Slashdot Mirror

← Back to Stories (view on slashdot.org)

London Stock Exchange Was 'Under Major Cyberattack' During Linux Switch

Posted by Soulskill on from the waffles-tasty-waffles dept.

An anonymous reader writes with this excerpt from Computerworld UK: "The London Stock Exchange's new open source trading system may have been hacked last year, according to a report. The alleged attack came as the LSE began the switch over to the Linux-based systems, according to the dates referred to in the Times newspaper. The continued threat of cyber attack has resulted in the LSE keeping a close dialogue with British security services, which this year branded cyber attacks as one of the biggest threats to the country. There were major problems on the exchange on 24 August, when stock prices of five large companies collapsed."

20 of 98 comments (clear)

  1. Re:Website FAIL! by a_hanso · · Score: 4, Informative

    Try this instead: http://www.cio.co.uk/news/3258814/london-stock-exchange-under-major-cyberattack-during-linux-switch/

  2. Pissed off crackers? by Centurix · · Score: 5, Insightful

    Part of thinks that these guys may have had easy access to the stock exchange system through whatever backdoor they had. Closing it then pissed them off so they went on the attack.

    --
    Task Mangler
    1. Re:Pissed off crackers? by SimonInOz · · Score: 3, Insightful

      Let's see - the London Stock Exchange swapped to Linux based software. It changed FROM Microsoft based software. (TradElec Windows-based C# and .NET programs, apparently).

      And there was a major cyber attack during the changeover.

      Let the conspiracy theories begin ...

      --
      "Cats like plain crisps"
    2. Re:Pissed off crackers? by gbjbaanb · · Score: 5, Insightful

      not necessarily - they might have thought it was the ideal "opportunity moment" - attack the system when they're undergoing a transition and not only might they get away undetected, but they might also cause more damage than before (ie with servers turned off ready to be replaced with the new software, the capacity would be reduced).

      It isn't necessarily Microsoft fanboi hackers trying to discredit the migration to Linux (and getting their dates cocked up)

  3. Internet Connected Exchanges?! by BenJCarter · · Score: 4, Interesting

    It gives me the heebie-jeebies to think of what could happen to a trading network connected to the Internet. I imagine Stuxnet aimed at financial systems. Shudder.

    --
    For in politics, as in religion, it is equally absurd to aim at making proselytes by fire and sword. - Publius
    1. Re:Internet Connected Exchanges?! by pasv · · Score: 4, Insightful

      If Stuxnet taught us anything is that even systems not connected directly to the internet are still very much vulnerable. Spear phishing and other targeted attacks towards the maintainers/developers of those systems are just as effective if not more so than attacking the system head-on. I'll take the cape of Captain Obvious here but anyone funding an attack sophisticated enough to pull off a Stuxnet-like payload is more than likely well invested in the return of said attack. But of course no one could ever earn any money hacking a stock exchange system right? ;)

    2. Re:Internet Connected Exchanges?! by funkatron · · Score: 3, Insightful

      Yeah, it would be slightly inconvenient but have some perspective, we're talking about one little service industry here. In terms of importance it ranks well below things like power, water, communications, shopping, manufacturing, research. A stuxnet aimed at any of those would be a whole lot more damaging.

      --
      "Welcome to our world. We are the wasted youth. And we are the future too." Yes, I know these are stupid lyrics.
  4. Re:Vague site, no details. by Anonymous Coward · · Score: 5, Informative

    As the concern and speculation deepens around the LSE outages, the exchange is due to switch on the new Linux systems on its main exchange in two weeks’ time, with dress rehearsals over the coming two weekends. The system replaces a Microsoft .Net architecture.

    As the Linux system isn't due to go "live" for another fortnight, I'd expect that it is the .NET based system that has been hacked.

  5. Re:FUD by mangu · · Score: 3, Insightful

    'may have been' another piece of MS-sponsored FUD?

    Of course, since everybody here knows Linux systems do not get attacked

    Yes, at least that's the official Microsoft version. There are no viruses for Linux because no one uses it.

  6. LSE not on the Linux platform yet by Organic_Info · · Score: 4, Informative

    The London Stock Exchange (LSE) have not yet moved on to the new Linux based Millenium trading platform - this is scheduled to happen on Feb 14th. It was supposed to have happened late last year but was delayed.

    A subsiduary of the LSE, the Turquoise Multilateral trading Facility (MTF) has already migrated to the MIT platform though.

    --
    "Things that you own end up owning you" - Tyler Durden (via Diogenes of Sinope).
    1. Re:LSE not on the Linux platform yet by chrb · · Score: 5, Informative
      Yes, the article has several errors:
      • "The London Stock Exchange's new open source trading system" ... except, the trading system isn't open source. Sure, it runs on the Linux kernel, which is open source, but so does Oracle...
      • "There were major problems on the exchange on 24 August, when stock prices of five large companies collapsed. Most notably, BT shares lost £968 million, and the LSE was forced to halt trading for the day." On 24 August the LSE was running the Windows .NET trading platform... the halt of trading had nothing to do with the new Linux platform.

