Monday, 22 April 2013

Securities regulators turn gaze to cyber-threat

Imagine you are a European futures trader sitting at your desk on a quiet trading day when your phone rings. At the other end of the line someone claims to be from the IT department and requires permission to access your PC remotely to urgently fix a bug. You oblige and pop to the coffee machine in the interim. When you return to your trading terminal a hugely oversized sell order has been sent to the exchange, which subsequently sparks a catastrophic selling frenzy, destabilising the market.
Securities regulators turn gaze to cyber-threat
This may seem far-fetched, but it is just one of several possible scenarios that concern regulators as the threat of cyber-crime and terrorism intensifies. “This is not science fiction,” said Larry Ponemon, founder of information security think tank the Ponemon Institute. “A cyber-war is happening today.”
The rise of hostile cyber-activity has led to a series of high-profile incidents in recent years. During the past six weeks, for example, several US banks have suffered sustained attacks from hacktivist group Izz ad-Din al-Qassam Cyber Fighters that have taken their websites offline, according to reports. And last month a stand-off between a spam-filtering company – Spamhaus – and a group blacklisted by the firm reportedly slowed the entire European internet.
And this might be only a glimpse of what could come. The European Commission cites research by the World Economic Forum, which says there is a 10% chance that a cyber-related incident could result in a critical national infrastructure breakdown in the coming decade, costing an estimated $250bn.
Governments and regulators are rattled. In February, the European Commission, alarmed by the increasing “frequency, magnitude and complexity” of the cyber-threat, unveiled a new cyber-strategy and a proposed directive for national information security.
Currently, only Europe’s telecommunications industry is subject to direct regulation of information security controls, but the directive proposes to extend this regime to other economically critical institutions, including banks, stock exchanges and market infrastructure firms. The rules will require these institutions to report big online attacks to national authorities, disclose security breaches and implement basic standards.
Financial News has also learnt that the International Organization of Securities Commissions, the global body that represents the world’s major securities regulators, is also working in conjunction with the World Federation of Exchanges on research into cyber-attacks. This may form the basis of a Iosco report and potential cyber-security standards for market infrastructure firms.
The move to directly supervise cyber-security controls reflects a growing realisation among regulators that cyber-attacks present a form of systemic risk, according to one member of a research team at a regulatory institution.
He said: “This is a sensitive topic that has been in the back of regulators’ minds but it has largely been seen as an IT issue out of their control. It is clear, however, that the impact of a successful attack on a stock exchange or a service provider could be significant for the financial markets.”

Evolving threat

IT experts agree that the threat to securities markets is growing. Historically, hostile cyber-activity in the financial services sector has involved criminal gangs targeting retail bank platforms in a bid to steal customer funds. The growth of so-called hacktivism, state-sponsored cyber-espionage and cyber-terrorism, however, has resulted in more attacks on market infrastructure firms.
In 2011 the Hong Kong Exchanges and Clearing group was forced to suspend trading in certain stocks as a result of an attack on its website, and in February 2012 Bursa Malaysia, the Kuala Lumpur-based stock exchange, experienced a similar assault.
These attacks have typically targeted firms’ web-facing services and applications that are vulnerable to external assaults through direct hacks or so-called distributed denial of service (Ddos) onslaughts designed to overwhelm a website with extreme levels of web traffic.
Michael Cooper, chief technology officer at BT Radianz Services, a provider of trading infrastructure, said: “All sorts of market participants are susceptible. In particular, the increase in the number of instances of distributed denial of service attacks is self-evidently a concern.”
He added: “All trading infrastructures are being probed all day long.”
Although attacks on exchanges’ web-facing services have proved disruptive for the firms concerned, IT experts have long believed that they could not result in widespread disruption to the markets because trading networks are private, resilient and isolated from the internet.
But the growing sophistication of socially engineered attacks, which are designed to target specific individuals within a firm, has led security experts to question this assumption.
Ponemon said: “Closed telecommunications systems are in fact vulnerable. More recently we have seen attacks become more stealthy, and getting into the transactional layer.”
Mark Clancy, managing director of technology risk management at the Depository Trust & Clearing Corporation, the US post-trade giant, said people are the biggest challenge. “Someone surfing the internet could serve as a bridgeable channel between the outside world and a closed network. As a result, companies are having to create greater isolation between those two areas.”
One individual at a regulatory body said it was “a matter of if, not when” a socially engineered attack resulted in a significant trading disruption.

