Page 1

DDoS  Cyber  Attacks  Against  Global  Markets   Selected  excerpts  

Prolexic’s  Security  Engineering  and  Response  Team  (PLXsert)  recently  published  a  white  paper,  DDoS   Attacks  Against  Global  Markets,  which  shares  cyber  intelligence  gathered  from  nearly  a  dozen   significant  distributed  denial  of  service  (DDoS)  attacks  against  financial  enterprises  and  the  market   effects  of  those  attacks.       A  rising  number  of  recent  DDoS  attack  campaigns  have  targeted  the  financial  industry.  As  a  result,   financial  institutions  are  anxious,  and  governments  are  considering  the  national  security   implications  associated  with  digital  assaults  against  the  critical  economic  infrastructure  provided   by  financial  firms,  including  trading  platforms.  Are  DDoS  cyber  attackers  trying  to  manipulate   stock  prices  and  trading  markets?  The  DDoS  experts  in  PLXsert  think  so.     What  is  market  manipulation?     Market  manipulation  is  a  deliberate  and  malicious  interference  with  market  values  in  order  to   create  an  artificial  price  for  a  tradable  security.  DDoS  attacks  can  be  used  to  attempt  to   deliberately  reduce  the  availability  of  products  and  services  from  a  targeted  company  –  or  even  an   entire  financial  exchange  platform.  Many  financial  companies,  including  trading  organizations,   deliver  a  significant  amount  of  their  client  services  via  their  websites  or  via  web  applications.  As  a   result,  even  though  a  victim  enterprise  might  not  suffer  any  inventory  or  physical  loss  as  a  result   of  DoS  and  DDoS  attacks,  the  negative  consequences  associated  with  site  availability  and  investor   confidence  may  be  substantial.       The  public  image  of  a  financial  service  firm  is  intricately  associated  with  its  cyber  presence,  and   DDoS  attacks  and  other  cyber-­‐attack  vectors  can  modify  the  online  presence  of  the  victim,  which   can  create  artificial,  false  or  misleading  appearances  –  a  hallmark  of  market  manipulation  –  as  can   rumors  generated  about  an  organization  via  online  sites,  such  as  Twitter.  Overall,  PLXsert  has   found  a  causal  relationship  between  cyber-­‐attacks  and  a  change  in  the  valuation  of  a  company  in  a   given  market.     Who’s  behind  the  cyber-­‐attacks  against  American  financial  institutions?       Significant  denial  of  service  attack  campaigns  require  vast  resources,  a  large  number  of  attackers,   and  substantial  coordination  and  collaboration.  Since  2011,  and  growing  in  2012  and  2013,  DDoS   attack  campaigns  have  become  a  significant  threat  to  financial  firms.  To  understand  DDoS  attacks,   it  is  important  to  learn  about  the  groups  behind  the  attacks.      


Two groups  were  responsible  for  the  two  most  significant  attack  campaigns  against  financial   markets  in  2012  and  2013.  The  Operation  Digital  Tornado  campaign  was  organized  by  a  group   called  L0ngWave99.  The  Operation  Ababil  campaign  was  organized  by  al-­‐Qassam  Cyber  Fighters   (QCF).  Although  the  two  groups  appear  to  have  distinct  identities,  there  is  also  a  record  of  them   having  shared  the  same  attack  tools.  L0ngWave99,  QCF  and  other  malicious  actor  groups  were   responsible  for  several  DDoS  attack  incidents  that  affected  stock  and  currency  valuations  or   interfered  with  trading.     Operation  Digital  Tornado  ran  for  three  months  from  February  to  April  2012.  In  this  campaign,   L0ngwave99  claimed  responsibility  for  attacking  multiple  U.S.  securities  and  commodity   exchanges.  L0ngwave99  claims  to  be  motivated  by  political  ideals,  including  support  for  the   Occupy  Wall  Street  movement.  The  group’s  website  contains  rhetoric  against  financial  institutions   and  harsh  criticism  of  the  policies  of  the  United  States  government  and  international  financial   institutions.     Operation  Ababil  and  the  itsoknoproblembro  campaign  ran  from  January  2012  through  August   2013.  Although  official  announcements  and  claimed  attributions  began  appearing  on  Pastebin   only  as  early  as  September  2012,  PLXsert  researchers  have  identified  through  Open  Source   Intelligence  (OSINT)  that  the  DDoS  attack  campaign  by  QCF  had  been  ongoing  since  at  least   January  2012.  Details  of  itsoknoproblembro  are  described  in  a  DDoS  threat  advisory  from  PLXsert.     Get  the  full  white  paper  for  all  detailed  explanations     In  the  white  paper,  PLXsert  shares  its  insight  into  the  use  of  DDoS  cyber-­‐attacks  to  influence  stock   prices  and  limit  trading,  including:   • Details  about  10  DDoS  attack  campaigns  and  their  market  effects   • Insight  into  the  perpetrators,  attack  methods  and  their  public  statements  for  each   campaign   • Types  of  malicious  actors  and  their  motives   • The  underground  ecosystem  that  supports  DDoS  cyber  attackers   A  complimentary  copy  of  the  white  paper,  “DDoS  Attacks  Against  Global  Markets,  can  be   downloaded  from  the  Prolexic  website.   About  Prolexic   Prolexic  Technologies  (now  part  of  Akamai)  is  the  world’s  largest  and  most  trusted  provider  of   DDoS  protection  and  mitigation  services.  Learn  more  at    


DDoS Cyber Attacks Against Global Markets | Prolexic | A rising number of recent DDoS attack campaigns have targeted the financial industry. As a result, financial insti...