Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

London Stock Exchange Was 'Under Major Cyberattack' During Linux Switch

Soulskill posted more than 3 years ago | from the waffles-tasty-waffles dept.

Microsoft 98

An anonymous reader writes with this excerpt from Computerworld UK: "The London Stock Exchange's new open source trading system may have been hacked last year, according to a report. The alleged attack came as the LSE began the switch over to the Linux-based systems, according to the dates referred to in the Times newspaper. The continued threat of cyber attack has resulted in the LSE keeping a close dialogue with British security services, which this year branded cyber attacks as one of the biggest threats to the country. There were major problems on the exchange on 24 August, when stock prices of five large companies collapsed."

cancel ×

98 comments

Sorry! There are no comments related to the filter you selected.

computerworlduk under attack! (1)

MISTRALGEMPLUSMK (1987442) | more than 3 years ago | (#35064820)

Oops! Exception Encountered Error Running Custom Exception handler Error Type: Expression : [N/A] Error Messages: Element CURURL is undefined in REQUEST. Tag Context: ID: ?? LINE: 227 Template: D:\websites\www.computerworlduk.com\handlers\Main.cfc ID: CFINVOKE LINE: 629 Template: D:\JRun4\servers\www.computerworlduk.com\cfusion.ear\cfusion.war\Coldbox\system\web\Controller.cfc ID: CF_UDFMETHOD

A threat to national security!

Re:computerworlduk under attack! (1)

dotslashdot (694478) | more than 3 years ago | (#35064832)

This type of error is unexceptional in that you expect it to be exceptional.

Re:computerworlduk under attack! (0)

Anonymous Coward | more than 3 years ago | (#35064834)

Ok, seriously, who the fuck uses cold fusion anymore?

can't even rtfa.

Re:computerworlduk under attack! (1)

c0lo (1497653) | more than 2 years ago | (#35065626)

Ok, seriously, who the fuck uses cold fusion anymore?

...aggravating factor... on a web server on Windows.

Re:computerworlduk under attack! (1)

binarylarry (1338699) | more than 2 years ago | (#35066508)

Maybe it's not Windows but DOS?

Re:computerworlduk under attack! (1)

Monchanger (637670) | more than 2 years ago | (#35068138)

Maybe it's not Windows but DOS?

With a directory named "www.computerworlduk.com" ?

Re:computerworlduk under attack! (1)

Sadsfae (242195) | more than 2 years ago | (#35066888)

seriously, who runs their web servers on Windows anymore? (read: ever)

Re:computerworlduk under attack! (1)

I8TheWorm (645702) | more than 2 years ago | (#35069468)

Anyone who uses .Net?

Re:computerworlduk under attack! (1)

mldi (1598123) | more than 2 years ago | (#35071840)

Ok, seriously, who the fuck uses cold fusion anymore?

can't even rtfa.

Who used it ever?

Re:computerworlduk under attack! (1)

nzac (1822298) | more than 3 years ago | (#35064840)

Error Messages: Element CURURL is undefined in REQUEST.
The whole site is down....

Were they running Wine? (1)

mangu (126918) | more than 3 years ago | (#35065084)

Oops! Exception Encountered Error Running Custom Exception handler Error Type: Expression : [N/A] Error Messages: Element CURURL is undefined in REQUEST. Tag Context: ID: ?? LINE: 227 Template: D:\websites\www.computerworlduk.com\handlers\Main.cfc ID: CFINVOKE LINE: 629 Template: D:\JRun4\servers\www.computerworlduk.com\cfusion.ear\cfusion.war\Coldbox\system\web\Controller.cfc ID: CF_UDFMETHOD

Where would the D: drive be mounted in Linux?

 

Re:Were they running Wine? (1)

MichaelSmith (789609) | more than 3 years ago | (#35065184)

Oops! Exception Encountered Error Running Custom Exception handler Error Type: Expression : [N/A] Error Messages: Element CURURL is undefined in REQUEST. Tag Context: ID: ?? LINE: 227 Template: D:\websites\www.computerworlduk.com\handlers\Main.cfc ID: CFINVOKE LINE: 629 Template: D:\JRun4\servers\www.computerworlduk.com\cfusion.ear\cfusion.war\Coldbox\system\web\Controller.cfc ID: CF_UDFMETHOD

Where would the D: drive be mounted in Linux?

I don't know but its better having it there than on A: drive.

Re:Were they running Wine? (2)

Rob Kaper (5960) | more than 2 years ago | (#35066152)

I don't know but its better having it there than on A: drive.

