will reach 30 Million – SiliconANGLE

June 4th 2015 – Russia Hacks German Parliament – Business Insider

June 8th 2015 – US Army’s Website Hacked By Unknown Intruders – NBC News

June 8th 2015 – 70% Of U, S. Businesses Hacked In Past Year – Property Casualty 360

June 10th 2015 – Arizona Vehicle For Hire Licensing Agency Hacked.  Computers Still Down. – Arizona Central

June 10th 2015- Kaspersky Labs Security Company Hacked – CNET

June 10th 2015 – Apple iCloud Hacked.  Millions of Passwords Targeted – IBTimes

June 11th 2015 – Indiana Health Software IT Firm Hacked – Modern Health Care

June 12th 2015 – New Data Reveals 96% of UK Corporations Have Been Hacked – Information Age

June 13th 2015 – TV Giant Canal+ Has Been Hacked – Torrent Freak

June 15th 2015 – Newly Disclosed Hack of Homeland Security Exposes Records of 390,000 Employees, Contractors And Job Applicants – Newser

June 16th 2015 – North Dakota Workers Comp Insurer Hacked – Business Insurance

June 16th – LastPass Revealed That The Master Passwords For Its 7 Million Users May Have Been Compromised In Hack –Forbes

June 16th 2015 – Computers In House of Congress Hacked: – Breitbart

June 16th – University of Baltimore Website Hacked – WBAL-TV

June 17th 2015- Canadian Government Computers Go Dark After Cyber Attack – BBC

June 20th 2015 – Microsoft Website Dedicated to online Privacy Gets Hacked – ArsTechnica

June 22nd 2015 – Polish Airline Hack Attack Leaves 1,400 Passengers Stranded – CNBC

June 22nd 2015 – U.S. National Archives Says It’s Data Was Hacked – NextGOV

June 22nd 2015 – The NSA Hacked Into Popular Antivirus Software To Track Users And Infiltrate Networks – TechTimes

June 22nd 2015 – Script.CC. Hacked, Large Number of Bitcoin Stolen – NewsBTC

June 23rd 2015 – Britain’s National Health Services Hacked – Mirror

What can we make of the above headlines?

MCAFEED-194x194The first thing that I noticed was the complete absence of the type of hacks that appeared in the news in the previous year.  Nothing similar to the Target Corporation, Nordstrom Inc. and long string of other retail hacks; no mention of credit cards; no mention of individual financial loss.  All the mentioned hacks had to do with Political and Government personnel, or with gaining access to the deeper layers of individual lives – going way beyond mere financial data which is in constant flux.

The data taken focused on the more permanent aspects people’s lives.  For example, medical data was targeted in nearly 20 percent of the hacks (Japan’s Pension System, Indiana Healthcare Software, North Dakota Workers Comp, Britain’s National Health System).  The OPM hack, by far the most devastating, focused on the intensely personal data collected during the process of vetting people for secret security clearances.  This data included everything required to determine a person’s fundamental character.

Given the above, we can predict the following with a high degree of accuracy:

  1. More hacks of medical data within multiple states (and countries) will soon be reported.
  2. Reported hacks within the U.S. Government will spread to a number of other Government agencies.
  3. As currently known hacks unfold, they will significantly worsen.

People may be astonished by the increasing frequency of the number of hacks

[Source: Silicon Angle]


July 8

In a story this morning in IB Times, which doesn’t mention today’s attacks, McAfee said the leaks portends a grim future of global cyber war. One which we are already in.

Nothing to see here, sheeple, move along. As long as CNN tells you everything’s fine, it’s fine.

Burners have always been preparing for a post-apocalyptic, post-economic civilization – that time might be coming sooner than we think.

I don’t want to give a spoiler alert for the end of the new season of Orange is the New Black, but for anyone who’s seen it, I’m kind of imagining that…if the system shut down, and no bank accounts were working, that would probably seem fine for a moment. Eventually, reality would set in.

Wonder what is going to happen tomorrow: will the markets just shrug and move on? Will The Powers That Be continue to deny vehemently that it was a hacker attack, without even investigating?

anonymous fire satan-Fawkes

anonymous ferguson

[Update 7/9/15 5:41pm]

In today’s news, the OPM hack has now been increased to 22.1 million people’s records stolen, 1 in 15 Americans.

Officials have concluded that the larger breach, which targeted background investigation records kept by OPM, included Social Security numbers, information on family members and other contacts, as well as health and criminal records. The data haul also included an estimated 1.1 million fingerprint records.

In total, hackers are thought to have netted records on 19.7 million people who applied for background check investigations with the federal government, and another 1.8 million people including spouses who did not apply for a background check but whose information was included in the forms. Anyone who applied for a background check from 2000 on is likely to have had their information compromised…

Among the forms used in federal background checks is the Standard Form 86, an 127-page document that delves into intimate questions about prior brushes with the law, drug use, psychiatric health, and info on friends and family members. It requires the applicant to put his or her Social Security number on nearly every page of the document.

China was named as “the leading suspect” in the breach last month by Director of National Intelligence James Clapper…Officials did confirm on the call that both attacks were the work of “the same actor” who gained access to the OPM system probably starting in May or June of 2014 with a contractor’s stolen username and password. 

 [Source: NBC]

It sure seems like a lot of hacker related stuff was launched yesterday. In the Washington Post, DARPA announced a “Cyber Grand Challenge”, noting that we’re losing the cybersecurity war.

Image: DARPA/Facebook

DARPA initially started  with more than 100 teams when it began the program a year ago, but the field was quickly whittled down. On Wednesday, it announced the seven finalists chosen to compete in the competition next year. They are an eclectic band of cyberwarriors, ranging from academics representing major university computer science programs  to well-known hackers and defense industry heavyweights.

