The Day the Networks Died: Attack or Glitch for NYSE, United?
The New York Stock Exchange (NYSE) resumed trading at 3:13 pm EST today, after an "internal technical issue" suspended operations for almost four hours.
Only three days after HackingTeam was hacked and on the same day, United Airlines suffered from a "network connectivity" issue that grounded seven flights and delayed another 267, the Wall Street Journal's home page displayed an error message, and there was an apparent flurry of attacks on St. Louis, Mo.
"There is no indication that hackers were involved," White House Press Secretary Josh Earnest told reporters.
While a surge of readers most likely caused sluggish response rates across many media sites and the Journal's error message, social media and online forums buzzed with concern that the NYSE and United outages were part of a concerted cyberattack.
Hacker group Anonymous, for example, tweeted:
Multiple failures on the same day raised many eyebrows.
"It seems like a pretty big network issue. It's definitely peculiar. We don't want to call it either way," Erik Knight, CEO of SimpleWan, said in an interview. "It could very well be a coincidence. Everyone's very sensitive to the whole cybersecurity issue."
Most likely, technology faults were behind both the United Airlines and NYSE outages, several security experts agreed.
"While there is speculation that today's outages are a coordinated cyberattack, the more probable cause is a large software upgrade that may have occurred last night," Bill Ho, CEO of Biscom, told Enterprise Technology. "For systems as large and complex as NYSE, it's difficult to test and QA a full upgrade. As a result, you see more limited testing, which creates greater risk and can often cause system crashes."
Both organizations could have used the same product or the timing could be entirely coincidental, suggested Steve Marsh, CEO and founder of Smarsh, in an interview.
"I think it's interesting immediately that's where everyone's mind starts to wander. In the environment we're in right now… people maybe forget there's a reliability issue inherent in these systems," he said. "We're overly sensitive to those types of issues because we've heard so much about them recently. Three or four years ago it, it was a huge deal and potentially it would put a company out of business and make them lose customers. Now it's almost expected. People say it's horrible but move on with their lives."
Some enterprises implement software updates on Tuesdays – apparently a step United Airlines made – a dangerous move since it can disrupt day-to-day operations, said Knight. The airline, which briefly grounded flights in June, cited a problematic router as the cause of its technical woes.
"If it is a systems glitch, people have to get over the whole 'Tuesday patch' scenario," Knight said.
Also today, security firm Norse noticed increased attacks on St. Louis via its threat intelligence network that tracks live attacks. A lot of activity appears to come from China to IP addresses in St. Louis, according to the map.
No matter today's situation, organizations must prepare for a real en masse cyberattack, security experts said. NYSE and United would be typical targets, said Ho.
"If hackers are to blame, NYSE would be an obvious target. The financial systems are intertwined, there's a large volume of transactions and it is all computerized. It's the ultimate pot of gold for cybercriminals, and creates the perfect storm for attacks that could have major repercussions," he said. "While not likely financially focused, United Airlines is a similar case of a major company with the ability to affect a mass amount of people. When it comes to future cyber attacks, infrastructure -- from power grids to nuclear power systems -- remains a big target and a major concern."