NYSE halts trading and United Airlines flights grounded

Panic!

There are a lot of people panicking right now.

Trading has halted on the New York Stock Exchange and United Airlines grounded thousands of flights worldwide.

I'm not catching any flights today, or trading any shares, but I knew there was a problem because my phone started ringing. Yup, reporters wanted to know if the events were connected, and if they were - could it be Chinese hackers who were responsible?

Firstly, how on earth would I definitively know if the events were connected? I'm sitting in my office in Oxford, UK, looking out over the back garden. So I answer honestly, the only way I know how:

"I haven't seen anything to suggest that the events are connected."

Then onto the next question - could it be Chinese hackers?

Chinese soldierIgnoring for now why it should be China's hackers rather than, say, Belgium's hackers or indeed American hackers, there's an interesting issue here.

How did people's concerns about cybersecurity become so raised that any kind of computer glitch or technical downtime instantly raises suspicion that malicious hackers might be involved?

I get that it makes for a *much* more exciting news story if it's true, but I think we should be careful about jumping to any rash conclusions.

Quite often downtime can be caused by down-to-earth human error or regular computer problems, rather than something more sinister.

Hopefully in the coming hours things will become clearer. United Airlines has posted on Twitter that it believes it suffered a "network connectivity" issue, which can easily be caused by issues such as poor configurations or dodgy hardware rather than a crack squad of uber-hackers. CNBC reports that United Airlines flights are now restored following the grounding, although passengers can expect delays.

My guess is that they turned a piece of equipment off and on again, and got things back to normal. Okay, so maybe it was a bit more complicated than that - but in my experience that's the basic solution for most IT problems.

Similarly, the NYSE could be suffering from a technical glitch that has nothing to do with hoody-wearing hackers in the employ of the People's Liberation Army.

Even if it was found that hackers were to blame, attributing an attack to a particular country is *notoriously* difficult.

Stay safe folks, and don't panic.

Tags: , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , , ,

17 Responses

  1. Joe

    July 8, 2015 at 6:14 pm #

    And now there are reports the Wall Street Journal site was hit….

    • Graham Cluley in reply to Joe.

      July 8, 2015 at 6:15 pm #

      The WSJ says its website is back up: https://twitter.com/WSJ/status/618828828950036481

  2. Marco

    July 8, 2015 at 7:28 pm #

    I don't think this had something to do with the NYSE downtime, but Anonymous tweeted this last night:

    https://twitter.com/YourAnonNews/status/618626955433349120

  3. Alejandro

    July 8, 2015 at 8:59 pm #

    I like your writing style Graham, sometimes you take a smile from me :)

    As marco pointed out (thanks Marco) Anonymous could either be 1-Assuming the true protagonism over the fact or 2-Assuming a fake protagonism to get profit from it.

    • Graham Cluley in reply to Alejandro.

      July 8, 2015 at 9:20 pm #

      Thanks for the kind words Alejandro.

      Maybe Anonymous's Twitter account was commenting on something else entirely and its possible repercussions on the stock market. For instance, the situation in Greece.

  4. Coyote

    July 8, 2015 at 10:04 pm #

    "How did people's concerns about cybersecurity become so raised that any kind of computer glitch or technical downtime instantly raises suspicion that malicious hackers might be involved?"

    Scapegoats and the blame game. Unfortunate but that is what it is; people tend to shy against making mistakes. Some times the supposed mistake(s) is(are) not really mistakes so much as mechanical failure (e.g. head crash on a HDD)… but as long as they don't have the blame (blame might be for criticising but it doesn't mean you can't be responsible for something that is good), that's all that matters (in their mind). And those who want it to be that way… sensationalism at its finest (and also, unfortunately, blaming others e.g. 'It is always China's fault!').

    "Quite often downtime can be caused by down-to-earth human error or regular computer problems, rather than something more sinister."
    Including time.

