June 23, 2011
When the Stuxnet computer worm severely damaged Iran’s nuclear program, many Americans cheered. We should also fear cyberattacks coming at us.
The International Monetary Fund in Washington, D.C., was hacked this past week. The top suspect? China.
The week before, the White House. More than 100 senior Obama administration officials found that their private gmail accounts were targeted by China-based hackers, an administration spokesman told The Wall Street Journal.
The FBI and the Department of Homeland Security are investigating. The attacks have been traced to Jinan, home to China’s army cyberunit.
The various recent hacking attacks are not isolated events. Foreign hackers continue to hunt for government secrets and hope to crash financial computer networks.
Our enemies have wanted to wage cyberwar against our markets and our government for a long time.
Osama bin Laden bragged in 2001 that al-Qaida is “aware of the cracks in the Western financial system as they are aware of the lines in their own hands.” In February 2011, al-Qaida’s magazine Inspire repeated the threat to attack U.S. financial markets via computerized trades — leading the FBI to brief Wall Street firms about potential risks.
China has been linked to bevy of cyberattacks. The Pentagon defends against thousands of attacks per month against its servers. In March, European Union headquarters were hit on the eve of a major summit. The French finance ministry was penetrated that same month. Earlier this month, South Korea’s government servers — which provide Internet access for top officials — was hacked. Human-rights activists interested in China report similar attacks.
Each of these attacks left an electronic trail back to China.
Certainly cyberattacks against federal officials and financial markets are increasing and increasingly sophisticated.
Gone are the days when Chinese hackers would send strange emails in poor English. Now the attackers pose as people known to their targets and refer to topics or people of mutual interest.
In one 2008 attack, hackers sent emails to participants of a Defense Department conference under the name of a bona fide presenter. The email attachment promised a copy of his PowerPoint slides. When clicked on, a hidden program scanned the contents of the victim’s hard drive.
The White House cyberattack reached hundreds of people, mostly current and former government officials.
While no government emails were compromised, private email accounts (hosted by Google) were.
Sometimes officials break the rules and discuss sensitive subjects in personal emails, which are exempt from congressional subpoenas and the Freedom of Information Act. The officials hope to keep their emails from Republicans and reporters. Those conversations are believed to be the attack’s aim.
And the targets are not limited to governments. Nasdaq has been compromised last fall. Last week’s cyberattack on the IMF was so vast that it took officials days just to map the invasion and take countermeasures.
Beyond spying, China or terrorist groups may also be waging what a recent Pentagon report calls “financial terrorism and economic warfare.”
This comes on the heels of an earlier Pentagon study (“Economic Warfare: Risks and Responses”) that speculates that the 2008 market meltdown — which cost American investors some $13 trillion in wealth — was worsened by offshore naked short-selling raids on Wall Street firms, particularly Bear Stearns and Lehman Brothers. While the sources of those raids cannot be traced, a Pentagon study suspects “economic warfare” by nations like China or groups like al-Qaida.
In response, the House version of the National Defense Authorization Act directs the military to find and plug the holes in the nation’s financial and security networks.
The vulnerability of Wall Street’s electronic trading and settlement system to foreign manipulation is shocking.
Despite 2008 regulatory reforms, settlement failures are rising again. A settlement failure is what traders call it when buyers or sellers fail to provide the agreed-upon stock or cash to complete a transaction. Persistent settlement failures in exchange-traded funds (ETFs) have been as high as $7 billion per day, according to The Economist. ETFs are entirely computerized, with all of the perils that implies. After the “flash crash” of May 6, 2010, which was largely driven by computerized trading, the U.S. Joint CFTC-SEC Advisory Committee on Emerging Regulatory Issues reached this ominous conclusion: “Even in the absence of extraordinary market events, limit-order books can quickly empty and prices can crash” because of computerized high-frequency and algorithmic trades.
Imagine a computer virus designed to wipe out your retirement savings and sink our economy.
The flash crash may have been a test run.
It is high time for the federal government to trace these cyberattacks and strengthen our computer networks, both federal and financial, against an electronic 9/11.
Richard Miniter is the author of the New York Times best-seller “Losing bin Laden: How Bill Clinton’s Failures Unleashed Global Terror” and of “Mastermind: The Many Faces of the 9-11 Architect, Khalid Shaikh Mohammed.” Miniter’s website is www.richardminiter.com.