What Happens in Berlin Doesn’t Stay in Berlin
Nasdaq shut down for 3 hours yesterday, the second electronic trading SNAFU of the week (the first being the Goldman option fiasco). The problem? Another example of the effects of a SLOB (simulacrum of a limit order book). One of the links in the US SLOB is the SIP (Security Information Processor) connecting NYSEArca and Nasdaq. This sends information about quotes from one exchange to the other. This information is necessary to link the markets: in order to prevent locks and crosses, and to direct orders to the best priced market, each venue needs to know the quotes at the others. According to Nasdaq, irregularities in the SIP were causing problems with its system, so it shut down to prevent a more catastrophic failure.
Moral of the story: links are major points of failure in a SLOB. (Though it is interesting to note that on the same day Globex was displaying crossed markets in the bean complex, and Globex is a true CLOB not a SLOB. But trading continued.)
My first thought on hearing of the shutdown was a SLOB problem. My second was hacking. There has been a spate of stories of late about exchanges being major potential targets of hackers/cybercriminals.
This is one of the reasons why I take an interest in Appelbaum, Snowden, Anonymous, etc. Exchanges, and financial infrastructure generally, are major targets of these psychopaths for at least a couple of reasons. First, some are just criminals, who like Willie Sutton target banks and the like because that’s where the money is. Second, the hacker movement is a hotbed of anti-capitalist ideology that motivates attacks on capitalist institutions.
Meaning that the defenses of our financial infrastructure are vitally important. And this is another source of major concern, which the Snowden affair puts front and center. Infosec workers are recruited from the same milieu as the hackers. The membrane between hackers on the outside and supposed defenders on the inside is very permeable. There is lots of talk about the color of hacker hats, but ethically and ideologically the distinctions between black, white, and grey hats are quite blurry, and the boundaries are transgressed often.
Snowden is a classic example of that. Former head of the NSA, General Hayden, said that perforce NSA and the government generally has to recruit from this group, but find ways to protect from those with a “romantic attachment to absolute transparency at all costs.” Yes, the transparency romantics are a potential problem, but I think they’re the least of our worries: transparency romanticism is often a public pose for those motivated by malign anti-US and anti-capitalist beliefs.
The narcissism and grandiosity that Snowden exhibits are also all too common in this community, both inside government and financial institutions, and outside. Indeed, there is a very strong and widespread tendency of these people to view themselves as superior in some way, and justified in acting as judge, jury, and executioner when it comes to the release of information, and operations against targets that violate their highly tuned-and self-righteous-moral senses. Again, Snowden is a perfect example: he arrogated to himself the ability to decide what was illegal and immoral. So did Bradley Manning, though he (and yes, he is still a he and he was a he when he made this statement, so I’m passing on the Chelsea thing) repudiated that in his pre-sentencing statement.
Indeed, this is a common theme in the infosec community. Take a look at the attached video by a Pied Piper of this community, ex-priest (and, alas, University of Chicago grad) Richard Thieme. (H/t @libertylynx, who also raised many of the points below.) This guy is lionized in this community. He matters. He is viewed as the voice of many. Check out the fawning, personality cultish comments to the video.
Thieme basically asserts that infosec specialists answer to a higher law, in part because there is a nexus between law enforcement and criminality, and in part because traditional legal distinctions (e.g., foreign vs. domestic) have been obliterated by technology and shadowy, scary supra-state actors. Check out the rants around minute 32:00. And for a dose of virulent anti-bank rhetoric, which really has to be heard to be believed, fast forward to minute 43 or so.
You know that there are infosec people in banks-and exchanges-who idolize this guy, and buy into his message. The message is banks are criminal. The government is criminal. So it’s not criminal to attack them. Indeed, one can be justified in doing so. Yes, many of the would-be attackers are on the outside, but as Snowden shows, there are inevitably many on the inside. And some on the inside have no problem in dealing with Appelbaum and the like. Case in point, an infosec guy I interacted with on Twitter until he blocked me. (Thin skin seems to be another occupational hazard.) He would countenance no criticism of Appelbaum.