      So, the big story here is that the LSE Windows based platform was possibly hacked and manipulated for financial gain. Why Computer World focuses on the Linux angle is a mystery.

    2. Re:LSE not on the Linux platform yet by Anonymous Coward · · Score: 3, Insightful

      They focused on Linux because a story about .net being attacked isn't news worthy. On the other hand, framing it such that linux may be in the spot light means people are chattering about linux and their story. This seriousl,y sounds like ms sponsored FUD.

  7. Re:Linux Fags by jimicus · · Score: 4, Insightful

    The question I would have is this: Would the MS system have held better?

    The answer is "it depends".

    Mostly, it depends on who's doing the hacking and who's managing the system. If it's a bunch of script kiddies or some bot which tries a number of well-known hacks then gives up and the system is competently managed, chances are neither would be particularly insecure.

    If the system is poorly managed - be it Windows or Linux - chances are it's not going to take much effort to get in and some kid following a script without really understanding it could do it.

    Where things get interesting (and impossible to discuss meaningfully without a better understanding of the systems themselves) is when you have competent, well-funded IT management (which I would hope any stock exchange would) and competent, well-funded attackers who are focused on a single goal (which is entirely possible when you're talking about a high-profile victim like this).

  8. article omits very important point. by seeker_1us · · Score: 4, Insightful

    From one of the comments

    This article is incredibly short on details and clarity. The systems 'compromised' appear to have still been running .NET, but the heading seems to just want to throw Linux and Risk into the same sentence. The complete lack of facts makes this seem like FUD.

    "A half truth is a whole lie" ---Yiddish proverb.

    1. Re:article omits very important point. by h4rr4r · · Score: 3, Insightful

      So how much is MS paying for that spin?
      Their trading system could not meet latency requirements and now they need someway to save face.

  9. Re:Vague site, no details. by bernywork · · Score: 4, Interesting

    What I've heard is this. It's all hearsay, so is probably as factual as the FA.

    The LSE is trying to (Stupidly) save face. They tried to go live and it was an absolute shit show, typical companies got about 20% compliance. There was no way they could roll forward, they had issues with firewalls, members had issues with routing and firewalls, trades weren't going through the system correctly for settlements, there was more bugs in member's code than ants in a nest. If they had said "We're going live anyway" there wouldn't have been a market on Monday morning. Aside from that, everyone goes into freeze for Christmas due to everyone taking time off, so it wouldn't have been sorted till at least after now, by which time, LSE would have lost so much business to the likes of NYSE (And potentially to Borsa Italiana, which is owned by the LSE) that it would be questionable whether they would still be in business by this stage.

    They claimed previously that they were internally sabotaged, well, the running theory was that they just fucked up. To everyone involved that seems like a much more plausible option.

    --
    Curiosity was framed; ignorance killed the cat. -- Author unknown
  10. Love the FUD! by erroneus · · Score: 5, Insightful

    This is just awesome. Just when you would think it would be impossible to spin an attack on a major Microsoft based trading system, they omit Microsoft, insert Linux and speak of the dreaded cyberattack.

    I have to wonder who and why. Anyone have any background on the author and the publication's history on Linux and Windows stories?

  11. Re:FUD by Eudial · · Score: 4, Funny

    Ad banner: Your PC is currently under attack from thousands of viruses! Click here to prevent it from broadcasting it's IP address to hackers.
    LSE Employee: Blimey! Ring the secret services! This is cyber war!

    --
    GAAH! MY PRINTER IS ON FIRE!!! PUT IT OUT! PUT IT OUT!
  12. I assume by ThatsNotPudding · · Score: 3, Funny

    the byline reads "Steve Ballmer".

  13. Re:Vague site, no details. by tomhudson · · Score: 3, Informative
    It was .NET that was in place. The switch-over will only occur on February 14th of this year.

    Also, there was no police investigation.

    But the Metropolitan Police, the e-crime unit and the City of London Police all told Computerworld UK that no such investigation was ongoing.

    The system currently in place (.dot.NET-based) failed to meet the specs, because, try as they could, Accenture could not get a windows-based platform to run fast enough - too much letency.

    The exchange finally realized it, and called for a linux-based system, which easily met the time guarantees - but obviously it's late, because it was only started when the exchange realized that the Microsoft-based system was never going to meet the performance goals.

    In other words, after Microsoft spent big bucks in all the trade magazines bragging about "winning the contract against linux" - and making it sound like they were replacing a previous linux-based system, you won't hear a peep from them admitting that their servers are sh*t.