Slashdot Mirror

← Back to Stories (view on slashdot.org)

NASDAQ and BATS DDoSed

Posted by Unknown on from the basement-dwelling-h4x0rs dept.

DMandPenfold writes with a quote from an article in Computer World: NASDAQ and BATS saw their sites disrupted during the day on Monday and Tuesday respectively. The sites host company news and share price data, as well as vital information on live service status on the exchanges. It is understood, however, that while the websites were affected, the stock exchanges continued to trade as normal with no change to trading. A spokesperson at BATS said the exchange's site had been hit with 'an external Distributed Denial Of Service incident.' Our trading systems were not affected and there were no exchange customer disruptions associated with the incident.' ... NASDAQ told the Wall Street Journal that on Tuesday it experienced 'intermittent service disruptions on our corporate websites.' It is not known who initiated the attacks. In 2010, NASDAQ's Directors Desk online scheduling application was compromised by hackers. An FBI investigation found that the stock exchange's aging software and out of date security patches played a key part in the problems."

16 comments

  1. Aging and out of date? by JustAnotherIdiot · · Score: 3, Insightful

    You mean people on wall street take shortcuts? That's crazy talk.

    --
    What do I know, I'm just an idiot, right?
  2. I knew it by kiwimate · · Score: 3, Funny

    9:36 am - a story is posted on Slashdot: Megaupload Co-Founder Allowed Bail.

    11:18 am - a story is posted about outages to high profile web sites.

    And to think that people were asking what harm could it do to give the Megaupload guy access to the internet...

  3. thats a joke by unity100 · · Score: 2

    right ?

    --
    Read radical news here
  4. Taking bets? by sgt+scrub · · Score: 0

    I got $10 on it being robotraders.

    --
    Having to work for a living is the root of all evil.
    1. Re:Taking bets? by MacGyver2210 · · Score: 1

      I would be interested to know the possibility of simulating a robotrader DDoS attack by manipulating the data sources the robotraders query for stock information.

      --
      If the only way you can accept an assertion is by faith, then you are conceding that it can't be taken on its own merits
    2. Re:Taking bets? by alexander_686 · · Score: 0

      You would lose.

      The article syas that trading is unaffected - it's the public facing internet that is getting harmmered - not the internally facing conections that the robotraders use.

      And a lot of robotrades don't use NASDAQ or BATs, but use islands (private exchanges) instead.

    3. Re:Taking bets? by Anonymous Coward · · Score: 1

      I would be interested to know the possibility of simulating a robotrader DDoS attack by manipulating the data sources the robotraders query for stock information.

      The automated traders use a low-latency multicast stream of market data (level 1 or depth of book) coming off of the exchanges. Stays totally within financial infrastructure / datacenters so unless you somehow got into the exchange hardware / software it would be impossible.

    4. Re:Taking bets? by alexander_686 · · Score: 1

      It does not sound like it is.

      It would be hard. DdoS is a brute force attack, and the markets are fairly resilient when it comes to stuff like this. In the past 30 years there have only been a handful of incidents where the volume has overwhelmed the trading floors – and that involved either a large number of people or 9/11.

      Price data is generated by trading activity. i.e. In order to overwhelm the pricing side one would need to generate a lot of offers (i.e., offer to buy/sell the stock – you don’t have to complete the trade.) And the exchanges are well suited for very heavy loads. So it would be hard to do it from the exchange end.

      If would be hard to do it from the publishing end because there are a lot of different data sources. Doing it on this side would be easier.

      What one wants to do is to create a discontinuity in the market – like the 2010 Flash Crash. Feed the market fake / odd data – small but subtle.

      http://en.wikipedia.org/wiki/2010_Flash_Crash

      If you want to know a big, heavy man down, don’t tackle him – trip him.

  5. Anybody know what technique was used here? by Ponga · · Score: 1

    I'd be curious to know if a particular application-level vulnerability was used in this event. There has been several vulnerabilities of late related to Java/Apache/PHP such as the hash-collision vulnerability with exploit code here http://www.securityfocus.com/bid/51193/info that has demonstrated to be very effective - so much so that a single host can bring down a relatively large site by exhausting CPU on the web server.... does anyone know the particulars of this event??

  6. Substitute "CIA" for "NASDAQ" by windcask · · Score: 1, Insightful

    http://xkcd.com/932/

  7. Legacy Systems by alexander_686 · · Score: 2

    Ok, there are a lot of bean counters on Wall Street that like to keep operating costs at a bare minimum.

    That being said, whenever you upgrade the main trading desks all members need to update theirs. And I know a lot of them are running under legacy systems. i.e. very hold, highly customize platforms, using lots of different systems, patched over the years, sketchy documentation, and some are still on big iron. So guaranteeing thousands of firms will shift over cleanly is kind of a big hurdle.

    The exchanges do not like to update there systems.

  8. DDoS by chill · · Score: 2

    The attack was directed against the web sites, not the trading machines. The original "notice" is here: http://pastebin.com/it77tAvs

    This was a small bot net DDoS attack. Whether or not this could have been dealt with more efficiently by better routers/firewalls or HA configs, I don't know.

