The temporary shutdown Wednesday of New York Stock Exchange trading, United Airlines flights, the Wall Street Journal website and other U.S. business activity likely was the result of a major cyberattack from China, according to a cyberwarfare intelligence analyst who contracts with the U.S. government and a chief investment officer who consults daily with cyber intelligence sources.
The New York Stock Exchange claimed the problem that caused a halt to stock trading for more than three hours was an “internal technical issue” and “not the result of a cyber breach,” while a Department of Homeland Security told CNN there is “no sign of malicious activity” at the NYSE or with the earlier outage experienced by United Airlines.
But the intel analyst, who has sources throughout China and around the world and asked not to be named for security reasons, said that on its face, the confluence of “glitches” doesn’t add up to coincidence.
“I have been in this business way too long to believe in coincidences. I hear such a thing may happen, but I have never seen one,” he told WND in a telephone interview Thursday.
He explained that the “mission-critical systems” of major corporations and governments have communications, power, processing and storage redundancies built in that allow for a seamless “hot swapover” to keep them running if one part of the system is incapacitated.
“The odds of failure of three systems like this, simultaneously, are in the trillions to one,” he said of the NYSE, United Airlines and the Wall Street Journal.
“Mathematically it is possible,” he added. “But it is also possible for the sun to turn bright red.”
A cyber attack, he explained, is designed so that the redundant systems cannot take over.
“Glitches can happen, but the entire design philosophy behind building an enterprise-design architecture is to prevent a single glitch from dropping the whole system,” he said.
“Three high-end, redundant design systems failing in short order – the odds of that are astronomically low.”
The analyst said his sources around the world – including in Egypt, Russia, the Netherlands and Taiwan – all point to a cyberattack from China.
Jeffrey C. Borneman, chief investment officer of Rampart Portfolio Partners LLC in Stamford, Connecticut, told WND he exchanges information daily with cyber warfare experts and intelligence sources who told him the shutdowns Wednesday were the result of an attack.
“It was a very coordinated attack,” he told WND in a telephone interview. “God bless United Airlines, who foresaw this coming years ago and moved their operation to Canada. That’s why they were only down for an hour.”
Borneman said he specializes in metals, defense, energy and food precisely “in anticipation of yesterday’s events and more.”
He said the attack on the NYSE was “overt.”
“For them to be down three hours, it means the attack was substantial. This wasn’t a hiccup. They get 25,000 attacks an hour, but this one really hit them hard,” he said.
Borneman said the State Department and Homeland Security erred in immediately declaring to the public it was not a deliberate attack.
“For them to come out and say it’s absolutely not a terrorist attack causes everybody to think, ‘Well if you don’t know what it was, how do you know it was not a terrorist attack?'” he said.
“So, they’re really playing on our general ignorance.”
In a Twitter message, the NYSE said Wednesday it “chose to suspend trading to avoid problems arising from our technical issue.”
NYSE corporate communications spokeswoman Sara Rich declined to comment on the record on the allegations of a cyber attack, referring WND to a statement issued Thursday morning pinning the blame on the rollout of new software.
The NYSE said the initial release of the software was deployed on one trading unit, according to standard practice, and “as customers began connecting after 7 am on Wednesday morning, there were communication issues between customer gateways and the trading unit with the new release.”
Asked to respond to the official explanation, the cyber intelligence analyst told WND that if true, the NYSE violated Sarbanes-Oxley Act regulations requiring that “mission-critical applications” be rolled out on a test network before being put on the production server.
“You test it in the lab first,” he said. “It’s required to have a patching and test management plan before you put it in production.”
WND reported former CIA analyst Peter Pry, currently director of the congressional advisory Task Force on National and Homeland Security, questioned the official explanation for the NYSE shutdown.
“Are they telling the truth? Industry likes to think that denial will help make the threats go away,” he said. “They do not like to admit vulnerability to the public or to the government, which undermines consumer confidence and invites regulation. On the other hand, if NYSE is telling the truth, and the cyber breakdowns are not malicious, just a consequence of incompetence, this is even worse.”
Meanwhile, the Obama administration acknowledged Thursday that hackers stole Social Security numbers, health histories and other highly sensitive data from more than 21 million people. Believed to be the largest data breach in U.S. history, it follows the disclosure earlier this year that hackers stole records for about 4.2 million people from the Office of Personnel Management’s personnel database.
Officials have privately linked both intrusions to China, according to the National Journal.
Borneman said his sources traced attacks Wednesday on the NYSE and other U.S. targets to China, Russia and the area of Germany formerly under the communist East German government.
Separately, the intelligence analyst, affirming attacks originated in China, explained that cyber attacks often are routed through Eastern Europe, where there are hackers who rent out “botnets.” A botnet, which releases malware in a computer network, can hand over control to a third party.
He told WND that according to his sources in China, the attack was commissioned by investors with large stakes in Chinese government enterprises who sought to manipulate U.S. stocks and recover major losses recently incurred in the Chinese stock market.
He described the culprits further as “a small group of wealthy people who are highly leveraged and have control of technical companies who have a lot of smart people working for them.”
“They have their own hacking division, basically in charge of getting competitive information out of the rest of the world,” he said, noting the Chinese government doesn’t prosecute companies for stealing information.
Three weeks ago, he said, institutional investors pulled out of the Chinese market because the central government had been running it up artificially.
Two weeks ago, China drastically cut the reserve rates – the amount of cash banks must hold in accounts in relation to the amount they can loan out – to prop up the market a little longer.
He noted that unlike the U.S., China allows margin buying, the purchase of an asset by paying the margin and borrowing the balance from a bank or broker.
As stocks have dropped dramatically – 20 percent in just the last few weeks – the lenders want their money back.
“If you’re faced with a margin call and need to come up with tens of millions in the next 72 hours, an easy way to do that is to take some of the liquidity you have, you make a short bet against a U.S. company and then you hit it with a cyber attack,” he explained.
“As the stock price drops you make money on the short sell,” he said.
“It’s a very easy, very criminal way to make a lot of money, with almost no effort.”