NASDAQ Halt: System Glitch or Hack?

In our modern world, where we’re all hyper-sensitive to the relentless onslaught of cyber-attacks, any time a major site, service or piece of infrastructure stops working properly, the immediate speculation is that hackers are to blame.

On the afternoon of Thursday, Aug. 22, the NASDAQ exchange halted trading for nearly 4 hours. The exchange publicly identified the root cause of the issue as being related to trouble with the Unlisted Trading Privileges (UTP) Securities Information Processor (SIP) quote dissemination system.

What we don’t know at this point is why there was trouble with the UTP SIP quote dissemination system. Was it just human or system error? Or was it the action of a malicious actor?

Personally I’m not so sure. But let’s explore.

Chester Wisniewski, senior security adviser at Sophos, told eWEEK that anything at this point is simply speculation.

“There is no reason to believe this is hacker related, particularly related to DDoS,” Wisniewski said. “This doesn’t mean someone hadn’t infiltrated the NASDAQ’s network or planted malware within critical systems, but unless NASDAQ says more, it is purely speculative and not grounded in any facts.”

Stock exchanges have been a target for hackers before. In a session at the RSA security conference earlier this year, Ziv Gadot, Security Operations Center (SOC) team leader at Radware, had a talk titled, “Stock Exchanges in the Line of Fire—Morphology of Cyber-Attacks.” I spoke with Gadot at the time and asked him specifically about the big New York exchanges and the risk to them. In 2011, the NASDAQ Director’s Desk application used by the exchange to share information was in fact hacked by attackers, who planted an eavesdropping tool.

Again, no direct tie or official word here to the incident that occurred yesterday.

It’s also important to remember here that sometimes a technical “glitch” is just that. The NASDAQ quote dissemination system is a highly available system with extreme levels of concurrency and throughput. Every trader and trading system wants the same data at the same time, and sub-microsecond delays are not acceptable. It’s a very complex and sophisticated system. With that complexity, the risk of error (human or system) will always exist.

Sometimes, “a rose is just a rose” and perhaps that’s the case with the NASDAQ trading halt incident too. Time will tell.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.