Cybersecurity

Trust The GOP, Do You?

Well, read this:

Political data gathered on more than 198 million US citizens was exposed this month after a marketing firm contracted by the Republican National Committee stored internal documents on a publicly accessible Amazon server.

The data leak contains a wealth of personal information on roughly 61 percent of the US population. Along with home addresses, birthdates, and phone numbers, the records include advanced sentiment analyses used by political groups to predict where individual voters fall on hot-button issues such as gun ownership, stem cell research, and the right to abortion, as well as suspected religious affiliation and ethnicity. The data was amassed from a variety of sources—from the banned subreddit r/fatpeoplehate to American Crossroads, the super PAC co-founded by former White House strategist Karl Rove.

Deep Root Analytics, a conservative data firm that identifies audiences for political ads, confirmed ownership of the data to Gizmodo on Friday.

Twitter Pushes Back On Trump Administration

Twitter filed a lawsuit against the Department of Homeland Security and the Department of Customs and Border Protection today. Twitter seeks an injunction barring them from asking for the identity of the person behind @alt_uscis.

It’s not clear what legal reason the Trump administration is seeking to identify @alt_uscis.  The @alt_uscis bio states: “Immigration resistance . Team 2.0 1/2 Not the views of DHS or USCIS. Old fellow drank russian soup.”  It could be a now-fired USCIS employee and they are looking for a leak, or maybe they just don’t like criticism.

Anyway, it is going to put this administration (as well as social media resistance) to a test.  Keep your eyes open.

Obama (Belatedly) Takes Action Against Russian Hackers

Moments ago, the Obama administration struck back at Russia, imposing sanctions against its intelligence apparatus and expelling 35 diplomats in retaliation for the alleged orchestration of hacking attacks designed to interfere in the presidential election.

The sweeping actions outlined by the White House three weeks before the new administration takes office include:

  • Shutting down two compounds, one in in Maryland and one in New York, “used by Russian personnel for intelligence-related purposes.”
  • Sanctions against the Russian intelligence services GRU and FSB, and four high-ranking officers of the GRU. The sanctions are also aimed at two suspected hackers, including one wanted by the FBI in two other cases, and three companies that allegedly provided support to the GRU’s cyber operations.
  • Releasing technical information about Russian cyber activity, “to help network defenders in the United States and abroad identify, detect, and disrupt Russia’s global campaign of malicious cyber activities.”

“These actions follow repeated private and public warnings that we have issued to the Russian government, and are a necessary and appropriate response to efforts to harm U.S. interests in violation of established international norms of behavior,” President Obama said in a statement.

In his statement, Obama said the U.S. had declared 35 Russian “intelligence operatives” persona non grata. The State Department said the 35 are diplomats “who were acting in a manner inconsistent with their diplomatic or consular status” and accused Russia of harassing U.S. diplomats overseas.

As of noon on Friday, the U.S. also will bar Russian access to two Moscow-owned “recreational compounds,” the White House said. No further detail was provided, but since 1972, the Russians have owned a historic estate overlooking the Chester River in eastern Maryland. They also own a recreation facility in Glen Cove, Long Island.

The White House said the actions will go beyond those announced Thursday.

“We will continue to take a variety of actions at a time and place of our choosing, some of which will not be publicized,” Obama said in his statement.  Meaning, covert stuff.

Here’s a poster:

And here’s the FBI White Paper on the issue:

Paul Ryan throws in muted support saying, “While today’s action by the administration is overdue, it is an appropriate way to end eight years of failed policy with Russia. And it serves as a prime example of this administration’s ineffective foreign policy that has left America weaker in the eyes of the world.”

Moscow was quick to respond:

And whose side will President-elect Trump take? Obama’s?  Unlikely.  Ryan’s (“About time you terrible Obama person!”)?  Or Russia’s (“Nyet!!”)?

Anyone want to guess?

He’s quiet now but I doubt that’ll last.

UPDATE: 

Let’s Face It: The Way We Classify Documents Is F*cked

Another reason it is hard to get all bent out of shape about the Clinton email “scandal” came to me moments ago in the form of a Tweet I read:

Yup.

We’ve got a system where things are overclassified, inconsistently classified, and incorrectly marked.

Look, it’s not like things got out there that are super super really secret.

What’s The Panama Papers All About?

The leak amounts to 2.6 terabytes of information — perhaps the largest whistleblower leak in history.  Also, it might topple a country or too.

So it might be interesting to learn what the Panama Papers leak is all about.

