London Stock Exchange Outage: A Cyberattack? By Iran?

Secret sources say a London Stock Exchange failure might have been caused by a security breach. GCHQ, the “British NSA,” is said to be investigating a possible inside job involving a bogus software update.

Despite official denials, the ever-present “people familiar with the matter” are whispering that what at first appeared to be a fat-finger glitch a few months back actually might be a supply-chain attack. And it all sounds rather nation-state-y.

If so, which state could be responsible? In today’s SB Blogwatch, bloggers make a wild, unsubstantiated stab in the dark.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Free energy!


2+2=5?

What’s the craic? Anna Isaac reports—“Was London Stock Exchange hit by cyberattack?”:

 UK government agencies are examining whether a trading outage … at the London Stock Exchange in August may actually have been caused by a cyberattack … according to people familiar with the matter. … The incident … the worst outage in eight years, immediately triggered government cyber alert systems, according to the people.

The LSE is a key contributor to London’s financial pre-eminence. … It is also the global leader in clearing trillions of dollars worth of derivatives contracts. … If the outage was caused by an attack, the aim may have been to cause market disruption and undermine confidence.

An LSE spokesperson denied that the incident was cybersecurity related, attributing it to a “technical software configuration issue.” … She added that the LSE “has thoroughly investigated the root cause of the issue.”

And Jon Fingas adds—“GCHQ isn’t fully convinced the failure was due to a glitch.”:

 The GCHQ intelligence agency is … reportedly taking a close look at the associated code, including time stamps, to determine if there was any suspicious activity. The exchange was in the middle of updating its systems when the outage happened, and there’s a fear this left systems open to attack.

The exchange contracts development out to third-party teams. … There’s a risk that the inadvertent spread of malware or rogue contractors could pose problems.

So they suspect a supply-chain attack? Gareth Corfield pours cold water—“Rumours of our probe into … ’cyberattack’ have been greatly exaggerated”:

 GCHQ [has] denied that they are investigating a cyber-attack on the London Stock Exchange. … The National Cyber Security Centre, GCHQ’s cyber defence offshoot which normally does this sort of work [said] “The NCSC has not treated the LSE outage as a cyber security related incident and has not investigated it as such.”

While it is certainly possible that GCHQ and its cuddly public-facing arm are publicly denying the existence of an investigation, perhaps to keep a potential attacker in the dark, an on-the-record denial could be interpreted to point the other way. … Following the US assassination of an Iranian general … GCHQ may have other things on its corporate mind.

Ain’t that the truth? Mark Joseph Marks’ words: [You’re fired—Ed.]

 The U.S. must brace for Iran to launch bold cyberattacks designed to cause major financial damage or threaten American lives as retaliation for the killing of one of its top generals, cybersecurity experts say. … Iran may be willing to cross dangerous boundaries in cyberspace.

Iranian hackers could launch attacks that shut down electricity … destroy important financial records or disrupt hospital or transportation systems. … Experts are also warning Iran could launch widespread [ransomware] attacks.

Iran has routinely tested the boundaries of what it could get away with in cyberspace, including pummeling U.S. banks after the Obama administration imposed new sanctions in 2012. … Researchers have already spotted a surge in suspicious posts drumming up pro-Iran sentiment. … Bogus claims of an additional airstrike against an Iraqi air base were also spreading on Twitter. … The activity echoes previous Iranian information operations.

But aren’t we getting ahead of ourselves? Shannon Jacobs keeps digging:

 I think the most optimistic we can be about a precision response would be if the Iranians seriously targeted our drones. … I think there are a number of relatively inexpensive approaches that could end the era of increasingly unrestricted drone warfare.

OK, but what can we do to prepare? viraptor suggestifies:

 Unless you manage large enterprise IT, not much. Do the usual things: Ensure backups are running, update software. For a consumer, it doesn’t matter if their laptop stopped working because of spilled water, or someone hacking them, and the steps to recovery are the same.

Larger orgs, especially related to infrastructure or national services may be specifically targeted. They know what their weak points are.

But what they’re afraid of and how they deal with that is going to be specific to their systems. I guess the only common thing for “brace for cyber warfare” is: talk to your peers about weird new things you see.

On the other hand, carvalhao foresees false-flag operations ahead (but not in the way you might think):

 Now there’s the perfect cover for any cyberattacks or cyberdefense probing by adversaries of the US. Do all you want, leave a trail leading back to Iran.

Great time for Russia or NK to play around.

Still not worried? Yashar Ali—@yashar—shoots from the hip:

 This will be a major moment in US-Iran relations & Supreme Leader will undoubtedly see this as a major provocation/act of war. … Equivalent to another country killing US Vice President.

We shouldn’t be surprised to see major cyber attacks. … We should expect to see the most significant/aggressive response.

For those who think Iran will respond with just traditional warfare, you’re wrong.

Meanwhile, DeanOh makes a totally non-partisan point:

 I pity the poor ******* who ends up with the task of attempting to explaining anything about “the cyber” to this POTUS.

And Finally:

Don’t try this at home, kids

Previously in And Finally


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Hate mail may be directed to @RiCHi or sbbw@richi.uk. Ask your doctor before reading. Your mileage may vary. E&OE.

Image source: Office of preservation and publication of the works of Ayatollah Seyyed Ali Khamenei (cc:by)

Featured eBook
SANS 2019 Threat Hunting Survey: The Differing Needs of New and Experienced Hunters

SANS 2019 Threat Hunting Survey: The Differing Needs of New and Experienced Hunters

SANS threat hunting experts Mathias Fuchs and Joshua Lemon capture the different needs within organizations that are just starting their threat hunting journey, versus those who are honing their skills and programs. Read the report to help grow your program and improve threat hunting with: Definitions of threat hunting Methodologies of performing threat hunting Spending … Read More