Information sharing

According to the European Commission, Europe’s thus-far fragmented approach to cyber-security has hindered co-operation between all but a handful of member states. It hopes that the proposed rules, which have yet to enter negotiations, will promote information sharing on the nature of the threat, allowing firms to better defend against it.
The DTTC’s Clancy said: “Europe has a particular challenge with respect to cyber-security due to its composition of several member states. It is drafting a strategy similar to that of the US, but there is a need for greater co-ordination in the EU. The region has a big challenge around privacy and civil liberty concerns with respect to sharing information regarding cyber-attacks. It needs to come up with a way to share information that doesn’t raise concerns on a privacy front.”
Udo Helmbrecht, executive director of the European Network and Information Security Agency, Europe’s cyber-security body, which is expected to play a greater role under the new regulatory regime, said another challenge for legislators as they come to negotiate the final text would be in setting the reporting threshold.
He said: “One of the questions is to whom should companies report breaches, how often and to what extent. This has to be defined and quickly.”
Mark Waghorne, senior manager in KPMG risk consulting, warned against creating a new compliance burden for the financial sector, which has traditionally proved extremely skilled in dealing with cyber-threats.
He said: “Banks and other financial services organisations are extremely good at working co-operatively on cyber-security issues. I think the Commission proposal is well intentioned but it may produce a compliance burden, which could actually deflect resources away from existing defences. Firms might be compliant, but not, in fact, secure.”‰
•Empowering Enisa
The European Network and Information Security Agency was first established in 2004 as Europe’s cyber-security agency, acting as a centre for cyber-security expertise and information-sharing. The Crete-based agency has long-suffered from a lack of financial and political support among member states, and possesses no enforcement powers. But its fortunes are changing.
Amid the rising tide of cyber-attacks, UK Conservative MEP Giles Chichester, who sits on the Industry, Research and Energy Committee in the European Parliament, has led a campaign to beef up the agency.
Last week, the European Parliament voted to extend Enisa’s mandate by a further seven years and expand its responsibilities, in what European Commission vice-president Neelie Kroes described in a statement last week as a “new start” for the agency.
Enisa is also set to play a key role in establishing network and information security standards under the European Union’s recently proposed EU cyber-security strategy and network information security directive.
Udo Helmbrecht, executive director of Enisa, said: “During the past five years, we’ve seen increasing political awareness regarding cyber-security. When we came into force in 2004, some member states were reluctant. We’re now in good shape. We’ve received great support from Giles, but we’re not dependent on party politics.”


Loss of Onlanka News Data due to Attack

Cyber Attack
A report from their website  stated that the News website has been under attack for about 5 days and several data has been lost due to Cyber Attack.

South Korea finds Chinese code used in cyber attack

Investigation: South Korean computer researchers, left, check the shutdown computer serves of Korean Broadcasting System (KBS).
Investigation: South Korean computer researchers, left, check the shutdown computer serves of Korean Broadcasting System (KBS)

The biggest cyber attack on South Korean computers in two years used malware from China, an initial investigation focusing on possible links to North Korea has found.
About 32,000 servers were damaged in Wednesday's attack on broadcasters and banks, the Korea Communications Commission said.
President Park Geun-hye set up a team to investigate whether North Korea was responsible after computer shutdowns hit companies including Shinhan Bank, Nonghyup Bank, Munhwa Broadcasting Corporation, YTN and Korean Broadcasting System.
The attack occurred amid increasing friction over North Korea's nuclear weapons program. Kim Jong-un's regime, which detonated an atomic device last month, has threatened to attack the US with nuclear weapons and said on Thursday that US bases in Guam and Japan were within range.
''Discovering that the code was from China makes it more likely that the attack was from North Korea, because a lot of North Korean hackers operate there,'' said Ryou Jae-cheol, a professor of computer engineering and securities at Chungnam National University. ''Who else would be making this kind of attack at this scale and timing other than North Korea?''
The Chinese Foreign Ministry did not immediately respond to faxed questions seeking comment.
The commander of US forces in South Korea, General James Thurman, told Congress last March that North Korea had ''growing cyber warfare capability''.
The North ''employs sophisticated computer hackers trained to launch cyber infiltration and cyber attacks against'' South Korea and the US, General Thurman said.
Malware code was distributed through targeted organisations' servers, destroying their computers' ability to boot, the Korea Communications Commission said on Wednesday.
''This is the biggest and most serious cyber attack in two years,'' an official at the commission, Shin Hong-sun, said. ''There haven't been simultaneous attacks on more than one target since 2011.''
South Korea blamed the North for an attack on about 40 websites in 2011. The South also blamed the North for an attack on Nonghyup a month later that stopped almost 20 million clients from using ATMs and online banking services. South Korean police believe the most recent cyber attack by the North was last June, against the JoongAng Ilbo newspaper.

Hacker gets a year in prison for Sony attack

A hacker who pleaded guilty to taking part in an extensive computer breach of Sony Pictures Entertainment has been sentenced to a year in prison, followed by home detention, US federal prosecutors said.
Cody Kretsinger, a LulzSec hacker who used the online moniker "Recursion", pleaded guilty in April 2012 to one count each of conspiracy and unauthorised impairment of a protected computer as part of a plea agreement with prosecutors.
LulzSec, an offshoot of the international hacking group Anonymous, has taken credit for hacking attacks on government and private sector websites.
Kretsinger, 25, was also ordered by a US district judge in Los Angeles to perform 1000 hours of community service after his release from prison, said Thom Mrozek, spokesman for the US Attorney's Office in Los Angeles.
During last year's plea hearing, Kretsinger told a federal judge that he gained access to the Sony Pictures website and gave the information he found there to other members of LulzSec, who posted it on the group's website and Twitter.
Prosecutors said Kretsinger and other LulzSec hackers ultimately caused the unit of Sony more than $US600,000 in damage.
Kretsinger's plea came a month after court documents revealed that Anonymous leader "Sabu", whose real name is Hector Xavier Monsegur, had pleaded guilty to hacking-related charges and provided the FBI with information on fellow hackers.
Prosecutors have declined to say if Kretsinger was also co-operating with authorities in exchange for leniency.
Anonymous and its offshoots, including LulzSec and AntiSec, focused initially on fighting attempts at internet regulation and the blocking of free illegal downloads, but have since taken on other targets including Scientology and the global banking system.
Anonymous, and LulzSec in particular, grabbed the spotlight in late 2010 when they launched what they called the "first cyber war" in retaliation for attempts to shut down the Wikileaks website.
Last week a 26-year-old British man pleaded guilty to carrying out cyber attacks on targets including Sony and Nintendo as part of LulzSec while using the online persona of a 16-year-old girl named Kayla.