Meaning that the most dangerous threats to exchanges and financial infrastructure may be those who are hired to defend them.
So this is one of the reasons I write about Snowden, and Appelbaum, and Assange, and Greenwald, and the rest of this crowd. Their agendas and connections need to be understood-and broadcast. For these avatars of transparency are notoriously protective of their own activities and connections. Given the inevitability that some of those to whom they are connected are on the inside of vital financial and government institutions, this is a matter of grave concern. And a matter that mainstream journalism has been shockingly negligent in investigating and reporting.
Appelbaum and Poitras are in Berlin now, and Berlin-land of the Pirate Party-is arguably the epicenter of this community. But it is an international community, and what happens in Berlin doesn’t stay in Berlin. It could be coming to a bank or exchange near you. If it hasn’t happened yet, it’s not for lack of trying, or the lack of potential acolytes within these very institutions.
Interesting piece. It put me in mind of the Cambridge Five and similar spies during the Cold War. People who in effect spied for Russian Imperialism, but claimed to be motivated by the higher good.
I remember when Blunt explained that he had protected the other Cambridge spies because he had a “choice between betraying his friends or his country” and I was amazed that so many people swallowed that whole.
What Blunt carefully didn’t say was that his real choice was between betraying four friends and betraying his country plus all his other friends, some of whom would certainly have ended up dead or in prison if Russia had actually won the Cold War.
To me, the underlying theme to these people is that they have an obsession with being exceptional in something, and if they can’t be exceptional in a legitimate way, they will find a pretext to justify being exceptional in a criminal way, and often a criminal way that ends up harming a large number of people.
Comment by jon livesey — August 23, 2013 @ 2:25 pm
I’ll say it again: reconstitute the House Committee on Un-American Activities. With a vengeance and the extreme prejudice.
Comment by LL — August 23, 2013 @ 3:25 pm
There is lots of talk about the color of hacker hats, but ethically and ideologically the distinctions between black, white, and grey hats are quite blurry, and the boundaries are transgressed often.
But all and sundry better than asshats – the SWP Hive.
I’ll say it again: reconstitute the House Committee on Un-American Activities. With a vengeance and the extreme prejudice.
“The” extreme prejudice? LOL. The sovok rears its head.
Comment by S/O — August 23, 2013 @ 3:29 pm
Whoa-an intense desire to be revered as special when objectively one has no special abilities or qualities. That hits a lttle too close to the quick for S/O and his fellow peddlers of pseudo-intellectual hogwash. Too close because it is spot on.
Comment by pahoben — August 23, 2013 @ 4:33 pm
@pahoben. ZING! Bullseye.
@jon livesy. Exactly. “Obsession with being exceptional.” That’s what I was trying to get at when I mentioned “narcissism and grandiosity.” The basic psychopathy of all to many of these people. Appelbaum and Assange are the exemplars of this. They want so desperately to be known-idolized in fact. They want their deeds to be legend. But since many of their deeds are illegal, they have to tread a very thin line on what they reveal. Just enough so that people can know what they’ve done-but not enough to go down for 25 years.
And then they enlist glorious causes (“transparency romanticism”) to rationalize/justify their psychopathy.
@S/O. Projection is usually pretty obvious. Certainly in your case it is. I know pahoben’s comment is gonna leave a mark. Don’t worry, it will fade with time. When that happens, just come back and someone will lay the wood to you again.
Interesting that you mention Willie Sutton’s quote. Wiki mentions a related maxim that doctors are taught: “When you hear hoofbeats, think of horses not zebras.” When you see a breakdown in a financial market, think incompetency by bankers not commie transgender hackers.
Comment by aaa — August 24, 2013 @ 12:36 am
Speaking of Bradley Manning, I was somewhat surprised to learn he grew up a few miles from my hometown, where his mother is from, and the town of my birth. Weird coincidence.
Comment by Tim Newman — August 24, 2013 @ 9:59 am
The model I was thinking of was Herostratus, who set fire to the Temple of Diana in Ephesus in order to become famous. 356BC, so not a modern idea.
