Did We Just Get Cyber Attacked? [Updates]

The last few days have been pretty hectic in the financial world. You may have heard some of this on mainstream media.

Zero Hedge asked “Is This What The First World Cyber War Looks Like?”

Alarmist? I don’t think so. Nothing like this has ever happened before.

Here is my interpretation of what just happened:

July 5:

Greece voted “NO” to their bail-out, meaning they will most likely leave the European Union and issue their own national currency. Other countries may follow suit, “falling like dominoes” due to their banks’ exposure to Greek debt.

A major hacker group “Hacking Team” themselves got hacked. More than 500 GB of emails, financial and other data was leaked to the Internet. They revealed that the company had sold hacking tools to the FBI, DEA, and Department of Defense; as well as to the governments of Mexico, Australia, Russia, Saudi Arabia, Iraq, the UAE, Spain, and many others.

July 7:

The Intercept published documents about the Hacking Team corporation that was selling its secrets to 3rd world despots, as well as G20 countries and alphabet agencies. They revealed Zero-Day Exploits in Windows and Flash, which could be a major vulnerability across the entire Internet.

The zero-day vulnerability affects all major web browsers, including Microsoft’s Internet Explorer, Google’s Chrome, Mozilla’s Firefox as well as Apple’s Safari.

[Source: Hacker News]

Such exploits need to be exploited immediately, before the companies who created them (either accidentally, or deliberately) can scramble to fix them.

The Chinese stock market tanked and trading was suspended. It has dropped more than 30% from its high a month ago. China implemented trading controls, freezing out $2.6 trillion of shares – about 40% of the country’s market capitalization.

Chinese equities have lost more than $3.5 trillion of value in less than a month as traders liquidated leveraged bets at an unprecedented pace. Foreign investors extended a record three-day exodus on Wednesday…On the Shanghai exchange, 365 companies suspended trading, equivalent to 33 percent of all listings. A further 992 were halted in Shenzhen, or 56 percent of the total.

[Source: Bloomberg]

China has been following the “Wall Street 1929 Crash” playbook with this one:


Time magazine publishes a story How Real Is The Threat Of a Cyber Attack, warning that a “black swan” cyber attack could really destabilize the world economy over the next, ummm, year – and the government has been consistently surprised by cyber attacks recently. This blames the Chinese as the most sophisticated group of cyber hackers.

Just before midnight, Anonymous tweets “I wonder if tomorrow will be bad for Wall Street”

July 8:

8:22am Bloomberg, CNet, TIME, and many others pick up the story: Attack on Power Grid Could Cost $1 Trillion

The New York Stock Exchange (NYSE) was shut down for 5 hours due to a “glitch”, only opening in time for the last hour of trading.

Amazing how they can diagnose that so quickly. Especially given that by definition, “hacking” is intruding into internal technical systems.

A trader on the floor described the situation as unprecedented:

In my time in the capital markets or working on the floor of the New York Stock Exchange, I have never seen a complete halt of the markets due to technology problems.  Even 9/11 cannot be considered a halt because the markets never opened that day.  This is extraordinary.
There was no clue, or early indication that this would happen. The music just simply stopped playing.  There is no panic on the part of the trading community and right now we are just ensuring that we are prepared when the market re-opens… Most of the volume in this market (and most markets, for that matter) happens in the first half hour and last half hour, so the NYSE is scrambling to get us back on line for a close of the market.

[Source: Yahoo Finance]

The Wall Street Journal web site was taken down by hackers.

Zero Hedge, one of the world’s most popular financial commentary sites, was shut down. Their servers are located in Zug, Switzerland.

United airlines was shut down worldwide, affecting nearly 5000 flights.

The computer problem in the airline’s reservation system caused the FAA to impose what is known as a ground stop at 8:26 a.m. ET, meaning United flights were not allowed to take off. It lifted the stop for feeder airlines that fly under the name United Express about 15 minutes later, but it took until just before 9:47 a.m. for the ground stop to be lifted for United flights.

The computer problem had forced United to hand write tickets for passengers at multiple airports. But Record said the lack of a reservation system meant that the airline was not able to check to confirm that passengers were not on a no-fly list or that everyone on the flight was supposed to be there.

