U.S. Warns of Possible Cyber Biz Attack

mikesd81 writes "The AP has an article about a possible attack against the New York Stock Exchange via the internet by a radical muslim group. The notice was issued to the U.S. cybersecurity industry after officials saw a posting on a 'Jihadist Web site' calling for an attack on U.S. Internet-based stock market and banking sites in December, said Homeland Security Department spokesman Russ Knocke. Knocke has said: 'There is no information corroborating the threat and that the alert was issued as a routine matter and out of an abundance of caution.' There is no immediate threat to our homeland at this time. The attacks were to be conducted in December, 'until the infidel new year,' the site said, according to a U.S. government translation. It called for attackers to use viruses that can penetrate Internet sites and destroy data stored there. Spokespeople for the New York Stock Exchange and Nasdaq declined to comment on the cyber-terror threat."

blame the muslims

[nihaopaul]

seriously, is this new?

Re:blame the muslims

[Danga]

blame the muslims. Seriously, is this new?

Well if some of the radical muslim websites did indeed post information saying they wanted to carry out attacks like these then I think it is reasonable to keep an eye out for it. It is not like it is completely unfounded.

If a KKK website posted threats that they were going to group up in say Jackson, Mississippi and lynch some darkies this december would you think it would be stupid to beef up police forces and keep a close watch on what is going on for a while?

Re:blame the muslims

[tritonman]

I heard about this in a news report yesterday. They said "there is no evidence that this is a threat, but the government is reporting..." uh, no evidence? So wtf? Let's just try to scare some people around xmas so they can remember that we are here to protect them when nothing happens.

Advertising attacks?

[haluness]

How seriously can you take would be crackers who go around blabbing about an upcoming attack?

Sheesh, and the media just have to take it up. They even contradict themselves in the same paragraph!

Re:Advertising attacks?

[joe+155]

I think we can largely take people who annoce these things before hand, its just like foreplay for them. They want the media to report on it (which they do - handy really) and they want people to know that they are considering doing it. Its just another tool for spreading fear, uncertainty and doubt.

Besides don't you think there could be a certain amount of l33t points (or some kind of jihad alternative) for saying your going to do an attack and them still being un-able to stop you... I'm assuming this will be like a DoS attack or what have you from bot-nets; does this mean running an unpatched copy of XP is helping the terrorists?

Re:Advertising attacks?

[russ1337]

Exactly,

If they were really serious they'd submit an article about taking down the stock exchange, and include a link to the stock exchanges webserver to have it Slashdotted...

It looks to me like mikesd81 is trying to take down excite.com. (why do you hate our freedom?)

Re:Advertising attacks?

[truthsearch]

The intent of terrorists is to incite terror in order to bring about change. Terror can be spread without any actual attack. Just the fact that the government and companies are responding to a threat, plus the spread of this information through media, increases fear. Since we are listening the terrorists are successful to some extent, even without actually committing the cyber-attack.

Re:Advertising attacks?

[joe+155]

but if they never commit the attack then people will no long belive them next time... I think they do need to at least have a go at it. Although you are right on the whole that the fear is a big part. I think with the brand of "islamic" terrorism though there maybe some part which requires an actual attack - maybe because of a percieved need to hurt someone or something, maybe because of the instruction from the people at the top.

Basically, I agree. But maybe they do want to do it aswell.

Re:Advertising attacks?

[shadow349]

How seriously can you take would be crackers who go around blabbing about an upcoming attack?

I think this quote from Sneakers sums it up nicely:

Cosmo: Posit: People think a bank might be financially shaky.
Martin Bishop: Consequence: People start to withdraw their money.
Cosmo: Result: Pretty soon it is financially shaky.
Martin Bishop: Conclusion: You can make banks fail.
Cosmo: Bzzt. I've already done that. Maybe you've heard about a few? Think bigger.
Martin Bishop: Stock market?
Cosmo: Yes.
Martin Bishop: Currency market?
Cosmo: Yes.
Martin Bishop: Commodities market?
Cosmo: Yes.
Martin Bishop: Small countries?