Comment by jon livesey — August 26, 2013 @ 2:54 pm
@aaa-who gave you that rating? S&P? Moodys? Not a big fan of ratings, AAA or anything else.
But maybe your handle means anti-aircraft artillery.
Hmm, well, I’m a very big critic of Snowden and Jacob Appelbaum and I think he should return to the US for questioning by the WikiLeaks Grand Jury and any other relevant law enforcement, but I don’t think he shut down the NASDAQ for three hours yesterday with sekrit tools he purloined from the NSA in his latest revealed non-Snowden stache. He’s supposedly on vacation in Thailand now.
I guess every nail fits a hammer, though.
“Commie transgender hackers” (oh my!) can sometimes be anti-state and anarchist (communist really does go together better with anarchism than in did in Lenin’s day). They are definitely anti-capitalist and anti-Western in a kind of hypothetical, hysterical but very uneven way. Naturally, these people want to be able to go to the ATM and have it work to withdraw their own paychecks, which in the case of Appelbaum used to come from the DoD which funds 60% of Tor Project — and may still.
The problem with this sort of hysterical talk, especially when delivered with factism as it is here, is that it makes it easy for Snowden critics to be discredited as loons. You have to show your work. If you are implying that Jake or his friends or anybody at the CCC with their reprehensible views actually take action and sabotage banks, you have to show at least a call for this. I’ve seen a professor in London in their Twitter followers call for “the next step” being to “go after the banks” once last year, but I don’t see it as a formal action plan. The formal action plan at 30c3 was to call on all systems administrators to sabotage their employers’ computers and to leak documents. “Go in and get the ball and bring it out,” Jake said very clearly. It was clear as his call to programmers in the NSA to leave their jobs and come over to the hackers’ side. And as we know, that call worked, and they got Snowden. But there wasn’t a call about banks. That’s not to say that hackers issue programmatic statements before every hack, but it’s worth studying, just as one has to study the various things about Al Qaeda carefully.
Now, are there people watching Jake on Youtube who are now bringing down the NASDAQ? Well, I’d like a little more substance on this.
Comment by Catherine Fitzpatrick — January 9, 2014 @ 1:53 pm
Catherine. Yours is an extremely distorted characterization and analysis of what I actually wrote. A fair reader will know that instantly.
If you follow exchanges at all you will know that in the electronic trading era cybersecurity and hacking are first-order concerns.* It is probably the greatest single concern exchange executives and regulators have. Every exchange is targeted every day. Sometimes the breaches succeed. Sometimes the successful hackers are Russian. A simple Google search will turn up numberless articles on the subject generally, and specific examples.
Late last year regulators in the US and Europe required exchanges to wargame their preparations for a cyberattack.
All meaning that to any close observer like me, or even a casual observer (which you obviously are not) would immediately consider a cyberattack to be a possible cause of an exchange outage.
I then made a segue. Do you understand that concept? I did not accuse Snowden or Appelbaum or anyone else as the attacker. I used the Nasdaq incident to motivate a discussion of one reason for my interest in people like them. That is, one reason I am interested in hackers-and these two are certainly the most notorious, if not the most important true hackers-is because hackers are so interested in exchanges. Anyone reading what was written in the post, rather than projecting what they wanted to see, would see that immediately.
Further, I specifically said that the Willie Sutton motive was the most important, but I then argued that there is also reason for concern that ideologically motivated people–people that you have been warning about for years, which you will admit if you are honest–may want to attack exchanges for ideological, anti-capitalist reasons. I made no logical leap. Given the stated intent to attack capitalist institutions, and the nexus between criminal hackers and these ideological types, this is clearly a real risk.
Insofar as “showing my work” is concerned, give it a rest. Yes, we all know that hackers announce all their action plans to the world. So therefore-obviously-the fact that Appelbaum never said “go and attack banks and exchanges” means that no hacker anywhere is even considering such a possibility. I used Appelbaum, and Snowden, and Thieme as representatives of a mindset that could readily decide to attack financial institutions. I in no way implied, insinuated, or claimed that they were responsible for any attack on a financial institution. They are representatives of a milieu that has the motive and the capability to do so.
