I have recently been thinking about stock markets and possible attacks on them; Die Hard 4 (http://en.wikipedia.org/wiki/Live_Free_or_Die_Hard), Hackers and any number of hacker movies have some very complicated looking system with great looking Angelia Jolie lookalikes or other attractive people who have these super elite skills and can hack the Gibson or do some increasingly complex attack to bring the main system down etc.
These attacks are certainly entertaining and also complex, and have a greater likelihood of being detected and also failing. What if there was a simpler way to launch attacks without directly attacking the market itself?
Let's look at day-traders as an example:
An attacker could conceivably put a link on a legitimate vendor page that re-directs clients to a malicious piece of software (for a temporary period of time) or offer a 'free' version that works just as well.
These attacks are certainly entertaining and also complex, and have a greater likelihood of being detected and also failing. What if there was a simpler way to launch attacks without directly attacking the market itself?
Let's look at day-traders as an example:
- When launching trades, you need to use trade execution software
- Most of these pieces of software are proprietary in nature and supplied either by brokerages or independent software houses
- Since these pieces of software have a smaller market share, I began to think about how many people actually check to see whether the software they are downloading is really what it is supposed to be. How many people actually check the md5/sha-1 hash to see if there is a match?
An attacker could conceivably put a link on a legitimate vendor page that re-directs clients to a malicious piece of software (for a temporary period of time) or offer a 'free' version that works just as well.
Another plausible scenario could have an attacker flooding various message boards and other locations that he/she is leaking a great new algorithm that is similar to or used by traders at a large firm like Goldman and watch to see how many people download this just to get an edge in their trading strategies.
This malicious code could behave in a manner similar to which the the user expects or remains dormant until several trades have gone through and when the traders funds are in their account, execute its own trades and transfer an amount to a another brokerage or western union account.
If these transfers are randomized or if the malicious code monitors the traders' behavior and carries out transactions that appear similar to the traders own activity, or deletes itself after x number of successful trades or transfers, this can make things much more difficult to detect.
This comment has been removed by a blog administrator.
ReplyDeleteI’m hacker and Services provider
ReplyDeleteintersted in any thing i do fair deals.
I will show work how things work
Short Course hacking, carding, clone ATM Card
.. Western Union transfer
.. Bank Transfer
.. Credit Cards
.. Money Adders
.. Bill Payment
.. College Fee
.. Fake Documents /ID, License
.. Grade Change / Update
.. Credit score / history update
Contact:
t0r.netw0rk@yahoo.com
WOW great post I am very happy to be here and read this post is really very nice thanks
ReplyDeleterarbg mirror proxy
extratorrent mirror proxy
limetorrents mirror proxy
torrent vpn free
FRESH&VALID SPAMMED USA DATABASE/FULLZ/LEADS
ReplyDelete****Contact****
*ICQ :748957107
*Gmail : groothighx@gmail.com
*Telegram : @James307
*Skype : Jamesvince$
<><><><><><><>
USA SSN FULLZ WITH ALL PERSONAL DATA+DL NUMBER
-FULLZ FOR PUA & SBA
-FULLZ FOR TAX REFUND
$2 for each fullz/lead with DL num
$1 for each SSN+DOB
$5 for each with Premium info
ID's Photos For any state (back & front)
(Price can be negotiable if order in bulk)
<><><><><><><><><><><>
+High quality and connectivity
+If you have any trust issue before any deal you may get few to test
+Every leads are well checked and available 24 hours
+Fully cooperate with clients
+Any invalid info found will be replaced
+Payment Method(BTC,USDT,ETH,LTC & PAYPAL)
+Fullz available according to demand too i.e (format,specific state,specific zip code & specifc name etc..)
<><><><><><><><><><>
+US cc Fullz
+(Dead Fullz)
+(Email leads with Password)
+(Dumps track 1 & 2 with pin and without pin)
+Hacking & Carding Tutorials
+Smtp Linux
+Safe Sock
+Server I.P's
+HQ Emails with passwords
<><><><><><><><>
*Let's do a long term business with good profit
*Contact for more details & deal
****Contact****
*ICQ :748957107
*Gmail: groothighx@gmail.com
*Telegram :@James307
*Skype : Jamesvince$