London Stock Exchange outage investigated as possible cyber attack
LSE maintains August downtime was the result of a software glitch
An investigation has been launched to discover whether a software glitch that knocked the London Stock Exchange offline in August was the result of a cyber attack.
In August last year, the LSE was knocked offline for 90 minutes, with traders unable to buy or sell. The outage was the longest in eight years at the exchange, and was at the time pinned on a software bug rather than a targeted attack.
6 best practices for escaping ransomware
A complete guide to tackling ransomware attacks
Now that version of events is under question, with security agencies reportedly investigating the outage with the belief it could have actually been a cyber attack, according to the Wall Street Journal. The LSE was contacted within the last two months about the incident by a British intelligence agency, which is examining whether the software in question was hacked to cause the disruption, perhaps during the systems upgrade that has been pointed to as the cause of the outage.
The report added that it's unclear if the investigation remains open or what has been uncovered.
A London Stock Exchange Group spokesperson denied the outage was caused by cyber attackers. "The incident was caused by a technical software configuration issue following an upgrade of functionality and was not a cyber security incident," a spokesperson said via an emailed statement.
“London Stock Exchange experienced a technical issue on the morning of August 16, 2019 that impacted trading in certain securities for one hour and forty minutes until it was successfully resolved," the LSE spokesperson said. "London Stock Exchange takes its commitment to run orderly markets for its members seriously and has thoroughly investigated the root cause of the issue to mitigate against any future incidents.
The National Cyber Security Centre, part of GCHQ, said in a statement provided by LSE that it was not investigating the August outage. “The NCSC has not treated the LSE outage as a cyber security related incident and has not investigated it as such," a spokesperson said.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
If the incident did prove to be the result of hackers, the LSE wouldn't be the first to fall victim. In 2013, a Chicago metal exchange was targeted in a cyber attack, while last year the Hong Kong Stock Exchange's regulatory disclosure site was knocked offline by hackers, leading to shares being suspended.
Reports suggest that such incidents have sparked the Pentagon's research division, DARPA, to work with traders to find weak spots in such financial systems to avoid disruption.