And wouldn’t you know, Some ideologically motivated hackers do announce their plans to attack banks to the world. Anonymous tried to hack NYSE, but called it off, saying their plans had been compromised. And Sabu had a chat (not announced to the world) about trying to hack into high frequency trading systems. I could go on.
And insofar as “showing your work” and showing “a little more substance” is concerned: which of your conjectures about Tor, the Navy, etc., have been proven? Can you show me your work on that?
In sum, you grossly distort what I wrote. Given your longstanding criticism of Appelbaum, the fact that you are willing to defend him as a way of criticizing me is truly amazing. You are evidently so intent on attacking your newest betes noir (@libertylynx and me, whom you attacked in a long and incoherent blog post this morning) that you are willing to ride to Jake’s defense. Too bizarre. And your projection . . . you talking about hysterical talk.
Relatedly, I find it amusing that after you ostentatiously unfollow, or block, me and @libertylynx last night, you are still obsessively following our tweets and responded within minutes to a tweet linking to this post.
I am ready to have a serious discussion, but that requires you to represent what I write honestly and fairly. Your comment fails on those scores.
*And I do follow exchanges closely. I am one of the world’s leading scholars on exchanges, and did some of the earliest economic research on electronic trading. This blog, in fact, started as a place for my commentary and analysis of exchanges. Look at the background graphics. That’s the Chicago Board of Trade in Chicago. I know exchanges. So I know that to suspect a possible hack when an exchange goes down is eminently reasonable.
1. I think you’re really over the top with these allegations. Perhaps you are under a lot of stress. I don’t follow the financial issues in which you and the Times are embroiled now; I tend to think they are wrong and politicized, but you are also extreme in your views as I’ve often found.
2. Everyone gets it about hackers. They destroy everything. Steven Levy, author of Hackers, openly gloated during Hurricane Sandy and retweeted what he thought was “news” that Wall Street was 10 feet under water. It wasn’t. He was almost loathe to correct himself. I truly get it about hackers.
3. Russia is the greatest hacking/sabotage/cybersecurity concern to the EU — bar none. Its attacks overwhelm attacks from every other source by huge orders of magnitude. It is also financially corrupt. But as I said, you have to show your work. Your hasty and glib implications here that lead people in the comments then to rant on are just too bloggy for your own good. You don’t make your arguments well in that mode.
4. The greatest enemy in hacking terms of the US is China; Russia is right up there as 2nd. But when we see the hacking tends to be about financial gain and not KGB-style sabotage, your argument today is kind of undercut.
5. I’m glad you’re walking back your implication that you follow Snowden because the Snowdens and helpers of the world attack banks and could be behind this one yesterday — it’s an odd way to phrase things, because surely it isn’t just banks which are important to you but everything else about civilization. And you don’t know it was them.
6. It’s odd that suddenly I have to be frog-marched into “admitting” something or I’m “not honest”. Indeed, that is precisely what you just said. Sorry, but I prefer not to. I’m happy to admit many bad things about hackers I can see in front of my eyes and which have probable cause. I don’t know that NASDAQ’s outage was a hack, or the Russians, or Snowden. Your pal LibertyLynx is tweeting past stories showing Russians who hacked for financial gain — millions — as somehow “proof” that this hack is Russian and related to Snowden or the Kremlin somehow. Well, maybe, but — show your work.
7. I went to the Occupy camp in NY a number of times and interviewed these people in person. Did you? I have written arguably way more than you have about their actual ideological statements. Their ideologues truly believe that they should grab from the rich and take down the government. It’s odd that you think I need to be convinced of this. But I need to see some evidence that their statements — especially when their camp is broken up now and they are scattered — now led to actions. And yeah, I get it that hackers don’t always send out greeting cards to announce their actions and their meaning. They are like some terrorists.
