|
By Anthony M. Freed, Infosec Island
Investigations continue into the root cause of the anomalous stock market volatility that recently saw nearly $1 trillion in market value evaporate in matter of minutes.
Three very possible scenarios where postulated immediately in the news. First, that the social, economic and political unrest in Greece caused the precipitous decline -- though this is unlikely simply because the problems in Greece have long been anticipated and accounted for by the market. The second was high-volume electronic trades -- either accidental or as means to game the market with a temporary panic -- which in itself reveals some serious systemic vulnerabilities in trading systems, regardless of whether it played a part or not.
The third hypothesis, that the decline was due either to a coordinated cyber attack or to hacker infiltration, is by far the most troubling from a security perspective.
Daniel Wagner of the Associated Press reported, "The White House's homeland security and counterterrorism adviser says there is no evidence that a cyber attack was behind the chaos that shook Wall Street... John Brennan told Fox News Sunday that officials have uncovered no links suggesting that cyber attacks caused turbulence that sent the Dow Jones industrials plunging almost 1,000 points..."
Assuming the Obama administration's well-publicized rebuke of the notion that hackers played a part in the raucous trading is correct, the mere fact that they made such a concerted effort to dispel the hacker scenario highlights the reality that such an infiltration is not only possible, it is highly probable.
The fact that the "kill-the-hacker-story" message was issued during the Sunday political talking head circuit is strong evidence that the administration is not only taking the threat of cyber insecurity in our financial systems very seriously, they are also cognizant of the damage to investor confidence that could result from such an event -- or even from the rumor of such an event.
While market turbulence may create opportunity for investors to profit, fear and uncertainty from intangible risks work to undermine confidence in the fundamental mechanisms that organize and govern our financial system. Theoretically, any number of large-scale financial cyber security events could set in motion a series of catastrophic events fueled by a sudden collapse in institutional confidence, regardless of whether or not the event itself actually resulted in significant losses.
Consider for a moment a scenario where tens of thousands of consumers awake one morning to find their bank accounts apparently cleaned out. I say apparently because the effect would be the same whether or not the loss of funds was actual or merely perceived for a long enough period of time that the event was seized upon by the media.
Under such circumstances, it is highly likely panicked customers would descend upon their financial institutions, frantically trying to pull their funds out before they too become a victim. Affected banks could find they are insolvent and under FDIC control in a matter of days.
For those of you not familiar with the nature of our fractional reserve system, it needs to be mentioned here that banks are only required to maintain a small portion of their booked deposits at any given time. Simply stated, they loan out or invest all but about 10 percent of your deposits, so it only takes a small percentage of the bank's customers suddenly pulling their funds out to kick regulatory bodies into action.
The stock market would also react with a sharp dip in the financials and related sectors, and the chain of events would be so swift that not even the fabled "Plunge Protection Team" could prevent a crash of some magnitude.
Meanwhile, subsequent investigation could reveal that there was no actual loss of funds, and that there was not even a breach of the banking networks at all.
This entire scenario could result from hijacked URLs and rogue websites that appear identical to those of legitimate banking sites, combined with a mass email blast "alerting customers" that their accounts have been flagged due to a large withdrawal.
Dramatic? Perhaps, but the point is that our entire financial system dances on the head of pin, and unlike the unrest in Greece, the markets have yet to account for systemic cyber security risks.
Financial sector cyber security events -- whether real or perceived -- threaten our economic stability by potentially undermining the public's confidence in our collective ability to protect our critical financial infrastructure from manipulation and outright attack.
Anthony Freed is director of business development and managing editor at Infosec Island Network.
Copyright © 2009 - 2010 WireHead Security, LLC
Only registered users can write comments.
Please login or register. |
