Krypt3ia

Given the recent events with the stock markets sudden and sharp dip, many people have been pondering whether or not there was some computer trickery involved. One might even dare to say “hack” or, unfortunately, the moniker of “CyberWar” has been thrown out there about the incident.

From what I have heard on the news, the systems just seemed to go off on their own, the words used were “took off” and there were even references in the news to “Skynet” Oh my… Now that is scary, these people are looking at this as the next SkyNet out to whack us with giant Schwarzenegger’s!  I think though, that the reality lies more along the lines of perhaps a test. Perhaps a pre-test to something more akin to the cyberwar scenarios.

What’s bothering me though is the eerie silence on the part of the government, the police/feds, and Wall Street itself on this. Of course I am sure they would all love to minimize any fears that the public may have here because surely, if the word went out that this was an attack or a hack, then the market would crash further and for longer than it did last week. People would just not have any faith in the system and there would be the equivalent of a bank run on Wall Street.

So the news media and the talking heads tried to pawn this off to a “fat finger” trade, but then, as time went on, it came to light that it couldn’t be that. So, what was it then? Are they investigating? Are there Secret Service folks on site performing forensics on digital assets?

Like I said.. “eerie silence”

This all got me thinking about the potential for a hack on the NYSE and the stock markets in general. My first task as any good security specialist was to footprint the target. So, I went to “The Google” and did some foot printing at www.nyse.com what I found rather flabbergasted me. If you look in the right way, you can gather a LOT of intel on the network makeup, protocols, processes, clients, and vendors for the stock market. All of this just coming from one domain mind you…

I was able to not only obtain documents marked “CONFIDENTIAL” but those same documents described networks, processes for DR, Backup, and daily operations. I was also able to get manuals on their systems that interface to make trades from both inside and from outside of the exchange. Some of these documents actually described actions that the network operations folks are yet to actually carry out for 2010.

Oh yes, our theoretical money on Wall Street is safe… Not.

In one case, I actually was able to gather IP addresses for failover in NJ and Chicago as well as when they were planning on running a failover test. So, yeah, these documents are all, as a whole, a hell of a start to begin planning for an attack on the monetary engine of our country. Many of these documents I assume have just been put in the wrong directories on the web facing servers even with the markings on them, but, really, c’mon guys where’s your OPSEC?

Even better, the uber document with much data on how the systems work and includes network diagrams goes further to show you cabinet details in collocation areas as well as has actual blueprints to the trading floor in NYC.

DOH!

So, perhaps there is a reason for the quiet huh? Imagine the panic that would ensue if indeed the market was attacked by someone with a computer and a set of pdf’s on how to operate trading software? Imagine the fear right now to those of you in the security field who are about to learn that in one case, a system used to trade carries out its actions on a TELNET session over the internet…

No… Really… I saw it. Perhaps they have a VPN or maybe I misread it but….

Check whether you can telnet://XXX.XXX.XXX.224:1723. If not, try to telnet://XXX.XXX.XXX.224:1838. If you can reach 1838 but not 1723, you must create a new line in the [TALIPC] section of the TAL.INI. The line reads: UseNewPort=

Oh yeah.. there you have it… Needless to say, I stopped there. Google had given me enough to really mount a plan…

Its time to start hiding your money in mattresses folks… Or maybe just buy all the gold jewelery you can and head to “Good ol’ Tom” when the shit hits the fan. So Wall Street, What’s the story here?

K