Not if you want a mobile website.

Re:Were they running Wine? (1)

Shadow-isoHunt (1014539) | more than 2 years ago | (#35066360)

/mnt/sda2 or /mnt/sdb1?

Re:Were they running Wine? (1)

ais523 (1172701) | more than 2 years ago | (#35066436)

Windows most commonly uses D: for a CD-ROM drive, thus most likely it would be at /media/cdrom or /media/cdrom0 (possibly both). However, that error message looks like it more likely refers to a second hard drive or second hard drive partition; that would be /dev/hdaN (for some N) or /dev/sdaN (again, for some N) while unmounted, and could well be mounted anywhere (although /home, /usr, /var are places which often get partitions of their own).

Using Wine on Linux, there's a config file that lets you effectively "mount" drives, giving a Windows drive letter to arbitrary directories on your Linux machine; by default, D: seems to refer to /media/disk, a common place to mount floppy disks. However, it's easy to change ("Drives" tab in wineconfig, or via making a symlink called "d:" in ~/.wine/dosdevices), and almost certainly has been changed if that is a running-under-Wine message (nobody would sanely run a server from a floppy disk). Thus, whether that's Windows directly or via Wine (which seems a little implausible from a server), I don't think we can infer much from the choice of drive letter.

Re:Were they running Wine? (1)

Anonymous Coward | more than 2 years ago | (#35066682)

most likely it would be at /media/cdrom or /media/cdrom0 (possibly both).

That's /mnt/cd or /mnt/dvd, thank you.
Now take yer' dang newfangled LSB and get off my lawn. ;-)

Re:Were they running Wine? (1)

Deekin_Scalesinger (755062) | more than 2 years ago | (#35067742)

Having had the misfortune to be a Windows SysAdmin for a web hosting company last year, I can attest that the D: is where the website(s) is/are stored and served out from.

Re:Were they running Wine? (1)

I8TheWorm (645702) | more than 2 years ago | (#35069554)

At that company maybe. The most common drive letter I've seen assigned is F:\<dirname>. That seems to be the typical server side assignment for shared fileservers.

Re:Were they running Wine? (1)

WorBlux (1751716) | more than 3 years ago | (#35077152)

Where would the D: drive be mounted in Linux?

Where ever you wanted it to be

Re:computerworlduk under attack! (0)

Anonymous Coward | more than 2 years ago | (#35070928)

even better, JRUN has been discontinued as of about 2years ago.... They need to migrate their code to a supported Server :)
disclaimer: yes, I do in fact administor Java Servers...

FUD (1)

Anonymous Coward | more than 3 years ago | (#35064828)

'may have been' another piece of MS-sponsored FUD?

Re:FUD (2)

Dionysus (12737) | more than 3 years ago | (#35064958)

'may have been' another piece of MS-sponsored FUD?

Of course, since everybody here knows Linux systems do not get attacked

Re:FUD (3, Insightful)

mangu (126918) | more than 3 years ago | (#35065364)

'may have been' another piece of MS-sponsored FUD?

Of course, since everybody here knows Linux systems do not get attacked

Yes, at least that's the official Microsoft version. There are no viruses for Linux because no one uses it.

Re:FUD (4, Funny)

Eudial (590661) | more than 2 years ago | (#35066262)

Ad banner: Your PC is currently under attack from thousands of viruses! Click here to prevent it from broadcasting it's IP address to hackers.
LSE Employee: Blimey! Ring the secret services! This is cyber war!

Re:FUD (1)

Eunuchswear (210685) | more than 2 years ago | (#35066862)

Maybe.

Contrast:

The London Stock Exchange’s new open source trading system may have been hacked last year, according to a report.

with:

As the concern and speculation deepens around the LSE outages, the exchange is due to switch on the new Linux systems on its main exchange in two weeks’ time,

Website FAIL! (1)

whoever57 (658626) | more than 3 years ago | (#35064830)

Oops! Exception Encountered
Error Running Custom Exception handler
Error Type: Expression : [N/A]
Error Messages: Element CURURL is undefined in REQUEST.

Whoops!

Re:Website FAIL! (2)

sincewhen (640526) | more than 3 years ago | (#35065270)

That will teach for you trying to RTFA!

Linux Fags (-1, Flamebait)

love2putmypenisthere (1804486) | more than 3 years ago | (#35064866)

yea let's hear you penguin-fucking linux fags brag about how secure your shit is now. BITCHES!

