NYSE hacked by Anonymous
Despite denials by homeland Security, hackers on the dark web are claiming that the New York Stock Exchange was knocked offline by a cyberattack. Getty

At 11.32am (EDT) on 8 July, the New York Stock Exchange (NYSE) computers went down, causing a four-hour suspension of transactions. In a four-hour period the NYSE averages about $400m (£259m) in trades - a substantial daily loss.

The NYSE and Homeland Security both quickly announced the problem was not due to a cyberattack.

At around the same time that the NYSE went down, the Wall Street Journal's website went offline, as did that of popular financial blog Zero Hedge. United Airlines also experienced a "network connectivity issue" which impacted almost 5,000 flights worldwide.

Given the criticality of technology to United Airlines, let's assume for a moment it has a daily reliability rate of 99.9%, meaning it has a system failure once every 1,000 days – which equates to once every three years. Now, let's assume the NYSE and the Wall Street Journal also have a daily reliability rate of 99.9%.

If these events were truly random and independent, then the frequency of all three of these events happening on the same day is once in a billion days (or if you prefer to count in years, almost 2.8 million years).

Coincidental failure is possible, sure, but it does seem highly unlikely. If you add Zero Hedge to the mix, then the probability of all four events happening on the same day rapidly approaches zero.

If we throw in the near simultaneity of the NYSE and the Wall Street Journal issues (happening within minutes of each other), then it is more likely that your car, using quantum probability effects, would leak out of your garage and show up instantly in my driveway an ocean away.

It is certainly possible, but no one in their right mind would bet on it.

So in spite of assurances to the contrary from Homeland Security, I felt that these four events were not coincidences and that a cyberattack, in all likelihood, did occur.

A couple of hours spent surfing the Dark Web confirmed my suspicions. The Dark Web was rife with communications among a small group of people (who are allegedly linked to Anonymous) congratulating themselves on a job well done on Wall Street.

Returning to the Surface Web I discovered the tweet from one of the most prominent Anonymous news Twitter accounts - @YourAnonNews - who tweeted 12 hours before the NYSE computers went down, saying: "Wonder if tomorrow is going to be bad for Wall Street? We can only hope."

I predict that it will only be a matter of hours before Anonymous (if they are indeed the perpetrators) takes public credit for the attack.

Incompetence

What interests me here is not so much the cyberattack itself, but the official reaction to it. I do not believe that the NYSE and Homeland Security purposely attempted to deceive the public. I believe that incompetence led them to their conclusions.

Dark web explained

The dark web is a section of the internet that is not indexed by search engines such as Google, and not easily navigated to using a standard web browser.

Accessing the dark web requires specialised knowledge and software tools. An example of this is content only accessible by using the Tor software and anonymity network, which while protecting privacy, is often associated with illicit activities.

First and foremost, to determine whether a system as large as the one used by the NYSE has been hacked or not, cannot possibly be resolved in a matter of hours. Every programmer, every systems engineer and every employee of an IT department in the world understands this well.

I truly believe that the upper management of most large corporations and most bureaucrats, directors and politicians within our world governments do not understand this basic truth of the cyber world.

Thus, when Homeland Security contacted the NYSE yesterday morning to ask whether an investigation would be necessary, they blindly accepted the NYSE's assertions that it was not a cyberattack.

CNN Money reports: "The Department of Homeland Security told CNN that there is 'no sign of malicious activity' at the NYSE or with an earlier outage experienced by United Airlines. The FBI says it reached out to NYSE and 'no further law enforcement action is needed at this time.'"

In light of the impossibility of anyone identifying a cyberattack in a couple of hours - absent the perpetrator going public with the attack - the above statements are preposterous. Keep in mind, the hack against the US Office of Personnel Management was ongoing for a year before someone noticed it. Most hacks are never noticed unless purposely looked for - a time consuming, costly and tedious process.

So, what should concern us most?

The fact that hackers can infiltrate whatever they want and do whatever they want whenever they feel like it? Or the fact that our governing bodies and corporate and financial managers are clueless about the cyber age in which they are living?

The latter, by far, frightens me the most. The past few months of high-impact global cyberattacks (OPM, AFF, Homeland Security, Japan Pension System, etc) have clearly shown us that a massive problem exists. Awareness of a problem is the first step in solving the problem. I would almost have paid Anonymous for carrying out the attack just for the awareness value.

But how do we solve the problem of the ingrained cyber inadequacy and ineptitude of our leaders and decision makers, some of whom display a near pride in their lack of understanding of technology?

Who is John McAfee?

John McAfee teaching users how to uninstall McAfee Antivirus Software
YouTube

John McAfee is one of the most influential commentators on cybersecurity anywhere in the world. His new venture – Future Tense Central – focuses on security and personal privacy-related products.

McAfee provides regular insight on global hacking scandals and internet surveillance, and has become a hugely controversial figure following his time in Belize, where he claims to have exposed corruption at the highest level before fleeing the country amid accusations of murder (the Belize government is currently not pursuing any accusations against him).

Is this not the equivalent of someone showing pride in their inability to read and write, explaining: "I have my staff to read to me and my advisors understand words for me, so I am free to ponder larger issues."

We are in a rapidly expanding crisis and we cannot afford to be buried by well-meaning but dangerously unknowledgeable decision makers.

We are at war - undeclared and of such a subtle nature that few have noticed - but war nevertheless. It is a cyberwar on many fronts, in which it is difficult to identify who is friend and who is foe. I will predict now, as unintelligible as it may seem, that Anonymous will turn out to be more friend than foe.

I need to note at this point that the hacker community, by-and-large has a positive influence on society.

White hat hackers have proven indispensable in testing and locating holes in our cybersecurity structures and they are the first to warn us of potential problems (though we in most cases do not listen to them).

They are our soldiers in this cyberwar and they are our front line defence as well as our rear guard. Do not let the actions of a few black hat hackers turn you against the only defence that we currently have.

And where will our leaders and decision makers fall on the ambiguous line between friend and foe? I know this much, the attitudes of our leaders must change, and change rapidly.

We can no longer afford to be hobbled and endangered by a technically incompetent leadership. This, more than anything else, must be addressed.