Tuesday, May 28, 2013

Are Chinese Hacker Cyberattacks Really Behind the Theft of U.S. Weapons Systems Designs?

Designs for many advanced U.S. weapons systems – including the advanced Patriot missile, the Navy’s new high-tech Littoral Combat Ship, the Aegis ballistic missile defense system and the Black Hawk helicopter – were breached this morning. As media outlets picked up the Chinese cyberattack story, the recriminations flew faster than the F-35 fighter jet whose designs were reportedly stolen.

“That’s staggering,” Mark Stokes, executive director of the Project 2049 Institute, a think tank focusing on Asia security issues, told the Washington Post. “These are all very critical weapons systems, critical to our national security. When I hear this in totality, it’s breathtaking.”

Friday, May 24, 2013

Iran Cyberattacks on U.S. Power Installations Cross the Red Line

Distributed denial of service (DDoS) attacks against U.S. banking networks have been a mainstay of Iranian cyberattacks for nearly a year.  In the pyramid of danger of cyberattacks, DDoS are the least harmful of cyberattacks - disruptive but not threatening.

According to U.S. officials and as reported May 24th in the Wall Street Journal, Iranian attacks against the U.S. have recently taken a much more dangerous turn.  These latest cyber operations targeted control-system software that could allow manipulation of oil or gas pipelines.  There was no confirmed indication that such control was achieved, however.

This level of attack moves Iran’s cyber threat level against the U.S. up several notches on the cyber threat pyramid.  The threat is that Iran may gain access to control systems which allow them to gain control of gas and electricity production, turning systems on and off.

James Lewis, a cyber-security specialist at the Center for Strategic and International studies, remarked, “We don’t have much we can do in response, short of kinetic [physical] warfare.”

This is a dangerous threat to the United States which should set alarm bells ringing in Washington.  And if alarm bells are as effective in getting government attention as chemical weapons red-line crossings were in Syria, little action other than posturing, high-level meetings, and accusations hurled at the Iranians will constitute the only result.

The result of these new attacks may be positive, however, if the Iranian actions drive the U.S. electric power sector to markedly step up its cyber defense efforts.

If such step up is not initiated, and given anticipated lack of government intervention, we may be soon accessing websites in candlelight through our computer's battery power while Iranians dance in celebration through the streets of Tehran.

Tuesday, May 21, 2013

Does Personal Privacy Exist in the Digital Age? Dream On.

Imagine, for a moment, that you are living in the California Gold Rush era of the 1850’s. Money, money, everywhere for the taking. 

Well, the California rush is back, except this time it’s not in the foothills of the Sierra Nevada. It’s in the Valley of the Silicon. The major difference now is we are not the miners – we are the gold. Our movements, friends, purchases, photos, likes and dislikes, communications, and so on are the new “Silicon Gold.” Available free of charge, all with our permission. The miners? Facebook, Google and a host of other online companies.

In an amazing expression of truth, in his book The New Digital Age, Google executive chairman Eric Schmidt states the following:

Friday, May 17, 2013

Cybersecurity for U.S. Banking Industry Must Be Driven by Industry, Not Big Government

Do cyberattacks need to cause a plane to go down before cybersecurity gets the attention it demands?

I often wonder. It seems a disastrous cyber-induced consequence is the only way cybersecurity will become a priority. And unfortunately, a plane crash is well within the realm of reality.

With the recent ATM cyber heist and Wall Street marketcrash caused by the AP Twitter account hack, we may see a twinkle of understanding of the escalating risks that cyberattacks pose to American industry.


Tuesday, May 14, 2013

When Cyber and Physical Worlds Collude, We Lose

The previous three posts here dealt with the dangers posed by cyberattacks on our investments in America’s securities markets. The conclusion? That U.S. market information and trading mechanisms are structured in a way that is not only open to disruption from basic cyberattacks, but also conducive to it. The Twitter hack and its resulting market crash were 100% cyber-delivered – no human intervention.

But just as the headlines on the Twitter market crash faded, news of a new cyberattack broke. In the span of just a few hours, $45 million in cash was sucked from bank ATMs around the world.

How? The worlds of cyber crime and physical crime collided in what might be a new trend in cyberattacks.

Thursday, May 9, 2013

The Twitter Hack and Wall Street Market Crash: What Can You Do to Protect Yourself?

In my prior two posts, I examined how the recent AP Twitter account hack caused a sudden crash in the securities markets. I also discussed the potential investing dangers that may result from a cyberattack market crash.

So how can you protect your investments from future cyberattacks that affect U.S. securities markets?

First, let’s look at the reasons why social media’s market influence has increased in the past month:

  • Recently, the Securities and Exchange Commission began allowing companies to use services like Twitter to report financial news.
  • Bloomberg announced it was integrating Twitter feeds into its market information terminals.
  • High frequency traders started to include social media feeds into their high-speed algorithms that search for market-moving information. These algorithms are still in their infancy and prone to executing trading orders without corroborating information, which amplified the effects of the hacked AP Twitter account.
Some Wall Street observers believe we now have a more fragile market.  A market that is subject to even more unexpected, random swings than before. When you throw in the market-moving impact of false information, such as what happened with the recent AP Twitter account hack, what is the result? In the most recent instance, market swings that affect all investors.

Wall Street fund managers I have spoken with have downplayed the risks posed here, almost as though they do not exist. Investment firms and the financial media will similarly issue disclaimers stating there is no problem. They do not want the fear of chaos to drive the average investor from the market. After all, it is the average investor who feeds new funds into the securities markets for the professionals to trade on.