Re:Linux Fags (1)

Neil Boekend (1854906) | more than 3 years ago | (#35064966)

The question I would have is this: Would the MS system have held better?
I am not a Linux nor a MS lover. I see the limitations of both OS-es. Neither are absolute secure, and I can hack neither (since I can't hack).

Experts agree (-1)

Anonymous Coward | more than 3 years ago | (#35065020)

The answer is an unequivocal yes.

Re:Linux Fags (2)

B2382F29 (742174) | more than 2 years ago | (#35065908)

A pointed out already, it seems that the system WAS the MS system. The migration to Linux was not yet done.

Re:Linux Fags (0)

Anonymous Coward | more than 2 years ago | (#35069902)

So a bunch of Linux wankers trying to prove a point were attacking the Windows system?

Re:Linux Fags (4, Insightful)

jimicus (737525) | more than 2 years ago | (#35065916)

The question I would have is this: Would the MS system have held better?

The answer is "it depends".

Mostly, it depends on who's doing the hacking and who's managing the system. If it's a bunch of script kiddies or some bot which tries a number of well-known hacks then gives up and the system is competently managed, chances are neither would be particularly insecure.

If the system is poorly managed - be it Windows or Linux - chances are it's not going to take much effort to get in and some kid following a script without really understanding it could do it.

Where things get interesting (and impossible to discuss meaningfully without a better understanding of the systems themselves) is when you have competent, well-funded IT management (which I would hope any stock exchange would) and competent, well-funded attackers who are focused on a single goal (which is entirely possible when you're talking about a high-profile victim like this).

Re:Linux Fags (1)

dave87656 (1179347) | more than 3 years ago | (#35077494)

The answer to that is in the article. It was the Microsoft .NET system which failed. The Linux system isn't even on line yet.

Re:Linux Fags (1)

dave87656 (1179347) | more than 3 years ago | (#35077490)

Did you RTFA? The outages occurred on the Microsoft .NET system, not on the Linux system. The linux system isn't even on line yet. You MS fanbois really aught to learn to read.

Vague site, no details. (2)

arhhook (995275) | more than 3 years ago | (#35064954)

The website is extremely vague as to timelines of what system was in place when there were issues. Was .NET still in place, or was it indeed the Linux system when it got hacked. I'd like to see more details.

Re:Vague site, no details. (5, Informative)

Anonymous Coward | more than 3 years ago | (#35065042)

As the concern and speculation deepens around the LSE outages, the exchange is due to switch on the new Linux systems on its main exchange in two weeks’ time, with dress rehearsals over the coming two weekends. The system replaces a Microsoft .Net architecture.

As the Linux system isn't due to go "live" for another fortnight, I'd expect that it is the .NET based system that has been hacked.

Re:Vague site, no details. (1)

cronius (813431) | more than 3 years ago | (#35065090)

As the Linux system isn't due to go "live" for another fortnight, I'd expect that it is the .NET based system that has been hacked.

I agree, but we can't be sure.

The London Stock Exchangeâ(TM)s new open source trading system may have been hacked last year, according to a report.

It would be nice to see the actual report this news item is based on.

Re:Vague site, no details. (1)

NickFortune (613926) | more than 2 years ago | (#35066512)

As the Linux system isn't due to go "live" for another fortnight, I'd expect that it is the .NET based system that has been hacked.

I agree, but we can't be sure.

That said, if the LSE had switched to Linux and immediately been hacked after (presumably) years of running securely on .NET, I expect the Redmond PR machine would have leapt into action, and we'd be seeing a lot more articles, and they'd be very specific about which O/S was running.

Instead, we have one vague and potentially misleading article. Either Microsoft PR is asleep on the job, or they're keeping quiet because the incident reflects poorly on their product.

I know which way I'm betting.

Re:Vague site, no details. (4, Interesting)

bernywork (57298) | more than 2 years ago | (#35066044)

What I've heard is this. It's all hearsay, so is probably as factual as the FA.

The LSE is trying to (Stupidly) save face. They tried to go live and it was an absolute shit show, typical companies got about 20% compliance. There was no way they could roll forward, they had issues with firewalls, members had issues with routing and firewalls, trades weren't going through the system correctly for settlements, there was more bugs in member's code than ants in a nest. If they had said "We're going live anyway" there wouldn't have been a market on Monday morning. Aside from that, everyone goes into freeze for Christmas due to everyone taking time off, so it wouldn't have been sorted till at least after now, by which time, LSE would have lost so much business to the likes of NYSE (And potentially to Borsa Italiana, which is owned by the LSE) that it would be questionable whether they would still be in business by this stage.