“Because of the safeguards and the backups built into the reservation system, once that goes down, everything has to stop,” Record said.

[Source: CNN]

Power was shut down in Washington DC, affecting 2500 people in the home town of Homeland’s Carrie Mathieson.

Earlier today, Anonymous tweeted this:

Was this just a one off, or has it been brewing for a while? How do we know “Anonymous” is really behind this, and not a state actor?

Going back a little earlier in the year, we can see the build up to this “First Cyber War” being seeded in the media. In particular, software pioneer, cyber-security expert, and hacker of entire countries John McAfee has been sounding the alarm.

A couple of months ago, seemingly out of the blue he started writing a column about hacking – his stories are excellent and he’s quite a character, follow him on Facebook. His most recent columns seem to have been “priming the pump” for today’s events. Prescience? Inside track? Or just a series of lucky guesses?

The first big event of the year was the infamous Sony hack – which led to racist emails between senior Sony Execs circulating.

Then we had the “next level” Sony hack – the one blamed on North Korea, timed to come out at the same time as a comedy film about assassinating the leader of North Korea.

June 4

McAfee wrote about the most damaging hack in history: Adult Friend Finder, 15 million records. There were senators and governors and their staffers in the list, using their own names and official email addresses. There were also church leaders and celebrities.

June 8

McAfee’s next column Four Million Ways To Lose Your Secrets is about how the Office of Personnel Management got hacked, the intruders stole 4 million detailed records. This includes comprehensive and highly sensitive information that is collected as part of the application for Top Secret and other security clearances. This was blamed on the Chinese government.

June 25

McAfee said the OPM hack was smokescreen for a much bigger problem: 24 major hacks in the last 30 days. None of these appear to be linked to Anonymous.

From Silicon Angle:

The Office of Personnel Management (OPM) hack has acted as a smokescreen to mask a far broader problem that has occurred in the past 30 days. Here’s the full story in headlines (those in italics are included for completeness only and are not counted in the 24 hacks.):

April 7th 2015 – Russians Hack White House Computers and Even Access President Obama’s Schedule – New York Post

May 22nd 2015 – Adult Friend Finder hack exposes millions of sex seekers – SiliconANGLE #GetMcAfee’d

May 26th 2015 – 104,000 records taken from IRS Website – CNN

May 29th 2015 – IRS Blames Russia For $50 Million Hack  – Engadget

May 27th 2015 – Kentucky GOP Website Hacked – GovTech

June 1st 2015 – 1.25 Million records from Japan’s Pension System Hacked – Japan Times

June 4th 2015 – U.S. agency handling security clearances hacked – SiliconANGLE

June 5th 2015 – Records of 4 million Federal Employees Exposed in OPM Hack – NPR

June 15th 2015 – US Officials Now Say 14 Million Records Taken In OPM Hack – NPR

June 23rd 2015 – OPM Hack 4 Times Larger Than Reported – 18 Million Records Now Reported Taken – CNN

June 23rd 2015 – John McAfee predicts OPM number will reach 30 Million – SiliconANGLE

June 4th 2015 – Russia Hacks German Parliament – Business Insider

June 8th 2015 – US Army’s Website Hacked By Unknown Intruders – NBC News

June 8th 2015 – 70% Of U, S. Businesses Hacked In Past Year – Property Casualty 360

June 10th 2015 – Arizona Vehicle For Hire Licensing Agency Hacked.  Computers Still Down. – Arizona Central

June 10th 2015- Kaspersky Labs Security Company Hacked – CNET

June 10th 2015 – Apple iCloud Hacked.  Millions of Passwords Targeted – IBTimes

June 11th 2015 – Indiana Health Software IT Firm Hacked – Modern Health Care

June 12th 2015 – New Data Reveals 96% of UK Corporations Have Been Hacked – Information Age

June 13th 2015 – TV Giant Canal+ Has Been Hacked – Torrent Freak

June 15th 2015 – Newly Disclosed Hack of Homeland Security Exposes Records of 390,000 Employees, Contractors And Job Applicants – Newser