    "Hopefully in the coming hours things will become clearer."
    Funnily enough, I thought of the above – time – before I got to this part of your post. So I made a pun from your wording in a rather quirky way (and you had one too, of course – downtime and coming hours).

  5. drsolly

    July 8, 2015 at 11:41 pm #

    I had to change the batteries in one of my UPSes because it was showing a red warning light. How did the chinese hackers do that?

    • Coyote in reply to drsolly.

      July 11, 2015 at 12:28 am #

      I heard they have an affinity to the colour red. Could that be how they managed? I tend to ignore the lights on my UPSes as the ones I have these days have LED displays (and combined with apcupsd I have all I need). I didn't remember seeing red lights on my UPSes (but that doesn't mean anything necessarily). If I ever see any red light I will know enough to be very concerned, thanks to you.

  6. Durruti

    July 9, 2015 at 11:07 am #

    What about the HackingTeam leaked material? Could anyone have used something from them for causing this?

  7. Cube

    July 9, 2015 at 12:44 pm #

    "Even if it was found that hackers were to blame, attributing an attack to a particular country is *notoriously* difficult."

    you should do an article on why this is the case in very simple language that can be shared around for chicken littles to read.

    • Coyote in reply to Cube.

      July 11, 2015 at 12:34 am #

      He has. Multiple times (maybe not simply titled though.. don't remember). As have others. But you can't expect the masses to understand it, can you? Even without the romanticism of it all (or what I would I think one would call romanticism), you have the constant spreading and abuse of propaganda and general lies that never die. Add to that, the tendency of humans liking conflict, and this concept will never be understood to the majority of the population.

      • Graham Cluley in reply to Coyote.

        July 11, 2015 at 12:37 am #

        Nonetheless, I still think it would be a good idea to write a simple, focused article that explained why attack attribution is so difficult – and then I can link to it from many future articles (no doubt).

        Thanks for the idea Cube – it's on the list!

        • Coyote in reply to Graham Cluley.

          July 11, 2015 at 6:49 pm #

          I agree, of course. I've written about this before also, but I've always done it about a specific incident. One possible way that would help others understand is this (although maybe you have other ideas): phones. Specifically if some Chinese (..only as a pun, nothing else) steals your phone and harasses others (or breaks the law) with your phone, who is responsible? Using the logic of the FBI, YOU are responsible even though it wasn't you; the fact your phone number ('ip address') is involved is more than enough in their mind. Except that is absurd and factually incorrect. Then consider state sponsorship is very different from from a state.

          And yes, there will be many more instances of where you could (and should) link to it.

          Edit: Oh, and yes, it is a great idea.

  8. Anonymous

    July 9, 2015 at 3:41 pm #

    >Firstly, how on earth would I definitively know if the events were connected?

    Whilst it might get/be a little tedious, at least your phone rings!

  9. Zargon, Master of Destiny

    July 9, 2015 at 4:51 pm #

    "My guess is that they turned a piece of equipment off and on again, and got things back to normal…that's the basic solution for most IT problems."

    Yep…and the extraordinary delusions and popular madness of crowds is sufficient to explain much of the rest of it.

    People don't notice when systems work right; they only notice when something breaks. If you lump all "breakings" together, regardless of cause, and divide by the total number of systems, the resulting fraction would be tiny.

    But tiny doesn't get blog hits, or get folks to watch the talking heads, or give much traction to our elected clowns, who are here to Set Things Right, By Golly. It takes some human drama to do that, and The Boogeyman — the universal bad guy —- does the trick.

    For all our sciencey progress, fear and loathing is still the E-ticket ride for most humanoids on planet Earth.

  10. Dr. Quien

    July 9, 2015 at 7:17 pm #

    Your parting comment reminds me of my favorite T-shirt:
    "If I am ever on life support, unplug me. Then plug me back in. See if that works."

    • Coyote in reply to Dr. Quien.

      July 11, 2015 at 12:35 am #

      Classic. Thanks for sharing that.

Leave a Reply