They claimed previously that they were internally sabotaged, well, the running theory was that they just fucked up. To everyone involved that seems like a much more plausible option.

Re:Vague site, no details. (2)

x_IamSpartacus_x (1232932) | more than 2 years ago | (#35067878)

This article by the same guy [computerworlduk.com] makes it seem like you're right.

the LSE put the highly-publicised December outage of the system - which already runs on its Turquoise anonymous trading venue - down to “human error”. It declined to give more details.

They started off with the "suspicious circumstances" line but police glanced at it, smirked and said "You guys screwed up."

Why TFA even talks about Linux is, as most posters have pointed out, a mystery. In Leo King's bio (the author of TFA) it says he studied Spanish and French in college. I'm gonna go with the "don't attribute to malice what can be attributed to stupidity" approach and just assume that this Spanish/French speaking "journalist" has no idea what he's talking about and just threw as many tech words into his article as possible (especially the headline) to troll people into reading. Heck, he got his article on /. so it looks like it worked.

Re:Vague site, no details. (0)

Anonymous Coward | more than 2 years ago | (#35068314)

They tried to go live last year (not 365 days ago, anything over a month ago is last year), and the new linux based solution got hacked during a production test.

Re:Vague site, no details. (1)

rhade (709207) | more than 3 years ago | (#35065322)

as the hot blonde in Forgetting Sarah Marshall said 'booshit booshit booshit'

Re:Vague site, no details. (3, Informative)

tomhudson (43916) | more than 2 years ago | (#35067656)

It was .NET that was in place. The switch-over will only occur on February 14th of this year.

Also, there was no police investigation.

But the Metropolitan Police, the e-crime unit and the City of London Police all told Computerworld UK that no such investigation was ongoing.

The system currently in place (.dot.NET-based) failed to meet the specs, because, try as they could, Accenture could not get a windows-based platform to run fast enough - too much letency.

The exchange finally realized it, and called for a linux-based system, which easily met the time guarantees - but obviously it's late, because it was only started when the exchange realized that the Microsoft-based system was never going to meet the performance goals.

In other words, after Microsoft spent big bucks in all the trade magazines bragging about "winning the contract against linux" - and making it sound like they were replacing a previous linux-based system, you won't hear a peep from them admitting that their servers are sh*t.

Re:Vague site, no details. (1)

Smallpond (221300) | more than 2 years ago | (#35070422)

The system currently in place (.dot.NET-based) failed to meet the specs, because, try as they could, Accenture could not get a windows-based platform to run fast enough - too much letency.

Windows is totally lacking in letency.

Re:Vague site, no details. (1)

yuna49 (905461) | more than 2 years ago | (#35071826)

No leetency either, I suspect.

Pissed off crackers? (5, Insightful)

Centurix (249778) | more than 3 years ago | (#35064964)

Part of thinks that these guys may have had easy access to the stock exchange system through whatever backdoor they had. Closing it then pissed them off so they went on the attack.

Re:Pissed off crackers? (-1)

Anonymous Coward | more than 3 years ago | (#35065126)

That part of you is an idiot!

Re:Pissed off crackers? (0)

Anonymous Coward | more than 3 years ago | (#35065166)

Good point, the crackers must have been pretty cheesed off.

Re:Pissed off crackers? (3, Insightful)

SimonInOz (579741) | more than 3 years ago | (#35065194)

Let's see - the London Stock Exchange swapped to Linux based software. It changed FROM Microsoft based software. (TradElec Windows-based C# and .NET programs, apparently).

And there was a major cyber attack during the changeover.

Let the conspiracy theories begin ...

Re:Pissed off crackers? (0)

Anonymous Coward | more than 2 years ago | (#35071692)

Let's see - the London Stock Exchange swapped to Linux based software.

I'll stop you right there because they have not switched.
They were still on .net in Aug when the 'incident' occurred.

The original article is horribly written drivel, careful mis-worded to imply that the new Linux-based system was hacked. It wasn't, and it's not even open source as claimed. It just runs on top of a linux kernal is all.

And you're at +4 insightful for that post. Nice.

Re:Pissed off crackers? (5, Insightful)

gbjbaanb (229885) | more than 3 years ago | (#35065316)

not necessarily - they might have thought it was the ideal "opportunity moment" - attack the system when they're undergoing a transition and not only might they get away undetected, but they might also cause more damage than before (ie with servers turned off ready to be replaced with the new software, the capacity would be reduced).