Re:Advertising attacks?

[diersing]

There is no information corroborating the threat

the alert was issued as a routine matter and out of an abundance of caution

There is no immediate threat to our homeland at this time

The title of TFA is "U.S. Warns of Possible Cyber Biz Attack" but the article is full of back tracking and spin. There will come a point when they issue so many warning that people tune out and the valid warnings will lose value, I recall a fable about a boy and wolf. 9/11 didn't happen because someone didn't act on a couple memos (amongst tens of thousands), 9/11 happened for a lot of reasons (some decades in the making) and fear mongering by the constant issue of warnings is only aimed to keep the masses in a state of fear. You can't go out and enjoy your life, not without Terror Insurance (6 month premiums start as low as 75.99, call this toll free number.

When Bush says FREE Market, he means FEAR Market. - now that's strategry at its finest.

Re:Advertising attacks?

[Jah-Wren+Ryel]

When you get punched in the noce you have 2 choices, punch back and continue punching until the threat is GONE, or do nothing and accept the fact that it will continue to happen regardless of what action you take.

Bullshit. The world is not black and white and neither are your options.

Got punched in the face? Analyze the situation, figure out why you got punched in the face and take a-p-r-o-p-r-i-a-t-e action to reduce the chance of it happening again to an acceptable level. Maybe that means killing the guy punching you. Maybe it means using a different swing on the playground. Maybe it just means kicking the guy in the nads. Maybe it means calling your older brother over to intimidate the guy.

Whatever the case, your simplistic analogy has no place in the real world.

Make your choice, stick by it, and shut the hell up.

Yeah, because changing your mind in response to new information is just not macho. Grow up pequito.

Infidel New Year?

[minotaurcomputing]

I can't wait to watch Dick Clark's Infifel New Year's Rockin' Eve!

-m

Up next, nano-virus threat to create mutants!

[khasim]

So, some joker on some website posts a piece about how people should release viruses to attack the stock exchange ... and our government issues an alert?

What happens when the same joker posts a call for nano-viruses to be released into our water supply to create a generation of flesh eating mutants from our own children?!?

Seriously, you deal with terrorism by NOT being afraid.

You do NOT deal with it by hyping every single fantasy that they can post.

Re:Up next, nano-virus threat to create mutants!

[plover]

Seriously, you deal with terrorism by NOT being afraid.

But you don't get re-elected by ignoring the threat. You get re-elected by trumpeting the threats loudly and then touting the lack of successful attacks. Fortunately, this last set of elections proved that fear-mongering by itself isn't enough; or that it can last only so long.

Re:Up next, nano-virus threat to create mutants!

[Thansal]

What happens when the same joker posts a call for nano-viruses to be released into our water supply to create a generation of flesh eating mutants from our own children?!?

I buy the movie rights!

Re:Up next, nano-virus threat to create mutants!

[ScentCone]

Fortunately, this last set of elections proved that fear-mongering by itself isn't enough; or that it can last only so long.

Heh! Not really. This last election was all about fear mongering. The dems gained seats in the legislature entirely by talking about how people should be afraid of the other party being in control. They certainly didn't win seats by actually spelling out contstructive, real-world things they'd actually, successfully do that would actually be helpful in any way. In fact, just yesterday they made it clear they were already going to break one of their loudest campaign promises (to implement all of the recommendations of the 9/11 Commission). Fear is exactly what it's all about, but they just played it differently ("the republicans want to starve your baby!" "the republicans want to make sure your social security money is wasted on dot-com investments!" "the republicans like to see our soldiers die!" "the republicans work for scary corporations that want to hurt you!"). Say you don't know exactly what I mean.