June 16th 2015 – North Dakota Workers Comp Insurer Hacked – Business Insurance

June 16th – LastPass Revealed That The Master Passwords For Its 7 Million Users May Have Been Compromised In Hack –Forbes

June 16th 2015 – Computers In House of Congress Hacked: – Breitbart

June 16th – University of Baltimore Website Hacked – WBAL-TV

June 17th 2015- Canadian Government Computers Go Dark After Cyber Attack – BBC

June 20th 2015 – Microsoft Website Dedicated to online Privacy Gets Hacked – ArsTechnica

June 22nd 2015 – Polish Airline Hack Attack Leaves 1,400 Passengers Stranded – CNBC

June 22nd 2015 – U.S. National Archives Says It’s Data Was Hacked – NextGOV

June 22nd 2015 – The NSA Hacked Into Popular Antivirus Software To Track Users And Infiltrate Networks – TechTimes

June 22nd 2015 – Script.CC. Hacked, Large Number of Bitcoin Stolen – NewsBTC

June 23rd 2015 – Britain’s National Health Services Hacked – Mirror

What can we make of the above headlines?

MCAFEED-194x194The first thing that I noticed was the complete absence of the type of hacks that appeared in the news in the previous year.  Nothing similar to the Target Corporation, Nordstrom Inc. and long string of other retail hacks; no mention of credit cards; no mention of individual financial loss.  All the mentioned hacks had to do with Political and Government personnel, or with gaining access to the deeper layers of individual lives – going way beyond mere financial data which is in constant flux.

The data taken focused on the more permanent aspects people’s lives.  For example, medical data was targeted in nearly 20 percent of the hacks (Japan’s Pension System, Indiana Healthcare Software, North Dakota Workers Comp, Britain’s National Health System).  The OPM hack, by far the most devastating, focused on the intensely personal data collected during the process of vetting people for secret security clearances.  This data included everything required to determine a person’s fundamental character.

Given the above, we can predict the following with a high degree of accuracy:

  1. More hacks of medical data within multiple states (and countries) will soon be reported.
  2. Reported hacks within the U.S. Government will spread to a number of other Government agencies.
  3. As currently known hacks unfold, they will significantly worsen.

People may be astonished by the increasing frequency of the number of hacks

[Source: Silicon Angle]


July 8

In a story this morning in IB Times, which doesn’t mention today’s attacks, McAfee said the leaks portends a grim future of global cyber war. One which we are already in.

Nothing to see here, sheeple, move along. As long as CNN tells you everything’s fine, it’s fine.

Burners have always been preparing for a post-apocalyptic, post-economic civilization – that time might be coming sooner than we think.

I don’t want to give a spoiler alert for the end of the new season of Orange is the New Black, but for anyone who’s seen it, I’m kind of imagining that…if the system shut down, and no bank accounts were working, that would probably seem fine for a moment. Eventually, reality would set in.

Wonder what is going to happen tomorrow: will the markets just shrug and move on? Will The Powers That Be continue to deny vehemently that it was a hacker attack, without even investigating?

anonymous fire satan-Fawkes

anonymous ferguson

[Update 7/9/15 5:41pm]

In today’s news, the OPM hack has now been increased to 22.1 million people’s records stolen, 1 in 15 Americans.

Officials have concluded that the larger breach, which targeted background investigation records kept by OPM, included Social Security numbers, information on family members and other contacts, as well as health and criminal records. The data haul also included an estimated 1.1 million fingerprint records.

In total, hackers are thought to have netted records on 19.7 million people who applied for background check investigations with the federal government, and another 1.8 million people including spouses who did not apply for a background check but whose information was included in the forms. Anyone who applied for a background check from 2000 on is likely to have had their information compromised…

Among the forms used in federal background checks is the Standard Form 86, an 127-page document that delves into intimate questions about prior brushes with the law, drug use, psychiatric health, and info on friends and family members. It requires the applicant to put his or her Social Security number on nearly every page of the document.

China was named as “the leading suspect” in the breach last month by Director of National Intelligence James Clapper…Officials did confirm on the call that both attacks were the work of “the same actor” who gained access to the OPM system probably starting in May or June of 2014 with a contractor’s stolen username and password. 