It isn't necessarily Microsoft fanboi hackers trying to discredit the migration to Linux (and getting their dates cocked up)

Re:Pissed off crackers? (0)

Anonymous Coward | more than 3 years ago | (#35065428)

Sounds a lot more probable than "pissed of windows hackers".

Re:Pissed off crackers? (1)

Thing 1 (178996) | more than 2 years ago | (#35066954)

It isn't necessarily Microsoft fanboi hackers trying to discredit the migration to Linux (and getting their dates cocked up)

Yeah I have a hard time (lol pun was not intended) imagining Microsoft fanboi hackers "cocking up" their dates...

Internet Connected Exchanges?! (4, Interesting)

BenJCarter (902199) | more than 3 years ago | (#35065010)

It gives me the heebie-jeebies to think of what could happen to a trading network connected to the Internet. I imagine Stuxnet [wikipedia.org] aimed at financial systems. Shudder.

Re:Internet Connected Exchanges?! (1)

tehcyder (746570) | more than 3 years ago | (#35065332)

Why would you want your trading network connected to the public internet?

Re:Internet Connected Exchanges?! (1)

Bert64 (520050) | more than 2 years ago | (#35071246)

They will be connected somehow, because using the public internet as a transit backbone is the easiest way of getting a connection from a far away location (laying your own dedicated fibre isn't really practical), even if all your traffic goes over a VPN.
Also many trading companies will be connected into the exchange, who knows what state their networks will be in.

Re:Internet Connected Exchanges?! (4, Insightful)

pasv (755179) | more than 3 years ago | (#35065412)

If Stuxnet taught us anything is that even systems not connected directly to the internet are still very much vulnerable. Spear phishing and other targeted attacks towards the maintainers/developers of those systems are just as effective if not more so than attacking the system head-on. I'll take the cape of Captain Obvious here but anyone funding an attack sophisticated enough to pull off a Stuxnet-like payload is more than likely well invested in the return of said attack. But of course no one could ever earn any money hacking a stock exchange system right? ;)

Re:Internet Connected Exchanges?! (0)

Anonymous Coward | more than 3 years ago | (#35077468)

What about access over the power lines into computer systems. Every computer has to have power?

Re:Internet Connected Exchanges?! (3, Insightful)

funkatron (912521) | more than 2 years ago | (#35065496)

Yeah, it would be slightly inconvenient but have some perspective, we're talking about one little service industry here. In terms of importance it ranks well below things like power, water, communications, shopping, manufacturing, research. A stuxnet aimed at any of those would be a whole lot more damaging.

Re:Internet Connected Exchanges?! (1)

Eevee (535658) | more than 2 years ago | (#35067246)

I imagine Stuxnet aimed at financial systems. Shudder.

Yeah, nothing is as scary as the idea of a stock exchange's centrifuges being attacked.

Re:Internet Connected Exchanges?! (1)

Frekja (982708) | more than 2 years ago | (#35071526)

You don't have to look too far - the EU carbon trading market was recently hacked, with 30 million euros stolen. Two weeks later it's still down.

How does a system like this get hacked? (1)

Pinky's Brain (1158667) | more than 3 years ago | (#35065060)

The number of people able to access any other port than the 1 or 2 necessary for exchange functions should number in the single digits for the production servers ... and even they shouldn't use computers with general internet access for that, at most computers with a "hardware" VPN solution. Hell given the amount of money involved I wouldn't even let non production servers and source code be accessed on any computer with general internet access ... fuck convenience, for this kind of money you can afford a whole lot of inconvenience.

Re:How does a system like this get hacked? (1)

MichaelSmith (789609) | more than 3 years ago | (#35065230)

The article says:

Unlike US exchanges, the LSE platform is not based on the internet, and therefore is less vulnerable to general cyber attacks.

...and it doesn't detail the attacks. Maybe somebody tried a dictionary search on a web server, probably looking for something to spam from?

Re:How does a system like this get hacked? (1)

newbish (909313) | more than 2 years ago | (#35068914)

Hey at the end of the day is was a application built by Accenture... my guess is it wasn't the operating system or .net framework that was hacked or there would have been a lot more compromised sites.

Well, of course they would be attacked then. (0)

Anonymous Coward | more than 3 years ago | (#35065218)

Even ignoring concerns over whether the prior system was compromised, when this one came online, this would be the perfect time to be the first in, before anybody else set their hooks, and before the holes got closed. It'd be a time of bother, mistakes, and manifold chaos. When else would you like to hit a system? When everybody went away from Christmas Break?