So what about protecting our investment accounts? The truth? There is nothing we as individuals can do to protect other firms' Twitter accounts from being compromised. As long as America's financial  and social media sites are open and vulnerable to attack, the hackers will clearly have the upper hand to strike when and where they please.

What is the typical investor to do? I suspect the answer lies partly in one’s investment strategy. Day traders, for example, may find themselves more subject to risk than long-term buy-and-hold investors.

But there are steps that you can take. If you fear U.S. markets, for example, overseas markets may be less prone to cyberattacks than Wall Street. The use of stop-loss orders, which execute trades to limit losses, can also be minimized or avoided outright.

Bonds, which aren’t quite as affected by rapid market moves as securities, are another investment alternative to consider.

Even if you take some of these steps, you’ll probably still wonder if your investments are safe. The answer partly depends on your investment philosophy and your tolerance for risk. And partly on luck, or the lack of it. Either way, the risks from cyberattacks on America's financial system pose a real and present danger. A danger deserving of serious investor consideration. For me, I have swung to real estate and cash.

What steps will you take to reduce your risk the next time a hacked Twitter account causes a market crash?

** NOTE: The comments herein are the opinion of James McFarlin and in no way should be interpreted as investment advice. See your financial advisor for assistance. **

("Business Data Analyzing" image: adamr/FreeDigitalPhotos.net)

Tuesday, May 7, 2013

The Twitter Hack and Wall Street Market Crash: Just the Beginning of the Trouble? [Part Two]

If you missed the first post in this series on the recent AP Twitter hack and market crash, read up on how a hacked AP Twitter account caused an abrupt plunge in the Dow Jones Average.

When the Associated Press’ Twitter account was hacked in April, it quickly sent the stock market crashing.

Luckily, AP put out a disclaimer and the market quickly recovered. The entire ordeal was over in less than three minutes.

While some have dismissed the event as “more flash than crash,” major questions remain. A primary concern has to do with the impact on the confidence in our securities markets. Why is Twitter so easily hacked anyway? And if a single social media post has the power to be this disruptive, what else can happen?

Immediately after the Twitter hack, America’s securities regulators called an emergency meeting. Preventing such future economic cyberattacks was their question. Their conclusion? No rule changes are possible to deter future attacks of this type. Their strategy? Deter future attacks through prosecution of those who profit from such hacking-fueled crashes. Really!

Think this is scary? You’ve seen nothing yet.

Fast forward your thinking to the potential disasters from another false Tweet or social media hack. What if false information is released by a hacked Twitter or Facebook account that is more difficult to disclaim? What if those false posts are confirmed by yet another hacked media source? What if this false information causes the Dow average to continue plummeting? What if predefined sell orders triggered by the panic accelerate the decline? Would they irretrievably wipe out the savings of millions of investors?

It looks like the regulators who met after the Twitter hack and market crash were right.

Technology is moving faster than their ability to regulate it. Social media streaming feeds to market terminals? New. Fancy algorithms to identify market-pertinent information? Still in their infancy. High frequency trading? Growing more sophisticated with each trading day.

I know you get the drift. We are only several serious cyberattacks away from nationwide economic chaos.

Scared yet? We should all be thinking seriously about this. In my next post, I will address how – and if – we can protect our assets from such market cyberattacks in the future.

Thursday, May 2, 2013

The Twitter Market Crash: Just the Beginning of the Trouble? [Part One]

Cyberterrorists have a new arrow in their quiver. Their target? America’s economic system.

On April 23, the Associated Press Twitter account reported about a bombing at the White House and sent U.S. securities markets plummeting. With the May 6, 2010 “Flash Crash” – which sent the market plunging and then recovering 1000 points ­– still an imprint in everyone’s mind, the attack sent a wave of fear through Wall Street and market regulators in Washington scrambling for cover.

As it turned out, it was a false tweet: the AP’s Twitter account was hacked.

The damage, however, was done. And the culprits of this Twitter market crash? Well, you might say those responsible for the AP Twitter hack who posted the false news. The Syrian Electronic Army has claimed credit, but we may never know for sure.

But the Syrians? Like a businessman seeking advantage, they’re just turning Wall Street’s self-prescribed business practices against itself.

So, who are the culprits? Here are some of the actions that made this cyber cocktail so ready-to-happen:

The Securities and Exchange Commission’s new rules authorizing the use of social media sites to announce market-moving news. Sophisticated computer algorithms which gather and analyze social media posts and stream relevant data, notices and events to trading firms, all in the space of two to three milliseconds. High-volume, computer-automated trading triggered as a result of this information.

There was also another soft ingredient in the mix. Yuri Milner, a venture capitalist and early investor in Facebook, Twitter, Zynga and other Internet firms, commented on CNBC that this event “clearly demonstrates the power of social media.” He then added, “What also is evident is the strength of Twitter’s level of influence.”

The result of the frenzied trading after the Twitter hack? A $136 billion drop in value of the Dow Jones Industrial Average in twenty seconds. The DJIA, mind you, is not a theoretical gauge of the market. It is comprised of stocks which populate tens of millions of investment and retirement accounts of working Americans.

The Associated Press quickly issued a disclaimer about the Twitter hack, the White House responded all was well, and the Dow regained its footing, ultimately erasing the drop. Those investors who had “sell” orders triggered during the Twitter market crash, however, were now looking at higher prices to repurchase their positions.

The bigger issue relates to how this could happen and what can be done to prevent reoccurrences. One brokerage firm head framed it this way: “The concern is ‘How do you know what’s right and what’s not? How do you know what’s hacked and what isn’t?’”

The next post will address the surprising steps being taken by regulators and the social media-flash trading dangers that loom on the horizon. What do you think can happen?

("Stock Exchange Board" image: audfriday13/FreeDigitalPhotos.net)