Yawn

[davidwr]

So the banks will have a higher-than-normal amount of crack-attempts this month, and a proportionately-higher number of successful ones.

ok, so if serious breakin attempts go up 10%, and there's a small number of successful breakins every month, that's *punchpunchpunchding* a very small number of additional successful breakins.

The bottom line - your bank's web site may be a little slower to respond, and you may get a little more spam-email "from your bank" this month. Otherwise, business as usual.

Happy shopping everyone.

Re:Yawn

[MrAnnoyanceToYou]

If there's anything about America I have faith in, it's the ability of the financial system to perpetuate itself. The only thing that could possibly drag it down (short term) at this point would be Microsoft going rogue and having a back door into everything they used to rip the entire system apart...

Fortunately /unfortunately enough, I don't think they're organizationally capable of this.

Interesting..

[AnswerIs42]

The news articles I have seen, read and heard all said there was "No Credible Evidence" that this was a real threat.

Save for the one slashdot finds and posts..

Not gonna happen

[31415926535897]

This is a very funny attack. All of the important network connections, those that allow the NYSE and other exchanges to operate, and connections between them and brokers are not on the Internet. There are connections from the NYSE to the Internet, but they are not needed for trading (it's for when the traders are bored, they can look at porn). This group would definitely need somebody working on the inside to do any real damage.

The best these groups could do are take down the websites of discount brokerages (E*Trade, Ameritrade, etc.), but that won't have one bit of impact on the financial markets. Even if those websites go down, the brokerages will still have their direct connections to the exchanges, so if you can call your broker, you'll still get your trade through.

I wish them the best of luck, because their attack is an exercise in futility.

about time for another one

[WolfMansDad]

Warning, that is. Don't you know we're at war! Americans aren't that good at hate, so we have to be given something to fear. Keeps the govt in business.

Not all systems on the internet

[truthsearch]

The largest banks, plus the stock exchange, still use a wide array of platforms. The stock exchange web site, for example, is not directly hitting the actual stock exchange servers. Most of your bank transactions still go through mainframes. A typical setup is for central transaction servers to push data files to data warehouse servers for reporting purposes. Most systems then run off of these reporting servers.

Between the variety of systems and the layers of security between each it's very unlikely that a virus could bring down the stock exchanges. Or your bank. It's far more likely that their web sites and corporate desktops would go down. The "money" in the wires is far safer.

Not a chance

[Salvance]

It's almost impossible that a bunch of radicalists with relatively sophomoric computer skills could infiltrate the NYSE or the Nasdaq in any substantial way. This is akin to high schoolers joking on forums and IRC that they are going to hack into the school's computers and change grades. Sure it happens, but not typically by a bunch of attention-seeking kids, but usually by some kid that is smart enough he didn't need to do it, just wanted to see "if he can".

If these "hackers" really had a chance to impact the exchanges, it means they've found a vulnerability that the exchanges don't know about. Any smart (but malicious) hacker wouldn't tip their hand to such a find, they'd wait until D-day to launch their attack. Obviously the security folks at the exchanges should take the threat seriously and evaluate their systems for holes, but it would be bordering on the ridiculous for the rest of us to be worried.

Re:Not a chance

[Blkdeath]

It's almost impossible that a bunch of radicalists with relatively sophomoric computer skills could infiltrate the NYSE or the Nasdaq in any substantial way.

What makes you think they have "sophomoric computer skills"?

Best part is

[future+assassin]

this attack will be done from American by Americas very own joe and jane's zombie machines. Dad shoul'd have stayed away from those free pron sites when mom is in bed, now he's a terrorist helper.

The worst thing they cold do

[plopez]

Is target zombie networks and insure that Americans are deprived of Viagra ads, weight loss programs, stock tips and penis enlargements.

The cost to the US could be crippling! Think what would happen if these emails ceased!

Like I said, this is the *worst* thing they could do. ;)

Comment removed

[account_deleted]

Comment removed based on user account deletion

One Whole Post

[Siker]

It's amazing how much you can do with a single post on a single website when people are afraid of the dark.

