Showing posts with label security. Show all posts
Showing posts with label security. Show all posts

Tuesday, October 5, 2010

"Flash Crash", Targeted Attacks And Global Security

Almost 6 month later of the "Flash Crash" on the stock market two agencies of USA (SEC/CFCT) have released an executive summary with the "official" explanation to this crash.

Basically, the Dow Jones drop around 10% on minutes, affecting heavily to a foreign markets and some companies. For example, this day Accenture (ACN) dropped its value from $30 to $0.01... in 7 seconds!

From $30 to $0.01 in 7 seconds (!)

Officially, the blame is over one company "Waddell & Reed" as seems that it started to sell a lot of futures contracts (around 75000) on the S&P 500 stock market without explanation. However, there are some dark points on the history (unexplained) like how the "market makers" were not able to keep the liquidity of the market on safe limits.

So now I saw a great flaw on all of this system, and I fear about a targeted attack from bad guys. You don't need to compromise a lot of companies. Only need to focus on small groups of investment companies, compromise successfully only one broker computer and wait...

Then, it is only required to trigger a "human error" that could make enormous profit for the bad guys. Imagine the ROI of buying 1 million of Accenture stocks at 1 cent, and then wait (5 min) until the markets recover from that. Yep, around x3000 boost (!). Sure a lot of people will invest millions to obtain this profit.

Luckily the famous Stuxnet focused on SCADA systems, because if it has been focused on the stock market we could have seen a complete different history.

Another good thing is that, after this "flash crash", some measures have been taken (Circuit Breaker) in order to mitigate things like that, but I'm don't know why I'm don't feel safe enough...