Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!


Unknown Lamer posted more than 2 years ago | from the basement-dwelling-h4x0rs dept.

Security 16

DMandPenfold writes with a quote from an article in Computer World: NASDAQ and BATS saw their sites disrupted during the day on Monday and Tuesday respectively. The sites host company news and share price data, as well as vital information on live service status on the exchanges. It is understood, however, that while the websites were affected, the stock exchanges continued to trade as normal with no change to trading. A spokesperson at BATS said the exchange's site had been hit with 'an external Distributed Denial Of Service incident.' Our trading systems were not affected and there were no exchange customer disruptions associated with the incident.' ... NASDAQ told the Wall Street Journal that on Tuesday it experienced 'intermittent service disruptions on our corporate websites.' It is not known who initiated the attacks. In 2010, NASDAQ's Directors Desk online scheduling application was compromised by hackers. An FBI investigation found that the stock exchange's aging software and out of date security patches played a key part in the problems."

Sorry! There are no comments related to the filter you selected.

Aging and out of date? (3, Insightful)

JustAnotherIdiot (1980292) | more than 2 years ago | (#39045491)

You mean people on wall street take shortcuts? That's crazy talk.

Legacy Systems (2)

alexander_686 (957440) | more than 2 years ago | (#39046397)

Ok, there are a lot of bean counters on Wall Street that like to keep operating costs at a bare minimum.

That being said, whenever you upgrade the main trading desks all members need to update theirs. And I know a lot of them are running under legacy systems. i.e. very hold, highly customize platforms, using lots of different systems, patched over the years, sketchy documentation, and some are still on big iron. So guaranteeing thousands of firms will shift over cleanly is kind of a big hurdle.

The exchanges do not like to update there systems.

I knew it (3, Funny)

kiwimate (458274) | more than 2 years ago | (#39045653)

9:36 am - a story is posted on Slashdot: Megaupload Co-Founder Allowed Bail [] .

11:18 am - a story is posted about outages to high profile web sites.

And to think that people were asking what harm could it do to give the Megaupload guy access to the internet...

thats a joke (2)

unity100 (970058) | more than 2 years ago | (#39045839)

right ?

Taking bets? (0)

sgt scrub (869860) | more than 2 years ago | (#39045863)

I got $10 on it being robotraders.

Re:Taking bets? (1)

MacGyver2210 (1053110) | more than 2 years ago | (#39046083)

I would be interested to know the possibility of simulating a robotrader DDoS attack by manipulating the data sources the robotraders query for stock information.

Re:Taking bets? (1)

Anonymous Coward | more than 2 years ago | (#39046565)

I would be interested to know the possibility of simulating a robotrader DDoS attack by manipulating the data sources the robotraders query for stock information.

The automated traders use a low-latency multicast stream of market data (level 1 or depth of book) coming off of the exchanges. Stays totally within financial infrastructure / datacenters so unless you somehow got into the exchange hardware / software it would be impossible.

Re:Taking bets? (1)

alexander_686 (957440) | more than 2 years ago | (#39046617)

It does not sound like it is.

It would be hard. DdoS is a brute force attack, and the markets are fairly resilient when it comes to stuff like this. In the past 30 years there have only been a handful of incidents where the volume has overwhelmed the trading floors – and that involved either a large number of people or 9/11.

Price data is generated by trading activity. i.e. In order to overwhelm the pricing side one would need to generate a lot of offers (i.e., offer to buy/sell the stock – you don’t have to complete the trade.) And the exchanges are well suited for very heavy loads. So it would be hard to do it from the exchange end.

If would be hard to do it from the publishing end because there are a lot of different data sources. Doing it on this side would be easier.

What one wants to do is to create a discontinuity in the market – like the 2010 Flash Crash. Feed the market fake / odd data – small but subtle. []

If you want to know a big, heavy man down, don’t tackle him – trip him.

Re:Taking bets? (0)

alexander_686 (957440) | more than 2 years ago | (#39046431)

You would lose.

The article syas that trading is unaffected - it's the public facing internet that is getting harmmered - not the internally facing conections that the robotraders use.

And a lot of robotrades don't use NASDAQ or BATs, but use islands (private exchanges) instead.

Anybody know what technique was used here? (1)

Ponga (934481) | more than 2 years ago | (#39045977)

I'd be curious to know if a particular application-level vulnerability was used in this event. There has been several vulnerabilities of late related to Java/Apache/PHP such as the hash-collision vulnerability with exploit code here [] that has demonstrated to be very effective - so much so that a single host can bring down a relatively large site by exhausting CPU on the web server.... does anyone know the particulars of this event??