Tempting, but really, they'd strike while the iron was hot, and the novice was fresh on the field.

wtf? LSE is still running .NET based TradElect (0)

Anonymous Coward | more than 3 years ago | (#35065348)

how can be Linux involved in this attack at all if migration didn't take place yet and the production system is still running the Microsoft .NET based TradElect brokerage system? this looks like yet-another-smear-campaign

Re:wtf? LSE is still running .NET based TradElect (2, Funny)

Anonymous Coward | more than 2 years ago | (#35065452)

Maybe it was running Mono.

Hit the bailout button! (1)

chapman (61221) | more than 3 years ago | (#35065436)

No worries. The LSE collapses due to fatal infosec problems and the UK taxpayer picks up the bill. We could probably pick up some bargain-basement deals on whichever companies were affected by the trading system collapse too. In the long term, allowing poorly secured systems to fail is a kind of digital natural selection.

Re:Hit the bailout button! (1)

funkatron (912521) | more than 2 years ago | (#35065516)

Hate to say it but the lie this year is that there's no money. Officially we can't even afford to educate people. Bailing out the LSE would show both that the lie is in fact a lie and that some idiot in gov't has really really mixed up priorities. If the LSE goes, it's gone.

FUD And... (0)

Anonymous Coward | more than 2 years ago | (#35065464)

Who gives a fuck [sorry, grumpy - it's the morning]

LSE not on the Linux platform yet (4, Informative)

Organic_Info (208739) | more than 2 years ago | (#35065480)

The London Stock Exchange (LSE) have not yet moved on to the new Linux based Millenium trading platform - this is scheduled to happen on Feb 14th. It was supposed to have happened late last year but was delayed.

A subsiduary of the LSE, the Turquoise Multilateral trading Facility (MTF) has already migrated to the MIT platform though.

Re:LSE not on the Linux platform yet (5, Informative)

chrb (1083577) | more than 2 years ago | (#35066494)

Yes, the article has several errors:
  • "The London Stock Exchange's new open source trading system" ... except, the trading system isn't open source. Sure, it runs on the Linux kernel, which is open source, but so does Oracle...
  • "There were major problems on the exchange on 24 August, when stock prices of five large companies collapsed. Most notably, BT shares lost £968 million, and the LSE was forced to halt trading for the day." On 24 August the LSE was running the Windows .NET trading platform... the halt of trading had nothing to do with the new Linux platform.

So, the big story here is that the LSE Windows based platform was possibly hacked and manipulated for financial gain. Why Computer World focuses on the Linux angle is a mystery.

Re:LSE not on the Linux platform yet (3, Insightful)

Anonymous Coward | more than 2 years ago | (#35066864)

They focused on Linux because a story about .net being attacked isn't news worthy. On the other hand, framing it such that linux may be in the spot light means people are chattering about linux and their story. This seriousl,y sounds like ms sponsored FUD.

Re:LSE not on the Linux platform yet (0)

Anonymous Coward | more than 2 years ago | (#35071726)

Why Computer World focuses on the Linux angle is a mystery.

Well, not maybe so much. Lets follow the bouncing ball: Computer World(tm) has major corporate sponsorship from a (non Linux) software company. This company might declare Linux to be "communist" or "a cancer" although neither are true. Said company might offer suggestions and articles to the magazine while re-negotiating their ad space. This article might be a reflection of those renegotiations. Not that said software company would try dirty tricks like this; its like stealing search results from Google or something, or giving people error messages if their application is running on someone elses operating system, for no other reason than its not running on theirs, or bundling or tying software and violating anti-combine laws, or stealing other companies software outright, or 'Whacking Dell' for not including their systems on Dells computers exclusively, or changing their file formats to purposely be incompatible, not just with other peoples software, but with older versions of their own software so as to force customers to migrate to newer versions of their software. A software company like that would get a magazine to skew a story in order to make a competitor look bad, even though the whole story is a lie.

Hmm .net still active during switchover? (0)

Anonymous Coward | more than 2 years ago | (#35065484)

I you rtfa it tells you that it was during the switch over that attacks took place. Sounds like some goofball IT genius left some .net sql drivel open to the net. I can see how a closed system could be compromised very easily if the data routing is not carefully planned with a .net system that has all sorts of in house access routines. Data migration from MSSQL is a nightmare and can and does regularly cause incredible difficulties for the poor suckers that have to work with it until the Microsoft SQL framework is completely removed.

