Stock market "wipe out" may be due to computer error
A number of stocks lost about all their market value yesterday in the span of 5 minutes, leading to the fastest ever drop in the Dow Jones index. Luckily, most of the value was recovered, but the index overall was still substantially lower. It is not clear yet what exactly happened, but computer issues are cites as a possible reason. One report suggested a data entry error (entering "B" for "Billion" instead of "M" for "Million"). But several stocks where affected. These company's stocks went from as high s $59 to a couple of cents in a few minutes.
Again, the investigation is just starting. But this overall reminded me of a scenario we put forward a few years back. John Bambenek published a nice diary [1] in September of 2005 estimating that $24 Billion worth of assets are under the control of bot herders at the time in the form of brokerage accounts owned by infected users. This number is of course just a guess, but it does support the scenario of a bot control "Market DoS". The scenario we put forward back then was that a botnet could cause economic mayhem if such a sell-off would be timed right to coincide with real world events that would cause "market jitters". Right now, the economic crisis in Greece and the oil spill in the gulf of Mexico can be seen as such events.
How do we protect ourself? Sadly, as typical in our approach to software security, incident handling and forensics will have to come first. Maybe then, we will learn what should have considered int he first place: How to write more secure software, how to put the controls in place to prevent these errors.
[1] http://isc.sans.org/diary.html?storyid=712
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
=====================================================
More thoughts on this - - if you want to a large financial influence (for instance in a cyber-war scenario), you don't need to control 24B in household assets through malware, you need to control one trader's workstation at a major firm. Yesterday's event shows us just how vulnerable we are - one bad trade, and all the lemmings follow the leader over the cliff! Fund managers would be good targets as well. Through a lever like this, your control is multiplied potentially hundreds of times.
Looking for targets like that? I just searched linkedin for "hedge fund" (36,000 results) or "fund manager" for targets (12,000 results) - all nicely searchable by city, company etc.
A targeted phish campaign against a narrowly defined audience like that ... hmmmm ....
============== Rob VandenBrink, Metafore ================
Application Security: Securing Web Apps, APIs, and Microservices | Washington | Dec 13th - Dec 18th 2024 |
Comments
Danster
May 7th 2010
1 decade ago
AndrewB
May 7th 2010
1 decade ago
The system was made by humans and has all the imperfections they do, too. This is -not- news to most of the sane population. Get the emotion out of the equation. Over time, when cooler heads prevail, the thought process will correct the failures of the past, unless we choose to allow history to repeat itself.
Lord protect us from those who never make a mistake, and those who make the same mistake twice.
.
PC.Tech
May 7th 2010
1 decade ago
Jim
May 7th 2010
1 decade ago
To anyone who's ever worked in the financial market [IT] business this event is trivial. Market readjusts rapidly, especially since Black Monday
Yes, it can lead someone to devise an attack, and when you think of it, anybody who's ever worked in the financial market [IT] business can do the same, if not better.
prontissimo
May 7th 2010
1 decade ago
At any rate, time to go buy as much stock as I can. Gotta take advantage of the dips before it corrects itself...
JimC
May 7th 2010
1 decade ago
Syd Bear
May 7th 2010
1 decade ago
Syd Bear
May 7th 2010
1 decade ago
The problem is that there are a lot less orders for NYSE stocks if you aren't looking on the NYSE. So if you put a wild 'SELL!'-at-market order in on the electronic platform, the only buy order might have been some joker with a standing 1-cent bid. So 1-cent was your price.
market-ticker.denninger.net has more discussion of this, also pointing out that SEC rules should make this illegal, because brokers are required to provide the best nationwide price. They aren't allowed to ignore NYSE bids just because NYSE wants to take 60 seconds to fill.
Winders
May 7th 2010
1 decade ago
Tisiphone
May 7th 2010
1 decade ago