Substitute "CIA" for "NASDAQ" (1, Insightful)

windcask (1795642) | more than 2 years ago | (#39046029)

DDoS (2)

chill (34294) | more than 2 years ago | (#39046615)

The attack was directed against the web sites, not the trading machines. The original "notice" is here: []

This was a small bot net DDoS attack. Whether or not this could have been dealt with more efficiently by better routers/firewalls or HA configs, I don't know.

IMHO this is some script-kiddie types who are in it for the lulz. What it demonstrates is even the room-temperature IQ types can get a hold of some fairly potent DDoS tools. So, serious attention needs to be paid to upgrading their infrastructure and IT security in general.

It is a good time to be in the IT Security field, if you're looking for work.

Re:DDoS (2)

VortexCortex (1117377) | more than 2 years ago | (#39048279)

IMHO this is some script-kiddie types who are in it for the lulz. What it demonstrates is even the room-temperature IQ types can get a hold of some fairly potent DDoS tools. So, serious attention needs to be paid to upgrading their infrastructure and IT security in general.

Although that may be the right response, it's also likely to produce the wrong response: Outlaw pen-test suites, and require a license and background check for anyone using said software... Making your own "high frequency" site scraping software? You're probably a terrorist...

I do agree though, its not just Wall Street, but also 6th Street. You would (or wouldn't) be surprised at the lack of security in the businesses handling our mortgages and other loan origination work. Hell, I know for a fact that a good portion of the business itself, esp. loan origination and processing, is not only failing to follow best security practices, but is being done in violation of HUD regulations -- Work is being outsourced to unlicensed over-seas establishments, and it's costing us money in both audits and fraudulent charges. My loan had a $3000 processing fee charge that was refunded to me when I cited that they weren't allowed to charge me the fee under the new regs since they had outsourced the processing.

I once turned on my laptop in a restaurant to check my schedule and accidentally connected to an unsecured "linksys" SSID, I didn't realise it until I closed a few windows and saw a SAMBA folder I had left open displaying 30+ shared folders, one labelled: "Loan Application Scans". Turns out there was a small home mortgage company next door down. I disconnected immediately, but I'm sure there was plenty of confidential info therein. After my meal I tried to talk to someone there, but they actually don't have an IT person on hand, it's outsourced to India... One of their somewhat network literate staff thinks "workgroup" == "security". He demonstrated that the secretary's WindowsXP machine couldn't see any of what I said I saw... then I asked him how I knew the names of the other "invisible" folders then? I told him Debian didn't care about those workgroups...

The problem is rampant in all forms of business, big and small. By some strange coincidence I just happen to stumble upon mortgage & lending company SNAFUs.

Windows HAS settings for "DoS/DDoS resistance" (0)

Anonymous Coward | more than 2 years ago | (#39055165)

Per my subject-line above (& yes, it IS "doable" even though "the infamous they" often state that a DoS/DDoS is the "unstoppable attack"... I state this, because you do NOT see either Microsoft OR Amazon "going down" to such attacks (they've got infrastructure to stop it)).

By "infrastructure", they have the settings I noted in place (I'll go into them later specifically), but, also such a VASTLY "overbuilt" setup networks + server failover redundancy & monitoring prepped for it. Examples from the "horses' mouth" are quoted next:


"At Microsoft we have robust mechanisms to ensure we don't have unpatched servers. We have training for staff so they know how to be secure and be wise to social engineering. We have massively overbuilt our internet capacity, this protects us against DoS attacks. We won't notice until the data column gets to 2GB/s, and even then we won't sweat until it reaches 5GB/s. Even then we have edge protection to shun addresses that we suspect of being malicious." from -> []

* Below helps as well, per my subject-line...



Pay attention to the SYN ATTACK section there, because it demands the setting of several registry parameters that work in combination for DoS/DDoS resistance vs. SYN type DoS attacks...

Now - Couple THOSE with what was noted above in hardware, network, + security monitoring structure in place @ MS (Amazon's MUCH the same really in concept/theory @ least from what I understand too)? No small wonder one never really sees MS networks "go down" to such attacks (Amazon too)... read up, & enjoy! apk

What I noted about AMAZON vs. DoS/DDoS inside (0)

Anonymous Coward | more than 2 years ago | (#39055235)

Why Anonymous Can't Take Down []

* Straight from the /. horses' mouth this time... but, as I noted above earlier on how MS sets up their networks vs. DDoS? AMAZONE's pretty much got the same type of setups vs. that too!


P.S.=> Enjoy the read, & see how EVERYONE'S NETWORK OUGHT TO BE SETUP vs. DoS/DDoS (especially the latter) - of course, it means money, but? That's the 'breaks', right?? Enjoy... apk

Re:DDoS (0)

Anonymous Coward | more than 2 years ago | (#39055805)

It actually did affect trade and quote feeds.
I'm on the nasdaq system status email list. Alerts went out for the "website slowness" and issues with their BX Multicast ITCH 4.1 feed at the same time.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?