NYSE hacked by Anonymous, China
The NYSE temporarily suspended trading on 8 July, blaming a computer glitch, but some have suggested that hackers were behind the outage Reuters

The New York Stock Exchange (NYSE) was offline for over three hours on 8 July and everything from an internal computer glitch to Chinese hackers and even Anonymous have been blamed. So what really happened?

The facts (as we know them)

Just after 8am local time, the NYSE issued an alert to say "a reported issue with a gateway connection" was affecting certain stocks. After trading opened, at 10.37am, that issue was resolved, according to another NYSE alert.

At 11.32am, the NYSE announced it was ceasing trading due to a "internal technical issue", which was not the result of a "cyber breach".

At 3.10pm, the NYSE announced trading had resumed and "all systems are functioning normally".

NYSE president Thomas Farley told CNBC: "I can't say with precision exactly what drove it. We found what was wrong and we fixed what was wrong and we have no evidence whatsoever to suspect that it was external."

The White House chimed in to say: "There is no indication that there are malicious actors involved."

At the same time the NYSE was experiencing a problem, the Wall Street Journal website and that of popular financial blog Zero Hedge also experienced issues, meaning visitors were unable to access the sites.

IBTimes UK has asked both companies why they were offline but at the time of publication we are yet to receive a response.

Also on 8 July, United Airlines had to briefly ground all of its US flights due to what the Federal Aviation Administration called "automation issues".

White House officials said President Barack Obama had been briefed on the issue and that it appeared unrelated to the NYSE crash.

Conspiracy theories

Despite official lines saying none of these incidents were related, many believe it was too much of a coincidence that everything happened on the same day. So what did really happen? Here are the three main theories:

  • Anonymous hacked the NYSE

For many, this theory will be the least likely of the three but some compelling evidence suggests it may be more than mere speculation.

First, as has been widely reported, prominent Anonymous Twitter account YourAnonNews tweeted the following message 12 hours before the NYSE outage began:

While this could be pure coincidence, there is something unnerving about a message from an account heavily linked to a known hackivist group posting something without any context that perfectly pre-empts a major computer glitch.

The second piece of evidence comes from antivirus pioneer John McAfee, writing for IBTimes UK, who claims to have monitored dark web conversations between hackers congratulating themselves on "a job well done on Wall Street" and who have links to Anonymous.

This would of course not be the first time Anonymous has targeted the NYSE, having declared in 2011 its plan to "erased [it] from the internet". The result was less eradication and more of a blip.

The tool used by Anonymous to carry out most of its attacks is Distributed Denial of Service (DDoS) and while McAfee believes this was what was used on 8 July, others disagree.

F-Secure's security researcher Sean Sullivan said a DDoS attack would not be successful and it was much more likely to be an internal error (or attack) than an external one, while Arbor Networks, which monitors DDoS attacks around the world, said it "has not seen anything and has no reason to believe that this was a DDoS attack".

The other compelling reason against Anonymous being behind this attack is the group has not claimed credit for it, something it has typically been quick to do in the past. IBTimes UK has contacted YourAnonNews for a comment but there has been no response to date.

  • It was China

OK, so if it was not Anonymous but was a cyberattack, then who could it have been? Well the answer to that is anyone. But one actor blamed on forums and comment threads across the internet in the past 24 hours is China.

The reason for the country's decision to attack? Negative coverage of its current stock market problems. According to speculation, that at least is the reason the WSJ and Zero Hedge were knocked offline.

This thesis has been backed up by this shiny cyberattack visualisation tool from security company NorseCorp, which appears to show a huge number of cyberattacks originating in China and targeting the US at the moment.

China hacked NYSE
The Norse Corp cyberattack visualisation tool shows numerous attack originating in China and targeting the US NorseCorp

While it makes for hypnotic viewing, it is safe to assume that on any given day, there are cyberattacks being launched by China against the US, and in all likelihood, by the US against China.

One of those espousing the China link in the NYSE outage is former broker Josh Brown, who said on Twitter "a certain country isn't happy with the way our financial media is reporting on its financial market woes".

Brown adds he has never endorsed a conspiracy theory before but that this one "is the real thing".

  • Internal computer glitch

Also known as "the official line", it is sometimes easy to overlook Occam's Razor and dismiss the simplest answer in the search for a better headline.

While the NYSE has not gone into any detail about what this technical glitch may be, one expert in Wall Street trading systems has outlined what he believes happened.

Eric Scott Hunsader from market data firm Nanex told Fortune he believes a faulty system upgrade brought trading on the exchange to a halt. This upgrade was flagged to trading firms and other subscribers two weeks ago by the NYSE, with the exchange telling them it would be discontinuing some of its legacy systems.

There are two big issues with this theory. The first is why the NYSE would be upgrading its system in the middle of a trading day.

One answer to this, as Sullivan points out, is the NYSE thought it was upgrading a non-critical system – but it turns out the system was critical after all. A simple case of incompetence.

The second is that this explanation ignores the WSJ and Zero Hedge outages, the United Airlines glitch and the spooky Anonymous tweet 12 hours previous.

As the world we live in now relies so heavily on computerised systems, having two major outages (NYSE and United) in a single day should not come as too much of a surprise. Add to that the possibility that WSJ and Zero Hedge were knocked offline by a single attacker and the coincidences become smaller.

And if you consider there are thousands of Anonymous-related Twitter accounts constantly tweeting, I am sure you could fine some message pre-empting almost every major incident.

Then again, maybe I am trying too hard to convince myself.