CircleID

In case you missed it, last Thursday, May 6, we saw a remarkable day on the stock markets. The day started off with some selling which went down neat and orderly. Suddenly, around 2:40 pm eastern time, the market started selling off rapidly taking huge hits in in the span of 30 minutes. It was an incredible ride and at one point, the Dow Jones average was off 1000 points for the day, the largest drop in history (though not the largest percentage drop). It was kind of like October of 1987. A number of stocks plummeted to less than a dollar per share. Yet within a few minutes, the market recovered and what was a 7-8% decline was a mere 3% decline. Not bad if you're a day trader.

Of course, the question now is how did this happen? Why did this happen? Nobody really knows for sure. Some speculate that it was a typo and that some trader wanted to sell a million shares but accidentally entered in a sell order for a billion. Some speculate that the orderly decline hit a level and then a bunch of computerized trading algorithms all executed at the same time hitting a bunch of sell orders, and then at such low prices a bunch of buy orders kicked in (maybe a bug and everyone uses the same algorithms?). Some speculate that maybe it was a message from Wall Street to Congress that Wall Street still has some cards in their hand that they can play and to not get too ambitious with financial regulation. Or maybe it was a cyber attack from an outside source that kicked it all off?

The Associated Press ran an article last Sunday with homeland security and a counter terrorism advisor saying that there was no evidence of a cyber attack behind the huge drop:

WASHINGTON (AP) — The White House's homeland security and counterterrorism adviser says there is no evidence that a cyber attack was behind the chaos that shook Wall Street last Thursday.

John Brennan told "Fox News Sunday" that officials have uncovered no links suggesting that cyber attacks caused turbulence that sent the Dow Jones industrials plunging almost 1,000 points before staging a partial recovery at the end of the day.

If this was a cyber attack, it would be quite a serious cyber attack. A hostile intruder would need to break in and either do one or a combination of the following:

1. Flood the market with massive amounts of sell orders and drive stocks down.
2. Short sell the stocks in order to drive them down, but this depends on the intruder being able to borrow stock in order to short it. Naked shorting is a possibility but I don't know if you could get away with that and not leave a big paper trail.
3. Exploit a bug in the exchange's (Nasdaq or NYSE) trading software that made it look like there was huge trading going on but in reality it wasn't. The goal in this case isn't necessarily to cause a loss in shareholder wealth but to create mass panic and confusion. If this was the case, then creating such mass panic and confusion could be a diversion for a physical attack elsewhere.

The last one is probably the more fanciful because it would require a major bit of co-ordination amongst multiple groups and would require a lot of pre-operational planning. But one would think that someone doing this type of reconnaissance work would have a large financial backing. That financier, presumably, would have a lot of their own wealth tied up in the US stock markets (and global markets, too). So, launching a cyber attack to take down Wall Street and affect the American markets would have the unpleasant side effect of knocking down your own wealth, too. You'd be cutting your nose to spite your face.

But like I say, the more likely explanation, in my opinion, is that a bunch of large blocks of traders had algorithms that all executed sell orders simultaneously based off an already skittish market (Greek debt). If there were bugs in that software that an intruder exploited, that would cause a lot of firms to re-examine their security policies, or perhaps perform an audit.

By Terry Zink, Program Manager. Visit the blog maintained by Terry Zink here.

Related topics: Cyberattack, Security