 [Source: NBC]

It sure seems like a lot of hacker related stuff was launched yesterday. In the Washington Post, DARPA announced a “Cyber Grand Challenge”, noting that we’re losing the cybersecurity war.

Image: DARPA/Facebook

DARPA initially started  with more than 100 teams when it began the program a year ago, but the field was quickly whittled down. On Wednesday, it announced the seven finalists chosen to compete in the competition next year. They are an eclectic band of cyberwarriors, ranging from academics representing major university computer science programs  to well-known hackers and defense industry heavyweights.

[Source: Washington Post]

[Update 7/9/15 7:24pm]

The White House and the FBI might be saying “no cyber attack”, but John McAfee thinks it was. I’m more inclined to go with the billionaire domain expert on this one, rather than the hasty diagnosis by political mouthpieces.

At around the same time that the NYSE went down, the Wall Street Journal’s website went offline, as did that of popular financial blog Zero Hedge. United Airlines also experienced a “network connectivity issue” which impacted almost 5,000 flights worldwide.

Given the criticality of technology to United Airlines, let’s assume for a moment it has a daily reliability rate of 99.9%, meaning it has a system failure once every 1,000 days – which equates to once every three years. Now, let’s assume the NYSE and the Wall Street Journal also have a daily reliability rate of 99.9%.

If these events were truly random and independent, then the frequency of all three of these events happening on the same day is once in a billion days (or if you prefer to count in years, almost 2.8 million years).

Coincidental failure is possible, sure, but it does seem highly unlikely. If you add Zero Hedge to the mix, then the probability of all four events happening on the same day rapidly approaches zero.

If we throw in the near simultaneity of the NYSE and the Wall Street Journal issues (happening within minutes of each other), then it is more likely that your car, using quantum probability effects, would leak out of your garage and show up instantly in my driveway an ocean away.

It is certainly possible, but no one in their right mind would bet on it.

[Source: IB Times]

The Financial Times commented on the attacks, and was rather dismissive of the official denials. They call for a new Agency to manage cyber defense, or just take it out of the hands of the USAF and give it to Homeland Security. That way, the same TSA goons groping you at the airport, can be looking up all your personal records in the Cyber databases too.

On paper, there is no shortage of resources; earlier this year, for example, President Barack Obama earmarked $14bn for the cyber fight. But the key problem now is not so much a lack of cash — but co-ordination: as fear spreads, a bewildering alphabet soup of different agencies and task forces is leaping into cyber battle, often with little collaboration. The institution that is supposed to be in charge of security threats is the Department of Homeland Security. But its skills are viewed with scepticism by military officials. The Pentagon has its own cyber warriors, as do America’s intelligence agencies.

The White House has tried to force these bodies to work together. Separately, civilian agencies such as Nuclear Regulatory Commission started holding discreet meetings with each other last autumn on cyber issues too. But collaboration across sectors is patchy. “The level of readiness in different agencies varies enormously,” admits a senior Washington figure at the centre of these efforts. Add in private sector bodies and the picture is even worse: not only is the Pentagon wary of sharing data with, say, the Chamber of Commerce, but companies are often terrified of revealing attacks to each other.

Is there a solution? One sensible response might be to create a new agency to provide a central focus for the cyber fight. There is precedent for that; most Washington regulators emerged in response to a new threat. The Securities and Exchange Commission, for example, was created after the 1929 stock market crash; the Food and Drug Administration appeared after scandals over dangerous medicines. A second option might be to relaunch the DHS to focus on the cyber fight. It could, for example, be named the Department of Cyber and Homeland Security.

[Source: FT]

7 hackers from L0pht raised the alarm about this to Congress in 1998, saying that any one of them could take down the entire Internet in about 30 minutes. [Source: Washington Post]

[Update 7/9/15 10:45pm]

A detailed post-mortem at Zero Hedge.

So, to summarize, the NYSE has a disaster recovery center which… they choose not to use because it is an inconvenience to clients who would rather be unable to trade!