[Source: Washington Post]

[Update 7/9/15 7:24pm]

The White House and the FBI might be saying “no cyber attack”, but John McAfee thinks it was. I’m more inclined to go with the billionaire domain expert on this one, rather than the hasty diagnosis by political mouthpieces.

At around the same time that the NYSE went down, the Wall Street Journal’s website went offline, as did that of popular financial blog Zero Hedge. United Airlines also experienced a “network connectivity issue” which impacted almost 5,000 flights worldwide.

Given the criticality of technology to United Airlines, let’s assume for a moment it has a daily reliability rate of 99.9%, meaning it has a system failure once every 1,000 days – which equates to once every three years. Now, let’s assume the NYSE and the Wall Street Journal also have a daily reliability rate of 99.9%.

If these events were truly random and independent, then the frequency of all three of these events happening on the same day is once in a billion days (or if you prefer to count in years, almost 2.8 million years).

Coincidental failure is possible, sure, but it does seem highly unlikely. If you add Zero Hedge to the mix, then the probability of all four events happening on the same day rapidly approaches zero.

If we throw in the near simultaneity of the NYSE and the Wall Street Journal issues (happening within minutes of each other), then it is more likely that your car, using quantum probability effects, would leak out of your garage and show up instantly in my driveway an ocean away.

It is certainly possible, but no one in their right mind would bet on it.

[Source: IB Times]

The Financial Times commented on the attacks, and was rather dismissive of the official denials. They call for a new Agency to manage cyber defense, or just take it out of the hands of the USAF and give it to Homeland Security. That way, the same TSA goons groping you at the airport, can be looking up all your personal records in the Cyber databases too.

On paper, there is no shortage of resources; earlier this year, for example, President Barack Obama earmarked $14bn for the cyber fight. But the key problem now is not so much a lack of cash — but co-ordination: as fear spreads, a bewildering alphabet soup of different agencies and task forces is leaping into cyber battle, often with little collaboration. The institution that is supposed to be in charge of security threats is the Department of Homeland Security. But its skills are viewed with scepticism by military officials. The Pentagon has its own cyber warriors, as do America’s intelligence agencies.

The White House has tried to force these bodies to work together. Separately, civilian agencies such as Nuclear Regulatory Commission started holding discreet meetings with each other last autumn on cyber issues too. But collaboration across sectors is patchy. “The level of readiness in different agencies varies enormously,” admits a senior Washington figure at the centre of these efforts. Add in private sector bodies and the picture is even worse: not only is the Pentagon wary of sharing data with, say, the Chamber of Commerce, but companies are often terrified of revealing attacks to each other.

Is there a solution? One sensible response might be to create a new agency to provide a central focus for the cyber fight. There is precedent for that; most Washington regulators emerged in response to a new threat. The Securities and Exchange Commission, for example, was created after the 1929 stock market crash; the Food and Drug Administration appeared after scandals over dangerous medicines. A second option might be to relaunch the DHS to focus on the cyber fight. It could, for example, be named the Department of Cyber and Homeland Security.

[Source: FT]

7 hackers from L0pht raised the alarm about this to Congress in 1998, saying that any one of them could take down the entire Internet in about 30 minutes. [Source: Washington Post]

[Update 7/9/15 10:45pm]

A detailed post-mortem at Zero Hedge.

So, to summarize, the NYSE has a disaster recovery center which… they choose not to use because it is an inconvenience to clients who would rather be unable to trade!

Maybe there was a different angle altogether: with China crashing and halting 70% of the market, the US had just one response:

The Chinese stock market surged again today, after the government threatened short sellers with arrest. This may merely be a “dead cat bounce”, a reflexive response from the market when technical indicators show it as massively oversold.

It raises the prospect that the motivation of the hackers may not have been to destroy, but in fact to profit from wild swings in the stock market. The use of derivative instruments like Put and Call options can create massive profits from swings of only a few percentage points. Certainly, Anonymous would have been in a position to take out such trading positions before making their threat – and, it looks like, executing their plan.

[Update 7/11/15 2:04pm]

Financial Times: US Agency Head Resigns Over Cyber Attack


11 comments on “Did We Just Get Cyber Attacked? [Updates]

  1. This is the one conspiracy theory you’ve written about that I think is plausible. Way too many coincidences.

    • Glad to hear you see the number of coincidences related to the plausibility of a conspiracy theory. There is a threshold where “coincidence” just can’t be that. For everyone it’s different. In this case, there are maybe 3-4 major coincidences that are too unusual, and too connected to each other, to be purely random.

      I think once you have above 10 coincidences, you have a pretty fair case to make an argument that there may be some artificial connection between these events, rather than coincidence. Personally, my threshold is more like 2-3: I’m not a believer in “coincidence theories”.

  2. I pulled all of my money out of the markets over the last 2 years and bought real estate. I just bought a water distillery which can be used for sea water. I’m seaside with plenty of fish and no neighbors.

  3. Might a post be most deserving of going viral, it is this post. Kudos.

    The Internet is taped together with ducked tape, chicken wire, and hacker code, with companies management solely desiring to make profit, governments and militaries solely desiring to pretend their computers are not of the ability to be hacked, and them being of less understanding of the difficulties in regards of this than Burners are of the understanding of whom might be Grover Norquist and of why has he harmed the U.S. economy in such a horrible manner. Your posts in regards of these issues, in addendum of the post in regards of brilliant battlebots, are most awesome. This is solely the beginnings. Kudos.

  4. Uh, yeah, except it was all just a “freak coincidence” today as the market dropped.

    […Did you have enough time to get all those equities liquidated today? If you need it again tomorrow, I can let our friends in Pyongyang know…]

Leave a Reply