Financial Exchanges Close Ranks to Fight Off Cybercrime

Plus: Hackers infiltrate European government computer networks, AT&T keeps mum about spilling the beans, and Android users can send fully encrypted texts

3 min read
Financial Exchanges Close Ranks to Fight Off Cybercrime
Photo: vladru/iStockPhoto

Following a string of confidence-shaking cyberattacks on stock exchanges across the globe that affected their operations, 57 stock, futures, and options exchanges have come together to collaborate on cybersecurity best practices. I guess they've come to the same conclusion expressed in a coinage attributed to Benjamin Franklin: "We must, indeed, all hang together, or assuredly we shall all hang separately."

A hair-raising example of how vulnerable the exchanges are came in August when NASDAQ’s systems were besieged by more than double the amount of data they could process. The data torrent, abetted by a software design flaw, caused a three-hour stoppage in trading for thousands of U.S. stocks. Though the culprit was eventually revealed to be human error instead of a cyberattacker, the event revealed one avenue that a crafty hacker could exploit.

The new group, a committee established under the aegis of the World Federation of Exchanges, will try to figure out how to best share information on attackers, their tools, and attack trends, as well as techniques and technologies for fighting off attacks. It’s easier said than done, explains Mark Graff, NASDAQ's chief information security officer and chairman of the new working group. “When I took the job at NASDAQ, I found it was easy to connect with people within the [U.S.] financial community,” Graff told Computer World. “But I just couldn't see who my opposite numbers were in exchanges overseas,” he said.

G-20 Governments in Hackers’ Crosshairs

Researchers at online security firm FireEye say that In the month leading up to the G-20 Summit in September, hackers they presumed to be Chinese nationals broke into the computer networks of five European foreign affairs ministries.  FireEye was temporarily able to monitor the activity of the attack, which it calls Ke3chang, via one of the command-and-control (CnC) servers the hackers used. The campaign began with a series of spear-phishing e-mails laced with a malicious attachment called US_military_options_in_Syria.zip. The attackers knew that the targets would go for the bait because in the run up to the G-20 meeting, the world’s attention was focused on the Syrian civil war and whether the United States would intervene in response to the use of chemical weapons.

For a few days, FireEye researchers were able to snoop on one of the at least 23 different CnC servers the hackers used. They saw 21 compromised computers connect to that server.

In Other Cybercrime News…

  • A hacker who tried to make money by selling access to several corporate, university, and government computer networks—including two supercomputers at the Lawrence Livermore National Laboratory—fell into a familiar trap. It just so happened that the person on the other end of a US $50 000 transaction that would have given the buyer access to the Lawrence Livermore machines was an undercover FBI agent. This week, 24-year-old Andrew Miller, hacker and police-procedural TV show stereotype, was sentenced to 18 months in prison.
  • The makers of a popular Android flashlight application apparently kept users in the dark about its money-making side business: covertly tracking the locations of  “Brightest Flashlight Free” users and selling that information to advertising firms. The company, Goldenshore Technologies, reached a settlement this week with the U.S. Federal Trade Commission, which threatened to come down hard on the app maker.  
  • AT&T cares about you. So much, in fact, that the company refuses to issue a transparency report providing details regarding what data it has turned over to the U.S. National Security Agency. In a letter to the Securities and Exchange Commission, AT&T says that telling the world about the extent to which it divulged information about its customers would upset its efforts to protect its customers’ privacy. You can’t make this stuff up.
  • Eight of the world’s leading tech companies—Facebook, Apple, and Google among them—have created a new coalition whose aim is to provide pushback on U.S. surveillance practices. The group, Reform Government Surveillance, says that tactics such as National Security Letters, which demand that a company turn over data about customers and keep quiet about it, undermine trust in the companies and in the Internet as a dependable medium for communication and commerce.
  • Kaspersky Lab’s ThreatPost reports that Open WhisperSystems’ TextSecure protocol has been integrated into an app that will bring end-to-end encrypted text messaging to 10 million Android users.

Photo: vladru/iStockPhoto

The Conversation (0)

The Cellular Industry’s Clash Over the Movement to Remake Networks

The wireless industry is divided on Open RAN’s goal to make network components interoperable

13 min read
Photo: George Frey/AFP/Getty Images
DarkBlue2

We've all been told that 5G wireless is going to deliver amazing capabilities and services. But it won't come cheap. When all is said and done, 5G will cost almost US $1 trillion to deploy over the next half decade. That enormous expense will be borne mostly by network operators, companies like AT&T, China Mobile, Deutsche Telekom, Vodafone, and dozens more around the world that provide cellular service to their customers. Facing such an immense cost, these operators asked a very reasonable question: How can we make this cheaper and more flexible?

Their answer: Make it possible to mix and match network components from different companies, with the goal of fostering more competition and driving down prices. At the same time, they sparked a schism within the industry over how wireless networks should be built. Their opponents—and sometimes begrudging partners—are the handful of telecom-equipment vendors capable of providing the hardware the network operators have been buying and deploying for years.

Keep Reading ↓ Show less