    IMHO this is some script-kiddie types who are in it for the lulz. What it demonstrates is even the room-temperature IQ types can get a hold of some fairly potent DDoS tools. So, serious attention needs to be paid to upgrading their infrastructure and IT security in general.

    It is a good time to be in the IT Security field, if you're looking for work.

    --
    Learning HOW to think is more important than learning WHAT to think.
    1. Re:DDoS by VortexCortex · · Score: 2

      IMHO this is some script-kiddie types who are in it for the lulz. What it demonstrates is even the room-temperature IQ types can get a hold of some fairly potent DDoS tools. So, serious attention needs to be paid to upgrading their infrastructure and IT security in general.

      Although that may be the right response, it's also likely to produce the wrong response: Outlaw pen-test suites, and require a license and background check for anyone using said software... Making your own "high frequency" site scraping software? You're probably a terrorist...

      I do agree though, its not just Wall Street, but also 6th Street. You would (or wouldn't) be surprised at the lack of security in the businesses handling our mortgages and other loan origination work. Hell, I know for a fact that a good portion of the business itself, esp. loan origination and processing, is not only failing to follow best security practices, but is being done in violation of HUD regulations -- Work is being outsourced to unlicensed over-seas establishments, and it's costing us money in both audits and fraudulent charges. My loan had a $3000 processing fee charge that was refunded to me when I cited that they weren't allowed to charge me the fee under the new regs since they had outsourced the processing.

      I once turned on my laptop in a restaurant to check my schedule and accidentally connected to an unsecured "linksys" SSID, I didn't realise it until I closed a few windows and saw a SAMBA folder I had left open displaying 30+ shared folders, one labelled: "Loan Application Scans". Turns out there was a small home mortgage company next door down. I disconnected immediately, but I'm sure there was plenty of confidential info therein. After my meal I tried to talk to someone there, but they actually don't have an IT person on hand, it's outsourced to India... One of their somewhat network literate staff thinks "workgroup" == "security". He demonstrated that the secretary's WindowsXP machine couldn't see any of what I said I saw... then I asked him how I knew the names of the other "invisible" folders then? I told him Debian didn't care about those workgroups...

      The problem is rampant in all forms of business, big and small. By some strange coincidence I just happen to stumble upon mortgage & lending company SNAFUs.

    2. Re:DDoS by Anonymous Coward · · Score: 0

      It actually did affect trade and quote feeds.
      I'm on the nasdaq system status email list. Alerts went out for the "website slowness" and issues with their BX Multicast ITCH 4.1 feed at the same time.

  9. Windows HAS settings for "DoS/DDoS resistance" by Anonymous Coward · · Score: 0

    Per my subject-line above (& yes, it IS "doable" even though "the infamous they" often state that a DoS/DDoS is the "unstoppable attack"... I state this, because you do NOT see either Microsoft OR Amazon "going down" to such attacks (they've got infrastructure to stop it)).

    By "infrastructure", they have the settings I noted in place (I'll go into them later specifically), but, also such a VASTLY "overbuilt" setup networks + server failover redundancy & monitoring prepped for it. Examples from the "horses' mouth" are quoted next:

    MS vs. DoS/DDoS & PERTINENT QUOTE/EXCERPT:

    "At Microsoft we have robust mechanisms to ensure we don't have unpatched servers. We have training for staff so they know how to be secure and be wise to social engineering. We have massively overbuilt our internet capacity, this protects us against DoS attacks. We won't notice until the data column gets to 2GB/s, and even then we won't sweat until it reaches 5GB/s. Even then we have edge protection to shun addresses that we suspect of being malicious." from -> http://www.networkworld.com/community/blog/microsoft-were-not-vulnerable-ddos-attacks

    * Below helps as well, per my subject-line...

    APK

    P.S.=> SETTINGS FOR "SECURITY-HARDENING" THE MICROSOFT IP STACK vs. DoS/DDoS:

    http://msdn.microsoft.com/en-us/library/ff648853.aspx

    Pay attention to the SYN ATTACK section there, because it demands the setting of several registry parameters that work in combination for DoS/DDoS resistance vs. SYN type DoS attacks...

    Now - Couple THOSE with what was noted above in hardware, network, + security monitoring structure in place @ MS (Amazon's MUCH the same really in concept/theory @ least from what I understand too)? No small wonder one never really sees MS networks "go down" to such attacks (Amazon too)... read up, & enjoy! apk

  10. What I noted about AMAZON vs. DoS/DDoS inside by Anonymous Coward · · Score: 0

    Why Anonymous Can't Take Down Amazon.com:

    http://tech.slashdot.org/story/10/12/14/1851240/why-anonymous-cant-take-down-amazoncom

    * Straight from the /. horses' mouth this time... but, as I noted above earlier on how MS sets up their networks vs. DDoS? AMAZONE's pretty much got the same type of setups vs. that too!

    APK

    P.S.=> Enjoy the read, & see how EVERYONE'S NETWORK OUGHT TO BE SETUP vs. DoS/DDoS (especially the latter) - of course, it means money, but? That's the 'breaks', right?? Enjoy... apk