Five Eyes watch NZX cyber attack
The fightback against the cyber attack on New Zealand’s NZX sharemarket will now involve security agencies of other Five Eyes countries.
Professor Dave Parry, from AUT’s Department of Computer Science, said: ‘‘With GCSB involved this will almost certainly be involving other international agencies as well, which is the way to shut this down.’’
Normal trading in shares and bonds was disrupted between Tuesday and Friday as a result of a sustained cyber attack, and it’s believed a ransom demand has been made to NZX by cyber criminals.
On Friday, Finance Minister Grant Robertson announced the GCSB, which is a government agency with duties including protecting New Zealand’s national security from cyber-borne threats, began working with NZX to end the attack.
Cyber attacks on vital government and civil institutions were a big concern to New Zealand’s Five Eyes intelligence partners Australia, the United Kingdom, United States and Canada, Parry said.
‘‘The Five Eyes will be very interested to see if there’s any long-term threat from the groups involved, whether it’s criminal gangs, or whether it includes government or pseudo-government groups,’’ he said.
Australia accused China of being involved in growing cyber crime against Australian institutions earlier this year, and began a massive investment in cyber-security capability.
Andrew Little, minister responsible for GCSB, said: ‘‘Around the world other stock exchanges could be in situations like this. It’s natural for there to be sharing of information.’’
Parry felt sympathy for NZX, which he believed was far more susceptible to Distributed Denial of Service (known as DDoS) attacks than other critical service providers like utility providers through no fault of its own.
US-owned technology news site ZDnet has reported that the cyber crime group targeting the NZX offline has been attacking several financial providers around the world, demanding payment in bitcoin to call off its attacks.
ZDnet said the attackers had gone by names including ‘‘Armada Collective’’ and ‘‘Fancy Bear’’ and usually emailed ‘‘huge ransom demands’’ to victims.
Parry said the people behind the attack may have targeted NZX calculating that the business, and New Zealand authorities, would respond more slowly and less effectively than if it had targeted a stock exchange in the US or UK, though other targets of the criminals are reported to have included money transfer services PayPal and Worldpay and YesBank India, ZDnet said, citing a source.
‘‘America, the UK, Australia ... most Nato countries would have extremely close relations with stock exchanges,’’ Parry said.
‘‘If NZX had the resources of the US government and NSA behind it, it would have been harder.’’
Little described the cyber attack on the NXZ as a ‘‘wake up call’’ for organisations to ensure they had safeguards in place against cyber attacks.
But, he said: ‘‘The reality is our telecommunications networks are privately-owned. The GCSB has got powers under the telecommunications interception, capability and legislation to assist, but in the end it’s the owners of those networks, working with their customers to take steps.’’
GCSB could provide advice, Little said.
But, he said: ‘‘It can’t make the investment decisions of the private owners, the Sparks, the Vodafones as well as the others and their customers.’’
Parry expected the attack on the NZX would lead to a behindthe-scenes review in government of whether New Zealand’s defences against cyber attacks needed improving.
Parry expected many of the details of the attack to remain secret forever, though he expected it would be shared with other trusted overseas security agencies.
NZX and Spark would have been working over the weekend to prepare defences to counter continued attacks, he said, but he would not be surprised to see the attacks continue to disrupt its operations next week.
NZX remained tight-lipped about work under way to defeat the cyber attack, or whether it was confident trading in shares and bonds would not be disrupted again when markets open today.
NZX chief executive Mark Peterson issued a statement on Friday evening assuring the public that the stock exchange’s systems had not been breached.
‘‘This is a systems connectivity issue not a data or communication integrity issue,’’ Peterson said.
The NZX was working with its internet provider, Spark, along with the GCSB and other national and international cyber-security experts.
‘‘Given that this is an ongoing response, NZX will not be providing detail on the nature of the attacks or counter-measures. We are directly communicating with our stakeholders and market participants and will continue to update them as necessary.’’
The attack on the NZX had caused some disruption to KiwiSaver providers, but no KiwiSaver money was at risk, fund managers said.