Security Experts:

Attackers' Subtle Markets Manipulation Could Tilt Global Economies

What’s worse, getting punched in the face or having your pocket picked when you’re not looking?

Anyone who has experienced either of these distinct pleasures in life can tell you honestly that both really suck, but, the true pragmatist might argue that in the case of the former, at least you probably saw it coming.

Financial Markets in Danger from Cyber Attacks?The truth is, while predictable cyber-security onlookers like myself stop and stammer, and yammer on endlessly about all the made-for-Hollywood characteristics of headline-grabbing threats like Stuxnet, far more subtle, yet powerfully destructive forces of electronic attack may be working slowly and silently to disrupt elements of the world’s market-based economies.

OK, OK, there I go again, swinging for the fences and getting all dramatic. But if you read between the lines of an interesting story published in the U.K.’s Times newspaper this week about ongoing attacks on electronic trading systems running in the U.S. and in the U.K., you have to stop and wonder.

The story (paid access only) notes unnamed officials’ concerns that cyber-attackers are successfully breaching electronic trading systems not merely for the purpose of stealing funds, but to actively “spread panic among markets and destabilize western financial institutions.”

The piece also points out that coordinated cyber-attacks on the European Emissions Trading Scheme shut down that exchange’s carbon market less than two weeks ago. The European Commission suspended trading on the exchange after online attacks resulted in the loss of permits worth millions of euros, forcing five national carbon registries to close.

Now don’t get me wrong, if someone could figure out how to melt down a nuclear power plant using a remote attack of some kind that would definitely be pretty awful. But if criminals, terrorists or anyone else starts effectively screwing up the flow of commerce around the globe, that could be unusually dire too.

Hedge fund manager Doug Kass of Seabreeze Partners Management, called a “Master market timer and predictor” by CNBC, made a bold prediction during CNBC’s Fast Money program in December. “The Internet becomes the tactical nuke of the digital age. I believe that cybercrime is going explode exponentially next year as the Web is invaded by hackers. And My surprise is that we will see a specific attack on the New York Stock Exchange which has a profound impact, causes a week long hiatus in trading which will cause abrupt slowdown in travel and domestic business,” Kass said.

Along with the fear of lights-out DDoS attacks that has traditionally stalked electronic markets, and logically still does, one idea is that by quietly corrupting and modifying the numbers moving back and forth across major financial systems assailants could also create the appearance, and subsequent reaction to all sorts of market behaviors that don’t actually represent what should be going on.

Twist a nob a bit here, pull a lever or two there, and all of a sudden there’s a run on some commodity that’s not as valuable as it appears, or some particular currency appears to be taking a beating that it really shouldn’t.

And when news of some sort of major e-markets irregularity goes public, watch a lot of people overreact, and thereby start creating real problems where there shouldn’t have been issues at all.

Print this post out, ball it up, and throw it on the FUD fire if you like, honestly the Times story is pretty poorly sourced and there’s almost as much conjecture in it as I’m invoking here above, though I myself believe it to be true.

An old colleague who worked at World Bank used to tell me some pretty interesting stories about this type of thing, and how the art of subtle manipulation could slowly turn electronic markets on their heads by corrupting their very legitimacy.

What’s worse? Attacking someone’s borders, or slowly disrupting and degrading confidence in their entire national economic well-being?

I think I might take the punch in the face, at least then I could still buy dinner.

view counter
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including stints writing for CNET, eWeek and InfoWorld. Hines is currently employed as director of product marketing at RedSeal Systems, a maker of security posture management software. He lives and works in his hometown of Boston, Mass.