$10M in 10 Minutes? – Security Implications of UAL Bankruptcy Snafu

By: Danny McPherson -

Unless you’re living under a rock, it’s likely you’ve already shaken your head at least once today at the impact an archived, 6 year old newspaper article had on United Airline’s (UAUA) stock today.  If you are living under a rock, then read this.

For anyone even remotely security minded, reading stories like this bring so many attack vectors to mind that one could ramble for hours, but since, coincidentally, I’m about to jump on a UAL flight to LHR in a couple minutes, I’ll just share a couple thoughts.  

Given the near immediate reaction of “leaks” in today’s Internet age, much less misinformation, and certainly [not] “old information”, one might surmise that an attacker could easily compromise a few targeted assets – not at a financial, or government, or exchange, but at a media outlet, and cause significant potentially cascading financial impact.  You could certainly buy stock and sell it short with such a ploy, or simply buy low and sell high (given Nasdaq’s “the rest of the trades will stand” response) – with trading volumes we’ve seen here, a couple million dollars might easily fly under the radar!

I asked a journalist-type friend of mine on IM a moment ago what he thought about this and he replied “That’d never happen here!” – then he quickly recant and stated “Well, at least, let’s hope it never happens.”

With yet another express lane into financial gain, I’d suspect this won’t be the last you’ll be hearing regarding employment of such an attack vector…

Comments

  1. Ever read Fyodors “Sendai’s Story”?

    http://insecure.org/stc/

    Eye opening… cmon’ we’re not even talking about Scheier’s terrorism competition here!