Authors: Mark Russinovich
I cannot emphasize this more forcefully.
cc: POTUS
DAY ONE
MONDAY, SEPTEMBER 10
NYSE EURONEXT SECURITY REACHES NEW LEVEL
By Arnie Willoughby
September 10
Bill Stenton, director of NYSE IT Trading Platform Security, has confirmed a rollout of new security measures designed to make trades within the Exchange the most secure transactions in the world. In public comments Saturday, Stenton said, “There are two realities in security trades in the 21st century. The first is they must take place with great rapidity, as this is a digital world and traders will settle for nothing less. The second is that trades must occur within a system that is completely secure. We believe the NYSE Euronext system provides both of these [requirements].”
He went on to describe in general terms the scale of the measures now routine within the trading platform’s software. Special software continuously seeks out anomalies as well as attempts at penetration. “The software is continuously updated to keep it current and to provide the best trading platform possible. To assure its near seamless operation, we are constantly searching for what we call hiccups in the system. These [hiccups] appear most often when we are merging new subsystems with existing ones.”
Regarding attempts at penetration, Stenton admitted that the problem is ongoing. “We have the most sophisticated security system in the world. I cannot recall a single instance in which anyone penetrated our first wall, let alone the subsequent security measures. You can trade with absolute confidence.”
Asked about the recent appearance of a common malware bot on one of its Web servers, Stenton dismissed the incident as insignificant. “The security of the system was never in doubt.” Despite Stenton’s assurances, knowledgeable sources expressed reservations. “The presence of a bot on a public site of this significance should be a wake-up call, but I fear it is not,” said one informed source who asked to remain anonymous.
Henry Stolther, a frequent NYSE critic and publisher of the
Stolther Report,
responded to Stenton’s comments, focusing on the speed of trades within the system. “The NYSE has moved too rapidly into accelerated trading,” he said. “The Exchange is competing in a highly competitive industry and wants to make its system as user-friendly as possible. As a consequence, certain abuses now possible with current computing power have gone largely unregulated.”
Asked if he was referring to high-frequency traders, Stolther said, “Absolutely.”
READ MORE
:
STOCK EXCHANGE
,
NYSE
,
TRADING PLATFORM
,
SECURITY
US Computer News, Inc.
1
WATERFALL GLEN FOREST PRESERVE
DARIEN, ILLINOIS
8:13
A.M.
Vincenzia Piscopia, known as Vince to his American colleagues, sat on the cool gray boulder, feeling more than a little strange. He’d never done this before and was now having second thoughts. He glanced about the small clearing. He was alone. Maybe I should just go back home, he thought, pretend this never happened.
Vince was thirty-four years old and had spent his entire life in the digital age. Though he hiked as often as possible, he was a trifle overweight and soft. Computers and the Internet had always formed an integral part of his life. He even made his comfortable living as an IT operations manager for the New York Stock Exchange, working out of the Chicago IT office. Originally from Milan, Italy, where he’d been employed by Siemens, he found he enjoyed America more than he’d expected. His only real complaint was of his own doing—he just didn’t get out very often.
Vince had always been a nerd, and social media formed the greatest part of what passed for his social life. He tweeted, maintained two blogs—one on life in Chicago for an Italian expat, the other about computer security, a particular obsession of his—and he’d been one of the first 100,000 to have a Facebook account. He’d seen the value of Facebook from the beginning and had opened his account almost from the day the company launched. Between his iPad, iPhone, and home computer, it seemed to him that when he wasn’t sleeping or working, he was social networking.
Even on his long solitary hikes, he brought along his iPhone and had a connection nearly everywhere. He wasn’t alone in that regard. Just the week before, he’d hiked some six miles on this very trail, found a lovely spot to take a meal, and while sitting there had checked for messages. Just then, he’d heard a chirp. Not twenty feet away, he spotted a woman of middle years answering her cell phone. He’d just shook his head at the incongruity of it all—then texted a few replies of his own.
But today was different. Vince was here to meet someone. It was all very twenty-first century, he’d told a colleague at work. And while for others this sort of thing happened from time to time, for Vince it was a first. As a result, he found himself fretting about his appearance. He’d been honest with the photographs he posted on Facebook, and Sheila had assured him that she was as well.
He wasn’t concerned, though he knew that Facebook friends were often disingenuous in that regard. He’d know soon enough if Sheila was the stunner her photos showed, or a fake. If the latter, they’d hike a bit, and then, once he returned to his apartment he’d unfriend her. That would be that.
And he’d never do this again.
It was a bit cool for September, but Vince liked the typically brisk Illinois autumn. He found it invigorating and at moments like this, on a remote trail far from the popular routes, he could imagine himself back home. He was getting cold and zipped his Windbreaker up higher. From nearby came the gentle murmur of a stream.
It was Sheila who’d suggested they meet on a Monday when there’d be few hikers and that they take this moderate hike in the DuPage County forest preserve. He’d been pleased that it was one she knew about, since it was already his favorite. The nine-mile trail snaked around the Argonne National Laboratory, the loop passing through rolling woodlands and savannas, the contrasting scenery adding to the charm. Though all but within the Chicago suburbs, the preserve had a very rural feel.
The main trail was layered with crushed gravel, and it crested a few difficult hills. There were usually hikers such as himself, joggers, and those training for marathons. The only negative was that horses were permitted on the wide pathway, and they brought with them their unique problems; which was why Vince preferred the smaller side trails where the horses didn’t go.
He heard movement and turned with anticipation. But instead of Sheila, there was a man, another hiker. Vince smiled and nodded a distant greeting. The man nodded back and continued toward him.