8. My work on Tor and the Navy has been amply documented. I’ve published reams on it. There are plenty of documents in the open to see on this. The Navy is behind Tor and still behind it, that’s surely not something you object to. Syverson, Dingledine and others share the idea of essentially taking civilians as cover for their espionage, without regard to any criminal issues. I don’t need to “prove this,” they say so. It’s not ethical. The statements they make against the government, calling for sabotage, disavowing democratic government — it’s all on the record. What part of Tor and Navy do you not get? Funny how you can be happy to imply that NASDAQ was hacked by these people on the drop of a dime, but when you’re shown blog after blog from me that after a major funding dispute and some challenges, after more scrutiny, we got the FBI raids of Silk Road and the child pornography ring — and then Snowden documents saying Tor is uncrackable even though it was massively compromised, that nothing is shown. In fact, what is shown is that there is a war, a war for power through encryption. You don’t seem to understand what kind of war this is.
9. I don’t “defend Appelbaum.” I just point out that, um, he’s on vacation in Thailand, or so he says, and I don’t think he hacked NASDAQ, which I think would require some proximity, unless of course he has an NSA zapping device.
10. Oh, yes, I definitely unfollowed and blocked both of you because I don’t want to see you spouting in my feed and see all your other hateful tweets directed at people for the damnedest of things, like supporting the minimum wage (!). But sure, if I see from a re-tweet or a search that I’m still being maligned, I’m happy to answer.
11. One of the things you keep doing in your dispute with the New York Times — and it was a technique Foust used all the time too — was to accuse your detractors of not reading what you write, not representing what you write accurately, or not understanding what you write. And that sort of argument never, ever works. Again, show your work. Make the argument itself again if you have to. Impugning stupidity or malign motives of text distortion are beneath you.
12. I appreciate your keen sense of textual fidelity. Then maybe you could surf over on to your pal LibertyLynx’s TL and point out that in fact she has never invited me for coffee (in a DM either); that’s a lie. Ever. In her life. She knows that. She also knows when I write in a tweet that you did not bring anything to the table on the PGB discussion, that means just that: on that discussion, period. Indeed, that’s exactly what it said. Her deliberate whiny and hysterical distortion of my words into a fake claim that I said you brought nothing in general, or your main finance work wasn’t a contribution or some nonsense like that — well, they just self-discredit. So practice your textual fidelity on her first, she has an obvious need. People on Twitter need to realize that that sort of whiny forums game they practiced in the early days of the Internet just doesn’t fly any more.
13. I’m glad to hear your educated opinion as an exchange specialist that you think hackers are “eminently reasonable” for the NASDAQ outage and not “cold weather” or “vendors”. I don’t find it persuasive.
14 Interaction with you and LL is so unproductive and has yielded so little insight or even data lately that I can’t really continue to engage. No doubt I will read your TLs from time to time or your blog. LL would have a lot more credibility if she wrote a coherent thought on a blog. But she may not be capable of that.
Comment by Catherine Fitzpatrick — January 9, 2014 @ 5:06 pm
Catherine Fiztpatrick says: “9. I don’t “defend Appelbaum.” I just point out that, um, he’s on vacation in Thailand, or so he says, and I don’t think he hacked NASDAQ, which I think would require some proximity, unless of course he has an NSA zapping device.”
To which I must reply: Are you drunk or just dumb? One shouldn’t waste time on your incoherent ramblings or fantasies regarding your non-existent expertise but #9 is particularly stupid since A. The post was written in August and B. There is no implication of Jacob Appelbaum being involved in the hack or suspected hack. Yes, exchanges are hacked with some discouraging frequency. When you sober up, you should consider actually reading the post and watching the attached video. It’s obvious you did neither and that you have considerable issues in addition to lacking basic comprehension skills.
Comment by L2 — January 9, 2014 @ 8:42 pm
@L2. Since when does hacking require physical proximity? Don’t tell the Chinese! Or the Russians!
And besides, like you say, Catherine is continuing to flog the Big Lie by claiming that I blamed Appelbaum for the Nasdaq hack, which is obviously bullshit, as anyone who can read can figure out.