Home / Blogs

No Cyberattack on Wall Street

In case you missed it, last Thursday, May 6, we saw a remarkable day on the stock markets. The day started off with some selling which went down neat and orderly. Suddenly, around 2:40 pm eastern time, the market started selling off rapidly taking huge hits in in the span of 30 minutes. It was an incredible ride and at one point, the Dow Jones average was off 1000 points for the day, the largest drop in history (though not the largest percentage drop). It was kind of like October of 1987. A number of stocks plummeted to less than a dollar per share. Yet within a few minutes, the market recovered and what was a 7-8% decline was a mere 3% decline. Not bad if you’re a day trader.

Of course, the question now is how did this happen? Why did this happen? Nobody really knows for sure. Some speculate that it was a typo and that some trader wanted to sell a million shares but accidentally entered in a sell order for a billion. Some speculate that the orderly decline hit a level and then a bunch of computerized trading algorithms all executed at the same time hitting a bunch of sell orders, and then at such low prices a bunch of buy orders kicked in (maybe a bug and everyone uses the same algorithms?). Some speculate that maybe it was a message from Wall Street to Congress that Wall Street still has some cards in their hand that they can play and to not get too ambitious with financial regulation. Or maybe it was a cyber attack from an outside source that kicked it all off?

The Associated Press ran an article last Sunday with homeland security and a counter terrorism advisor saying that there was no evidence of a cyber attack behind the huge drop:

WASHINGTON (AP)—The White House’s homeland security and counterterrorism adviser says there is no evidence that a cyber attack was behind the chaos that shook Wall Street last Thursday.

John Brennan told “Fox News Sunday” that officials have uncovered no links suggesting that cyber attacks caused turbulence that sent the Dow Jones industrials plunging almost 1,000 points before staging a partial recovery at the end of the day.

If this was a cyber attack, it would be quite a serious cyber attack. A hostile intruder would need to break in and either do one or a combination of the following:

  1. Flood the market with massive amounts of sell orders and drive stocks down.
  2. Short sell the stocks in order to drive them down, but this depends on the intruder being able to borrow stock in order to short it. Naked shorting is a possibility but I don’t know if you could get away with that and not leave a big paper trail.
  3. Exploit a bug in the exchange’s (Nasdaq or NYSE) trading software that made it look like there was huge trading going on but in reality it wasn’t. The goal in this case isn’t necessarily to cause a loss in shareholder wealth but to create mass panic and confusion. If this was the case, then creating such mass panic and confusion could be a diversion for a physical attack elsewhere.

The last one is probably the more fanciful because it would require a major bit of co-ordination amongst multiple groups and would require a lot of pre-operational planning. But one would think that someone doing this type of reconnaissance work would have a large financial backing. That financier, presumably, would have a lot of their own wealth tied up in the US stock markets (and global markets, too). So, launching a cyber attack to take down Wall Street and affect the American markets would have the unpleasant side effect of knocking down your own wealth, too. You’d be cutting your nose to spite your face.

But like I say, the more likely explanation, in my opinion, is that a bunch of large blocks of traders had algorithms that all executed sell orders simultaneously based off an already skittish market (Greek debt). If there were bugs in that software that an intruder exploited, that would cause a lot of firms to re-examine their security policies, or perhaps perform an audit.

By Terry Zink, Program Manager

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet




Sponsored byDNIB.com

New TLDs

Sponsored byRadix

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC

Threat Intelligence

Sponsored byWhoisXML API


Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global