Their exchanges had started just the week before. Sheila was the friend of a friend on Facebook. She lived in Chicago and also worked in IT. A few messages established how much they had in common, so they’d switched to e-mail. Sheila had spent a summer in Europe after university, backpacking locally in some of the same places Vince knew. She took her work in software security seriously, and from the first complimented his blog. She’d never been married and had no children. In fact, she’d never even lived with a man, she told him. Like Vince, she worked long hours, and at twenty-nine had decided it was time to get out more.
The other hiker stopped where the trail widened. He was tall, physically fit, with fair hair. He placed his foot on one of the smaller boulders and slowly retied his shoelace. When finished, he lifted the other foot and repeated the process.
Vince thought about the man’s presence for a moment, wondering if it was good or bad. Sheila had suggested this quiet location off the main trail for their first meeting, hinting for the first time at the possibility of romance by mentioning how she often came here alone, wishing someone special were with her.
He chuckled at his thoughts getting ahead of reality. He was about to see a woman he’d first met on Facebook, that’s all. The other hiker meant nothing. You don’t have a private romantic rendezvous on a public hiking trail, he told himself.
Vince scanned back along the trail and saw no one new. He frowned, pulled out his iPhone, and checked for messages. Nothing.
He glanced up. The hiker was finished. He smiled as he approached the Italian, looking as if he were about to say something. That’s when Vince spotted the heavy branch held loosely in his hand.
“Have you seen this?” the hiker asked just as he reached Vince.
Vince looked up into the man’s face, then quickly at the upraised branch and only in that final second of his life did he realize what the branch meant.
2
NEAR WALL STREET
NEW YORK CITY
10:17
A.M.
In the dimly lit room, the frosty glow of flat-screen monitors bathed their faces in a silver light. One of the men licked his lips in anticipation. The other stared keenly at his screen as his fingers raced across the keyboard.
They’d been at this for three intense weeks. Neither had said as much to the other, but both believed that today they’d succeed in penetrating the New York Stock Exchange trading system—at last. First they’d speculated over whether it was even possible. For the last few days, they’d been certain it was.
Once they infiltrated the system, they’d be free to do anything they desired. They’d be able to change whatever they wanted at will, free to bring trading to a halt, free to let it run amok, free to alter billions of dollars in transactions—free to loot any account, anywhere, with impunity and in secret.
Theirs would be digital financial power of nearly unimaginable dimensions. And their electronic trail would be hidden within tens of millions of lines of code and terabytes of monitoring and audit logs.
For all the time they’d worked on this assault, it was not so long as each of them had spent in previous similar operations. Though access and speed were vital components of the Exchange, so too was security. It was essential that its digital walls be perceived as impenetrable, and so the Exchange presented itself to the trading public as a model of security. It could afford the best and brightest and claimed to employ only the most up-to-date and finest security technology.
Which, of course, was nonsense. The so-called walls resembled those of a fortress castle of the Middle Ages, designed and constructed to withstand any siege. Until the invention of the cannon, such fortresses had rarely succumbed to so direct an attack. Instead, when they fell, it was most often because of a vulnerability to an assault team, often no more than two or three men, who found their way beneath, over, or around the outer wall, then through the subsequent protective labyrinth until they’d identified a weak point and exploited it. With that access, they’d leverage the security open and admit the besieging army.
So it was for them as well—except that they were both the assault team and besieging army folded into one.
For these last weeks, the two had probed, managing to approach the core of the NYSE Euronext network from every angle their skill and knowledge allowed. When their efforts had proved a dead end, they retreated and tried again.
But the time had not been wasted, for they’d established which servers they could reasonably expect to compromise. They then spent hours scouring internal Web sites and file servers, scanning documents, spreadsheets, and group user directories. Using bits of information—some from a file here, others from a report posted on a team collaboration site there—they’d determined who in the company had access to these same servers, how they accessed them, and what systems they used.
The work had been tedious, but they were well suited to it, and the time passed quickly. And despite all the setbacks, days of them at a stretch, there’d been steady progress. A fragmented view of the internal organization of the Exchange and its IT infrastructure emerged, like a jigsaw puzzle only partially complete. Systematically they gathered, analyzed, and cataloged every piece of information and document they encountered, as they couldn’t know what detail might prove helpful to them in time.
Once they’d mapped promising paths through the system to their goal, they attempted to inject themselves into points on those paths. In that, they’d had help. Vulnerabilities in software the Exchange used were publicly reported, so instead of crafting a hole on their own, they explored to discover a zero day opening or if the Exchange had failed to patch any bugs. They’d found no zero day opportunities but did find vulnerabilities in at least one application used internally by the Exchange. Their continued efforts led them to code written by FirstReact, a cybersecurity research company that discovered and reported bugs to the Exchange for a substantial fee.
Even then, their attempt at penetration failed with the first three servers they’d targeted. But they persisted and at last hit upon what they’d sought, what they’d been certain would exist if only they persevered. One of those well-educated, highly paid, bright minds on the NYSE Euronext IT team had yet to seal a vulnerability. That was all they’d needed to ooze through the inner workings of the Exchange’s network, and from there it hadn’t taken long to locate a path to the doorway of the trading engine systems. Today, as anticipated, they’d managed to plant their code on that doorway known as a jump server.
Neither had said a word when they realized what they’d done. It was in many ways a sublime moment, best savored privately. After a short pause, one of them began to determine the extent of their penetration, as there was much yet to be done, more barriers to surmount, a complex of security measures to bypass. It would all be demanding, but they had the lever bar in place. When they pressed, it would create a yawning hole they’d exploit relentlessly. Finally, with a sigh of satisfaction, one of the men pushed himself back in his chair and said, “We’ve got them.”