DDoS Cyber Attacks Against Global Markets Selected excerpts
Prolexic’s Security Engineering and Response Team (PLXsert) recently published a white paper, DDoS Attacks Against Global Markets, which shares cyber intelligence gathered from nearly a dozen significant distributed denial of service (DDoS) attacks against financial enterprises and the market effects of those attacks. A rising number of recent DDoS attack campaigns have targeted the financial industry. As a result, financial institutions are anxious, and governments are considering the national security implications associated with digital assaults against the critical economic infrastructure provided by financial firms, including trading platforms. Are DDoS cyber attackers trying to manipulate stock prices and trading markets? The DDoS experts in PLXsert think so. What is market manipulation? Market manipulation is a deliberate and malicious interference with market values in order to create an artificial price for a tradable security. DDoS attacks can be used to attempt to deliberately reduce the availability of products and services from a targeted company – or even an entire financial exchange platform. Many financial companies, including trading organizations, deliver a significant amount of their client services via their websites or via web applications. As a result, even though a victim enterprise might not suffer any inventory or physical loss as a result of DoS and DDoS attacks, the negative consequences associated with site availability and investor confidence may be substantial. The public image of a financial service firm is intricately associated with its cyber presence, and DDoS attacks and other cyber-‐attack vectors can modify the online presence of the victim, which can create artificial, false or misleading appearances – a hallmark of market manipulation – as can rumors generated about an organization via online sites, such as Twitter. Overall, PLXsert has found a causal relationship between cyber-‐attacks and a change in the valuation of a company in a given market. Who’s behind the cyber-‐attacks against American financial institutions? Significant denial of service attack campaigns require vast resources, a large number of attackers, and substantial coordination and collaboration. Since 2011, and growing in 2012 and 2013, DDoS attack campaigns have become a significant threat to financial firms. To understand DDoS attacks, it is important to learn about the groups behind the attacks.
Two groups were responsible for the two most significant attack campaigns against financial markets in 2012 and 2013. The Operation Digital Tornado campaign was organized by a group called L0ngWave99. The Operation Ababil campaign was organized by al-‐Qassam Cyber Fighters (QCF). Although the two groups appear to have distinct identities, there is also a record of them having shared the same attack tools. L0ngWave99, QCF and other malicious actor groups were responsible for several DDoS attack incidents that affected stock and currency valuations or interfered with trading. Operation Digital Tornado ran for three months from February to April 2012. In this campaign, L0ngwave99 claimed responsibility for attacking multiple U.S. securities and commodity exchanges. L0ngwave99 claims to be motivated by political ideals, including support for the Occupy Wall Street movement. The group’s website contains rhetoric against financial institutions and harsh criticism of the policies of the United States government and international financial institutions. Operation Ababil and the itsoknoproblembro campaign ran from January 2012 through August 2013. Although official announcements and claimed attributions began appearing on Pastebin only as early as September 2012, PLXsert researchers have identified through Open Source Intelligence (OSINT) that the DDoS attack campaign by QCF had been ongoing since at least January 2012. Details of itsoknoproblembro are described in a DDoS threat advisory from PLXsert. Get the full white paper for all detailed explanations In the white paper, PLXsert shares its insight into the use of DDoS cyber-‐attacks to influence stock prices and limit trading, including: • Details about 10 DDoS attack campaigns and their market effects • Insight into the perpetrators, attack methods and their public statements for each campaign • Types of malicious actors and their motives • The underground ecosystem that supports DDoS cyber attackers A complimentary copy of the white paper, “DDoS Attacks Against Global Markets, can be downloaded from the Prolexic website. About Prolexic Prolexic Technologies (now part of Akamai) is the world’s largest and most trusted provider of DDoS protection and mitigation services. Learn more at http://www.prolexic.com.