We had something similar happen with a switch to Oracle on RedHat with medical data. The migration caused data execution hell until I pulled the plug on all the .net request calls and rewrote the shit! The only way to do it was to run the two systems at the same time and very slowly eliminate the old, and keep the original framework intact to be absolutely certain that no data was lost. Amazing how all of a sudden what was really expensive gear 7 years ago now suddenly is for sale for next to nothing. Though some of it is still in use for other less mission critical things. And you wonder why health care is getting so expensive! Funny but the gear that replaced it that runs the new server cost about 30% of what original the NT 2003 based servers were. The overall savings will be fairly good as the per seat costs now are only for the pc terminals and not a huge server bill. Unfortunately there is just no way to completely eliminate the use of MS Word or Excel yet. At least without a revolt from the users.

Re:Hmm .net still active during switchover? (0)

Anonymous Coward | more than 2 years ago | (#35065686)

cool story bro.

Major Cyber Attack (1)

puterg33k (1920022) | more than 2 years ago | (#35065498)

Your mom was under a major cyber attack!

article omits very important point. (4, Insightful)

seeker_1us (1203072) | more than 2 years ago | (#35066038)

From one of the comments

This article is incredibly short on details and clarity. The systems 'compromised' appear to have still been running .NET, but the heading seems to just want to throw Linux and Risk into the same sentence. The complete lack of facts makes this seem like FUD.

"A half truth is a whole lie" ---Yiddish proverb.

Re:article omits very important point. (2)

E5Rebel (1103761) | more than 2 years ago | (#35066464)

No, the London Stock Exchange and the UK police are the ones who have clamped down on the info. They believe the LSE was under cyber attack and this occured during the shift from the .Net platform to the new LInux platform. The London Stock Exchange issued a set of contradictory statements at the time of the attack and about what was going on with migration to the new Linux platform. The LSE said the attack was suspicious and that they had called in the police. Every appropriate police force contacted by ComputerworldUK denied any knowledge of an investigation or of having been contacted by the Exchange. This sort of blanket denial usually only happens if the authorities believe there may be some terrorist aspect to the incident. ConputerworldUK tried to report what was happening and bring people up to speed with the attack and with the delayed move to the Linux-based platform. The story is not FUD, it is incomplete, but that is because answers to CWUK questions are being withheld. Mike Simons, CWUK editor

Re:article omits very important point. (3, Insightful)

h4rr4r (612664) | more than 2 years ago | (#35068194)

So how much is MS paying for that spin?
Their trading system could not meet latency requirements and now they need someway to save face.

Re:article omits very important point. (1)

yuna49 (905461) | more than 2 years ago | (#35072014)

Then why did you run the story knowing that it's "incomplete" instead of waiting for more details to become available? It's not like this is a story that needs to be rushed out before deadline. The lead sentence says this story covers events that happened last year.

If you are going to run a story like this, you need some significantly better editorial controls that what it seems were employed. How about starting off with a specific time-line of events so we can have some idea which systems were involved, when the attacks took place, etc., rather than the jumbled mess your publication released?

You really shouldn't be surprised that a story like this might be seen as FUD. From my reading of the story you released, I don't see any evidence that Linux was involved in these attacks whatsoever. Instead you chose, as another poster here suggests, to run a headline with the words "Linux" and "cyberattack" in it with literally no justification for suggesting Linux was involved at all.

It's certainly possible that the transition to the new trading system provided opportunities for hackers the way bomb threats [wsj.com] in the Czech Republic facilitated the thefts from carbon traders accounts recently. You could have written an article with the headline "London Stock Exchange under 'major cyber-attack' during software switch." Instead you chose to include Linux along the way. Somehow I suspect your headline editors know that suggesting there might be security issues with "that geeky Linux stuff" draws attention among your readership of CIOs afraid of that "stuff."

Re:article omits very important point. (1)

coolmadsi (823103) | more than 3 years ago | (#35078124)

Every appropriate police force contacted by ComputerworldUK denied any knowledge of an investigation or of having been contacted by the Exchange. This sort of blanket denial usually only happens if the authorities believe there may be some terrorist aspect to the incident.

It could also mean that they weren't contacted at all, and that there actually is no investigation going on.

It wouldn't be the first time someone has publicly announced they are going to contact the police about something but actually don't; I remember a few years back reading a story about that Jack Thompson fellow (the one who didn't like video games) publishing a letter he was going to send to a police department somewhere, and forwarded it to many news agencies and people to show what he had said. But he didn't actually send it to where he was going to send it, so it was more for show than anything else.