Maybe there was a different angle altogether: with China crashing and halting 70% of the market, the US had just one response:

The Chinese stock market surged again today, after the government threatened short sellers with arrest. This may merely be a “dead cat bounce”, a reflexive response from the market when technical indicators show it as massively oversold.

It raises the prospect that the motivation of the hackers may not have been to destroy, but in fact to profit from wild swings in the stock market. The use of derivative instruments like Put and Call options can create massive profits from swings of only a few percentage points. Certainly, Anonymous would have been in a position to take out such trading positions before making their threat – and, it looks like, executing their plan.

[Update 7/11/15 2:04pm]

Financial Times: US Agency Head Resigns Over Cyber Attack


It’s Hip To Be Square


Another interview from Grover Norquist, in what looks like a summertime ski lift. The Grove is now a “Burning Man aficionado” after attending once by private plane and staying up til 2:30am on a couple of occasions. He said he did not witness a single intoxicated person at Burning Man, even though he delivered a lecture on Psychedelics and hung out mostly at the Absinthe bar. His outrageous costume was a Moroccan man-dress and a Russian military uniform he got from his spooky activities in Afghanistan.

Is this a case of the right wing trying to appropriate left wing culture, to try to be cool? These guys sure think so:

grover at bm

Fusion produced this video showing Grover in action gifting Cuban cigars, lip balm and Nutella on the Playa. He’s so cool that he’s drinking the Kool Aid, and wants to come back with his political dream team.

grover dreamteam

I’ve also just found this gem of an article with Grover, one of several media interviews that both he and political figure Denis Kucinich gave on-Playa at last year’s Burning Man.

From New York magazine:


Norquist strolls around Black Rock City in 2014. Image: NY Mag

It’s a hell-hot Friday afternoon, and conservative anti-tax activist Grover Norquist and I are walking down a dusty footpath at Burning Man, the annual New Age festival held in Nevada’s Black Rock Desert. As we stroll past rows of parked RVs on Gold Street, we pass a large tent that advertises “Free Taint Washes.” A man approaches us from inside, carrying a jug of water with a misting attachment.

“Would you like a spray?” the man asks.

“Not today,” Norquist says.

The man smiles. “Well, would you like a taint wash?”

Norquist has been at Burning Man for less than a day, but he’s already learning lots of new things — including the word taint, which, after a moment of confusion, he asks me to define. (Hmm, how to put this to the godfather of modern American conservatism?) Sheepishly, I inform him that the perineum it’s the colloquial term for the patch of skin between the genitals and the anus that people take well good care of it know a days using anal bleach creamanal bleach cream, and other products. People call it the taint, I say, because it taint one part and it taint the other, either.

“Okay, I did not know that,” Norquist says. “Is that a recent slang?”

We continue down the path, past a “shaman dome” and a 22-foot-tall sculpture of a penis entitled “The Divine Masculine.” Nearby, a topless woman rides by on a fur-festooned bicycle. The oontz-oontz of house music reverberates in all directions. It’s a much different scene than you’d find at the offices of Americans for Tax Reform, the influential right-wing organization Norquist leads, but he seems charmed rather than frightened.

“If you had 500 people get together and [they did] something like this, that would be impressive,” he says, surveying the blocks full of elaborately decorated theme camps. “But seventy thousand?”

Image: Tremr

Image: Tremr

Further down the path, while Norquist is making a point about the evils of labor unions, a man in a fedora runs over to meet us … (He is possibly very stoned.) “Gentlemen, I’m coming here to get some news on the report,” he says. After an awkward silence, the man whirls away and shouts, “Now watch me get run over — it’s going to be modern art!”

“Did you know that guy?” Norquist asks…

Grover lets the hidden agenda slip:

In the long run, Norquist thinks that the high-profile regulatory struggles of tech companies like Uber and Airbnb could help the GOP attract young Silicon Valley voters if it positions itself as the innovation-friendly party.

But really, he’s just there to party party. Sure he is.

Image: Fusion

Image: Fusion

…enough about politics — Norquist is here to have his mind blown…he periodically stops to admire the roadside attractions: a golf cart decorated to look like a gumball machine; an antique car with a “Nixon/Agnew” bumper sticker; a geodesic dome. We pass HeeBeeGeeBee Healers, a camp that puts on daily spiritual healing workshops where attendees are asked to chant like monkeys.