It starts with a company called Mossack Fonesca.  That’s a Panamanian law firm that has long been well-known to the global financial and political elite.  The firm’s operations are diverse and international in scope, but they originate in a single specialty — helping foreigners set up Panamanian shell companies to hold financial assets while obscuring the identities of their real owners. Since its founding in 1977, it’s expanded its interests outside of Panama to include more than 40 offices worldwide, helping a global client base work with shell companies not just in Panama but also the Bahamas, the British Virgin Islands, and other notorious tax havens around the world.  The Panama Papers are leaks from that law firm.

What’s a shell company?  Well, sometimes a person or a well-known company or institution wants to buy things or own assets in a way that obscures who the real buyer is. For example, companies don’t like to tip their hand to what they are doing, and the use of shell companies to undertake not-ready-for-public-announcement projects can be a useful tool.  Shell companies are often used for simple privacy reasons. Real estate transactions, for example, are generally a matter of public record. So an athlete, actor, or other celebrity who wants to buy a house without his name and address ending up in the papers might want to pay a lawyer to set up a shell company to do the purchasing.

Here’s another way to put it, thanks to a Reddit user:

When you get a quarter you put it in the piggy bank. The piggy bank is on a shelf in your closet. Your mom knows this and she checks on it every once in a while, so she knows when you put more money in or spend it.

Now one day, you might decide “I don’t want mom to look at my money.” So you go over to Johnny’s house with an extra piggy bank that you’re going to keep in his room. You write your name on it and put it in his closet. Johnny’s mom is always very busy, so she never has time to check on his piggy bank. So you can keep yours there and it will stay a secret.

Now all the kids in the neighborhood think this is a good idea, and everyone goes to Johnny’s house with extra piggy banks. Now Johnny’s closet is full of piggy banks from everyone in the neighborhood.

One day, Johnny’s mom comes home and sees all the piggy banks. She gets very mad and calls everyone’s parents to let them know.

Now not everyone did this for a bad reason. Eric’s older brother always steals from his piggy bank, so he just wanted a better hiding spot. Timmy wanted to save up to buy his mom a birthday present without her knowing. Sammy just did it because he thought it was fun. But many kids did do it for a bad reason. Jacob was stealing people’s lunch money and didn’t want his parents to figure it out. Michael was stealing money from his mom’s purse. Fat Bobby’s parents put him on a diet, and didn’t want them to figure out when he was buying candy.

Now in real life, many very important people were just caught hiding their piggy banks at Johnny’s house in Panama. Today their moms all found out. Pretty soon, we’ll know more about which of these important people were doing it for bad reasons and which were doing it for good reasons. But almost everyone is in trouble regardless, because it’s against the rules to keep secrets no matter what.

The leaked documents provide details on some of these piggy banks — uh, shell companies. They reveal shocking acts of corruption in Russia, hint at scandalous goings-on in a range of developing nations, and may prompt a political crisis in Iceland.

Here are a few of the highlights, with links to the full stories where you can read the details:

CfN7DrLXIAEwYTH

In a way, the fact that people use shell companies is not new, and it’s always been somewhat understood that there’s some underlying shenanigans behind these accounts.  Some of the shenanigans revealed by the Panama Papers involves nothing more than legal avarice.The name of Ian Cameron, the late father of British Prime Minister David Cameron, shows up in the Panama Papers, for example. Mossack Fonseca helped him set up his investment company Blairmore Holdings (named after his family’s ancestral country estate) in the British Virgin Islands, where, marketing material assured investors, the company “will not be subject to United Kingdom corporation tax or income tax on its profits.”

This particular kind of move is perfectly legal and doesn’t even involve any secrecy. It is entirely typical for investment companies whose employees all work or reside in New York, London, or Connecticut to be domiciled for tax purposes in someplace like the Cayman Islands.  Although when Bernie Sanders talks about this stuff, this is what he means.

On the other hand, there is shadier stuff.  One wealthy client, US millionaire and life coach Marianna Olszewski, was offered fake ownership records to hide money from the authorities. This is in direct breach of international regulations designed to stop money-laundering and tax evasion.

An email from a Mossack executive to Ms Olszewski in January 2009 explains how she could deceive the bank: “We may use a natural person who will act as the beneficial owner… and therefore his name will be disclosed to the bank. Since this is a very sensitive matter, fees are quite high.”  (It’s not clear with Ms. Olszewski has broken the law).

Meanwhile, as I write this, Iceland is going ballistic.  Protests throughout (below is a live YouTube stream) as the Prime Minister there refuses to resign:

Anyway, to be continued.

FBI Quietly Drops Lawsuit Against Apple

Remember that thing last month that I wrote about where the FBI wanted to force Apple’s help to break into an iPhone of the San Bernadino terrorist?

It was controversial in part because many thought that the FBI didn’t really need Apple’s help. Those people include Richard Clark. The former U.S. counterterrorism official and security adviser to the White House told NPR he believed the NSA could do it, no problem, but that the FBI was “not as interested in solving the problem as they are in getting a legal precedent.” Edward Snowden said the same via Twitter.

