Hackers Could Be Probing Stock Exchange Network, Says Cybersecurity Firm

July 8, 2015 Updated: July 10, 2015

The New York Stock Exchange (NYSE) may be at risk of a large-scale cyberattack, and the current narrative saying no attack is suspected is full of holes, according to the head of a cybersecurity firm.

Trading on the NYSE was suspended on Wednesday afternoon after an alleged glitch. Around the same time, United Airlines briefly grounded all flights due to a system-wide failure. The Wall Street Journal also went offline due to a problem with its computer servers.

Soon after the networks went offline, the NYSE stated on Twitter that the outage was “not the result of a cyber breach,” and the Department of Homeland Security said there was no indication that the NYSE had been hacked.

Many experts in the cybersecurity community, however, say they need more evidence before assuming a cyberattack was not involved.

“For them to come out immediately and say there are no indicators of cyberattacks or malicious actors in this organization, that didn’t make any sense to me,” said Eric Devansky, director of global security services for TruShield Security.

“That kind of analysis takes weeks or even months to find the cause of,” Devansky said, noting that the claims no cyberattacks were involved were released within an hour of the outage.

Devansky believes that a hacker had probed the networks.

The likely cause is unfortunately much less favorable. Devansky believes that a hacker had probed the networks.

“What’s far more likely that a zero day vulnerability was found in a key piece of infrastructure or software, and somebody is exploiting that to see what the response is,” Devansky said.

“I believe we haven’t seen the end of this, and we’ll see something greater,” he said.

For Devansky, incidents like this are in his backyard. His company does private cybersecurity for clients in finance, infrastructure, and government.

There were a few other holes, which he said make it difficult to believe the outages at the NYSE, United Airlines, and the Wall Street Journal were unrelated.

If the outages had been caused by administrative issues, they wouldn’t have happened mid-day or at the same time. He said, “often when you see issues of a bad patch or updates applied to a system, it’s generally applied off-hours.”

At 6:17 p.m. the NYSE put out a statement attributing the outage to a “configuration issue.”  

“The New York Stock Exchange and NYSE MKT experienced a technical issue and, consistent with our regulatory obligations, the decision was made to suspend trading as we worked to identify the cause and resolve it,” the statement reads.

From Devansky’s perspective, the fact that all three systems went down needs to be examined.

“I don’t see any logical explanation of three major suppliers at three major industries at exactly the same time,” he said, adding “we’re too soon for them to have done any kind of analysis to prove these weren’t attacks.”

Meanwhile, these were all high-profile targets. “They attacked the press, an airline, and a major market,” he said, noting these are the kinds of critical infrastructures that get media coverage.

Follow Joshua on Twitter: @JoshJPhilipp