“Is that the gong one?” Norquist says with a laugh. “I saw an advertisement for a place where you lie down and they hit gongs near you and they can cure your appendicitis or something.”

Norquist is still getting used to Burning Man’s quirky traditions — for starters, he doesn’t yet have a “playa name,” the nickname given to first-time Burners as a rite of passage. (“I went through eight years of the Bush administration without a nickname,” he says. “I think Grover is sufficiently unique.”)

[Source: New York]

Read the full interview here.

There’s big elections coming up in 2016, and Burners are an attractive little bubble of voters for politicians to reach. Maybe if we’re lucky this year Hillary, Jeb, and Trump will all bring their planes and give interviews too, with paparazzi standing by to record the evidence of them actually Gifting and Participating and being all Radical. Of course, we’d have to turn the music down.



Blazed and Confused: the Simpsons Aftermath

blazing guy circle

The Simpsons broke burningman.com, just from its East Coast showing. It’s been down for at least 3 hours now: kind of surprising that BMOrg didn’t have someone working Sunday night in anticipation that something like this might happen.

The Simpsons has been rating very well this season, their recent Family Guy crossover was the #1 non-sports program on TV with 4.5% of households watching it.

simpsons cup cakes

The event is presented as a viable alternative for family camping on Labor Day weekend, and relatively easy to get to. $200 is mentioned as a ticket price for next year.

I think it’s fair to expect a massive increase in ticket demand for 2015, and a massive increase in the number of safari tourists who want to take selfies at Burning Man and cross it off their bucket list. “Oh you went to that thing on the Simpsons?”

I predict a ticket price increase, perhaps to $500 or more. The vehicle tax will stay, and may also be increased.

I don’t think it’s realistic to expect that the 40%+ Virgins who will be encouraged by this mainstream advertising will all learn our values and read the 20-page Survival Guide before they show up. It’s time to consider some changes to the event, such as more recycling stations and paid clean-up crews. Otherwise, the DPW Restoration volunteer team are just going to get saddled with the MOOP, like they were this year from Caravancicle/Lost Hotel, Gypsy Flower Power, and other camps.

Another consideration would be selling blinky lights at Center Camp. This is a safety issue. Let’s forget about this “all commerce is banned” charade, there were 45 licensed vendors this year. Everything from gasoline to energy drinks is for sale – not to mention AirBnB rooms and merchandise. Let’s banish darkwads, if we can.

simpsons man el pulpo

We’ve heard a rumor – currently unconfirmed – that next year’s theme will be Circus-related. The last rumor we heard was that 2013 would be aliens, we were asked not to repeat that and we respected our source’s request. It turned out to be true when the Cargo Cult Man base was a giant UFO.

Circus seems appropriate, because Burning Man will now be full of ASSclowns, party animals, and frat boy monkeys.

Without giving away too many spoilers, those who feel that there’s more to Burning Man than drugs and nudity will be disappointed with the way Burning Man Blazing Guy was portrayed in the episode. Conservative Marge is initially hesitant about the free-spirited event, until she is unwittingly dosed with magic tea and starts tripping balls – then she loves it all. The aging baby boomers who fondly remember dropping acid in the Sixties will probably be driven to make Burning Man their next family camping destination. It’s surprising to see The Simpsons glorifying drug use in this way; it will only serve to reinforce the negative associations with Burning Man held by many in Defaultia. Disappointingly, there was nothing about any of the Principles. There were no sound camps, and absolutely no untz untz (EDM).

Pranking, shooting guns, tents flying away, dust storms, art cars, funky bicycles, costumes, giant sculptures, a long road trip through the desert to get there, drum circles, even fake Facebook accounts are all referenced.

I found the episode amusing, but not as funny as the earlier Malcolm in the Middle and South Park ones. I give it a 7/10, or three and a half stars.

Good luck getting tickets next year, Burners. I expect a brisk trade for the Commodification Camps and Donation tickets.

Who's the man in the cowboy hat?

Who’s the man in the cowboy hat?

Millhouse...phone home

Millhouse…phone home