Love the FUD! (5, Insightful)

erroneus (253617) | more than 2 years ago | (#35066114)

This is just awesome. Just when you would think it would be impossible to spin an attack on a major Microsoft based trading system, they omit Microsoft, insert Linux and speak of the dreaded cyberattack.

I have to wonder who and why. Anyone have any background on the author and the publication's history on Linux and Windows stories?

Re:Love the FUD! (1)

Ancantus (1926920) | more than 2 years ago | (#35067676)

Anyone have any background on the author and the publication's history on Linux and Windows stories?

Leo King is the authors name, his bio says he is the "chief reporter at Computerworld UK".

Re:Love the FUD! (0)

Anonymous Coward | more than 2 years ago | (#35067978)

Simple, really. The author was just so pissed that he couldn't make Ubuntu install on his laptop. He had to take a swipe at Linux.

I assume (3, Funny)

ThatsNotPudding (1045640) | more than 2 years ago | (#35066340)

the byline reads "Steve Ballmer".

No need to crack anything, LSE is a mess by itself (1)

alexmin (938677) | more than 2 years ago | (#35066440)

Out of many different securities markets LSE has most bizarre bureaucratic procedures, rules, and provisioning processes. In the past years their market share shrunk a lot under pressure from much simpler to deal with MTFs (BATS, Chi-X etc.) Seems like they have too many people busy making work for themselves and their clients.
Besides they have not switched to Millennium (Linux based) yet. I'm not holding my breath though. Millennium platform is developed by Sri-Lancan Millennium IT. Out of all places where you have people skilled in developing trading engines I would pick maybe New York or Chicago. But Colombo???

Re:No need to crack anything, LSE is a mess by its (0)

Anonymous Coward | more than 2 years ago | (#35068020)

Not to nitpick, but you really want the former AMEX or PHLX exchanges. They were on the leading edge for trading platforms. When the regulators said "Could you do X", these guys said "Sure give us 3 months, but you are thinking too small, here is what we all need to do 10 years down the line". CBOT and NYSE were old school, they said "We will get back to you next year after researching that".

I think NYSE acquired AMEX and PHLX just for the tech, cause in the end, they were still years behind the two.

Disclaimer: I interviewed the PHLX developers. Some of the smartest old guys (and one way-too-smart old lady) I have ever come across in the world. They were extremely humble about their talents too.

Re:No need to crack anything, LSE is a mess by its (1)

arth1 (260657) | more than 2 years ago | (#35069474)

Uh oh. That means it's almost certainly Java, which never is a good idea for low-latency systems. Where RT, ULL and GRIO is concerned, it's pretty much the last choice I'd recommend.

Choice quote from TFA (0)

Anonymous Coward | more than 2 years ago | (#35066528)

The new Linux system, based in a C++ environment, is already live on the LSE’s Turquoise, or anonymous, trading venue.

And here I thourgt that C++ was a programming language ...

perp (1)

aminorex (141494) | more than 2 years ago | (#35066956)

microsoft?

Re:perp (0)

Anonymous Coward | more than 2 years ago | (#35071514)

Since at the time of the attack it was running .net I'd say you're probably right. Though the attack would be more due to incompetence and less intentional malfeasance.

interesting how... (1)

hesaigo999ca (786966) | more than 2 years ago | (#35067822)

Did they use an external firm, to do this? If so, how come someone knew that at that time they were changing systems, and would know that the change was one of the OS, unless it came from the inside, I would look at who had access to that info, and then maybe go from there...
If someone leaked from the inside, then there would be a trace, usually...as this costs many millions of dollars.

Nothing to see here (0)

Anonymous Coward | more than 2 years ago | (#35068650)

This is nothing but FUD. It's a based on a report in newspaper that an anonymous source said the "flash crashes" where several companies stock price dropped rapidly last year were being investigated by intelligence agencies to see if they were the result of a cyber attack.

Nothing to see here, move along.

article doesn't made any sense (1)

doperative (1958782) | more than 2 years ago | (#35068784)

"The London Stock Exchange's new open source trading system may have been hacked last year"

And where's the evidence, the article is technically erroneous and totally short on any verifiable facts.

"Unlike US exchanges, the LSE platform is not based on the internet ..

"The new Linux system, based in a C++ environment"

Please define a 'C++ environment', and provide examples?

  link [computerworlduk.com]

WHo profits if the attack suceeds (1)

lsatenstein (949458) | more than 3 years ago | (#35086954)

Imagine that in the conversion from MS Windows server to Linux, the attack succeeded on the Linux side. Who would profit from the publicity? Would some company pay to have such attacks take place? Just some far-out thoughts.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>