Coming up next - Homeland Security issues alert after cousin's roommate's girlfriend heard from friend that man with turban was spotted in New York.

That's Funny

[eno2001]

I don't EVER remember living in the "homeland" until the Bushista regime seized power. I still like to call this America myself. Former land of the free and brave. Now home of the politically blind and cowardly.

Homeland?

[GrumblyStuff]

I like that term. It's like living in Soviet Russia.

It makes me feel all warm and paranoid inside.

The Reality of Fear vs. Fear of Reality

[AslanTheMentat]

This last election was all about fear mongering. The dems gained seats in the legislature entirely by talking about how people should be afraid of the other party being in control. Hmmm... this may be the case, BUT, the reality of the situation is that the GOP was selling "fake fear", and the dems were arguably pointing out the reality of the GOP's shortcomings and that the results of these shortcomings in governing are instigating REAL things to be scared about. I really feel like the GOP was really playing the "pay no attention to the man behind the curtain" card as the country has gone down the tubes (at least in its position on the world stage as being a bastion of personal freedom.)

I really think the icing on the cake recently was Gingrich telling a group of Free Speech Advocates that free speech needs to be less free because ass-hat terrorists are getting on the net and collaborating. I mean, really, restricting internet access will certainly solve the problem.......sheesh...What an ignorant ass...

Re:We're all so smart

[fastcoke11]

I think his point was that what they reported was not going to be able to effect the market in any negative way, so reporting this as anything other than an assinine idea brought up by some guy writing on a website is just exaggerating.

*why* they need us!

[mhokie]

I thought this was an appropriate quote from V for Vendetta, "I want this country to realize that we stand on the edge of oblivion. I want everyone to remember *why* they need us!"

It's about the stupidity, stupid

[neimon]

Has it occured to anyone that whoever made this threat is a terrorist equivalent of a pointy-headed-boss/marketing exec who is exhorting unknown terrorist hacker-types to unleash one of those virus thingies that he's heard about? Like, they sat in a meeting in some coffee house and said "Yeah! We could release one of those virus thingies! We'd rule the world! Get one of those computer infidels on the internets!"

Isn't this the equivalent of a pathetic "release the hounds," only there are no hounds, and the "leadership" doesn't know that?

Oh, and to religious extremists, isn't technology part of the global, modernistic infidelity?

I mean, really. After 50 years of being immersed in computing, STILL NO NON-TECHNICAL PEOPLE UNDERSTAND HOW COMPUTERS WORK and yet they STILL TELL geeks to do the IMPOSSIBLE.

What's next? A Koran that can fly and spits dates?

I, for one, am sick and tired of our moron overlords.

Indicates nothing.

[Kadin2048]

At risk of violating some sort of Godwin's-Law like rule for making 9/11 analogies, doesn't what you're saying sound a bit like someone sitting around on Sept. 10, 2001 saying "With a little bit of thought, the terrorists could set off car bombs in front of a bunch of major airports and totally screw up air travel? Since they cannot accomplish even that minor task, they don't have the skills to accomplish a major attack."

I think you're leaving out a major psychological motivator: the terrorists in large part aren't satisfied by and don't want just small, anonymous, disruptive attacks; they want large, public, anything-but-anonymous disruptive attacks.

Messing around with spreadsheet numbers would probably seem like a computer glitch. While its effects might actually be more crippling to the United States economy than taking out the NYSE for an afternoon (just like there are a lot of other physical-terrorism scenarios that would have been even more disruptive to the U.S. than destroying the WTC), that doesn't mean that they're as attractive to a potential terrorist.

I'm not sure if a lack of small-scale attacks really indicates that the enemy is incapable of larger ones; I think that's a terribly dangerous assumption to make. All the lack of smaller attacks means is that we have no idea what their capabilities are, and need to protect ourselves on all fronts.