Over the course of several hours on July 8, 2015 a series of failures occurred that have media outlets speculating over the connection of events.
First a failed network router in United Airlines’ reservations system, which feeds into the airline’s operations network, made necessary a full groundstop of all United and Continental flights worldwide. United resumed flight operations after the failed hardware was identified and replaced.
Shortly after United shut down flight operations, technical difficulties within the New York Stock Exchange caused the NYSE Group to suspend all trading for nearly four hours. In an interview following the event, the stock exchange president said that the problem was identified and fixed, allowing trading to resume shortly after 1500 local time. The NYSE Group has an investigation in progress to determine what caused anomalies that led to suspending trading activities; and the NYSE president declined to provide specifics regarding what may have been identified, although an overnight software upgrade may have been involved. He did say that there were no indications that the problem originated from external sources.
Some media outlets have reported that at 2045 local time on July 7 a tweet appeared from an account named Anonymous (@YourAnonNews) that said, “Wonder if tomorrow is going to be bad for Wall Street - we can only hope.” Speculation over involvement of hackers associated with the Anonymous hacktivist collective raised concerns that the computer network anomalies resulted from a cyber attack.
At approximately 1030 local time in Cranston, Rhode Island the power went out at the Pastore Complex, which affected operations at all offices and state government agencies in the complex including the Division of Motor Vehicles, the Department of Labor, and the Department of Corrections. Backup generators provided power to vital systems, but not air conditioning or computer systems. Reports indicate that the outage did not extend beyond the Pastore Complex; and the reported cause of the outage was an electrical short beneath the complex. Power was restored shortly before 1400 local time.
Within the same time frame as the other incidents, the websites operated by the Wall Street Journal and Zero Hedge were taken down for several hours by unidentified entities. Both sites came back online with no apparent damage.
Analyst comment:
All of the identified incidents have the geographic connection of being on the East Coast of the U.S., with the addition of United Airlines’ groundstop involving worldwide operations. While true coincidences are rare and a common threat source cannot be ruled out, Pinkerton finds it likely that a connection exists between the downed websites but not the rest of the incidents. With that said it is possible that the power outage in RI was not spontaneous, as it affected Rhode Island’s Department of Corrections among other state agencies.
Until the full investigation of the New York Stock Exchange’s technical difficulties is completed and made public, it is possible that the problem was man-made although it cannot be known with certainty at this time. The United Airlines computer network failure could have been a malicious attack; although the airline also had computer-related technical difficulties in June that caused its flight operations to shut down for a few hours. Both of those incidents involving United could have been test runs by a malicious or militant group, intended to identify responses and reaction times for future attack planning; although it may not ever be known if that was the case.
None of the incidents on July 8 caused significant damage; but if any of them could serve as trial runs to gauge responses, any actions taken or discussed publicly by the companies and agencies involved will have been identified. Pinkerton finds it unlikely that Islamist militants associated with al-Qaeda or the Islamic State (IS) currently possess the necessary combination of sophistication and reach to conduct all of the disparate incidents that occurred on the East Coast on July 8. However, Pinkerton recommends that all companies ensure that their
cyber security measures are current and fully employed, and business continuity and contingency plans are up to date.
Prepared by: Victoria Allen, the United States