The FBI just proved them right (the Guardian):

The US government dropped its court fight against Apple after the FBI successfully pulled data from the iPhone of San Bernardino gunman Syed Farook, according to court records.

The development effectively ended a six-week legal battle poised to shape digital privacy for years to come. Instead, Silicon Valley and Washington are poised to return to a simmering cold war over the balance between privacy and law enforcement in the age of apps.

Justice Department lawyers wrote in a court filing Monday evening that they no longer needed Apple’s help in getting around the security countermeasures on Farook’s device.

No work on the third party that helped the FBI find the security breach.

Apple And The FBI Order

Interesting little development going on in the tech/privacy world and, depending on who you believe, a possible turning point for the better/worse.

After the San Bernardino shootings, the FBI seized the iPhone used by shooter Syed Rizwan Farook. The FBI has a warrant to search the phone’s contents, and because it was Farook’s work phone, the FBI also has permission from the shooter’s employer, the San Bernardino County Department of Public Health, to search the device. Legally, the FBI can and should search this phone. That’s not up for debate. If the FBI gets a warrant to search a house and the people who own it say okay, there’s no ambiguity about whether it can search the house.

But if the FBI comes across a safe in that house, the warrant and permission do not mean it can force the company that manufactures the safe to create a special tool for opening its safes, especially a tool that would make other safes completely useless as secure storage. That’s the situation that Apple’s dealing with here.

The FBI obtained an order from a California district court on Tuesday ordering Apple to provide “reasonable technical assistance” in cracking Farook’s passcode. The court order doesn’t flat-out demand that Apple unlock the phone, which is an iPhone 5C running iOS 9. Instead, the judge is asking Apple to create a new, custom, terrorist-phone-specific version of its iOS software to help the FBI unlock the phone. Security researcher Dan Guido has a great analysis of why it is technically possible for Apple to comply and create this software. (It would not be if Farook had used an iPhone 6, because Apple created a special security protection called the Secure Enclave for its newer phones that cannot be manipulated by customizing iOS.)

Apple quickly said it would fight the judge’s order. Chief executive Tim Cook called it “an unprecedented step which threatens the security of our customers,” and said the order “has implications far beyond the legal case at hand.” He published a message emphasizing that the company can’t build a backdoor for one iPhone without screwing over security for the rest:

In today’s digital world, the “key” to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.

The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.

Apple, Google and other technology firms in recent years have stepped up encryption — allowing only the customers to have “keys” to unlock their devices — claiming improved security and privacy is needed to maintain confidence in the digital world.

This has sparked a national discussion on weighing security against privacy.  Not a new debate — we’ve had that since 9/11.  But this relates to our smartphones, and so everyone has a strong opinion, it seems.  Republican candidates are coming down on the side of national security in a few that is somewhat contradictory of the anti-big-government stance they often take.  Again, nothing new there.

Let’s see if we can’t shake out this tree a little.

First off, here is the actual order.  Magistrate Judge Sheri Pym, a former federal prosecutor, relied on the All Writs Act, passed in 1789 (one of the first federal laws ever).  It has been used many times in the past by the government to require a third party to aid law enforcement in its investigation.

The order would require Apple (US) to create firmware to be loaded onto a specific phone to make it possible to do brute force password guessing. (Among a couple of other things, it would take away the maximum number of guesses to unlock the device.)

The significant thing about this case is that the FBI, minus any enforcing legislation, has gone and found itself a judge to order a company to do something.

Think about that — ‘ordering a company to do something’.  That is something arguably new in the current FBI approach.

The Apple case is remarkable in that it couches what the court views as “reasonable assistance” as basically breaking your own products.  Apple has quite rightly made the point that not only does this break company security and therefore customer privacy, but that if they create an exploit for the FBI, the vulnerability will be used by the likes of Putin and various repressive regimes.

Facebook, Twitter and Google have all voiced support for Apple‘s fight against a court order that Apple says would make iPhones less secure a,d it is not hard to understand why — they simply cannot run a global business if they are seen to do too many special favors for one government, the United States.

But is this really about privacy?  Do we as individuals really care about these things?  Let’s face it — we are now just little motors chuntering around creating metadata exhaust trails. The current conflict is not an argument about our privacy rights, since we seem to be content to leave ourselves all over the place (Facebook,. Twitter, etc.).  Rather, this might be a fight between governments and firms on how better to pin us down and hoover up the effluent we leave behind. You can see why they might all be getting testy about who gets what.

So I tend to think this is less about Apple preserving privacy for its owners, and more about it being seen in international quarters as subservient to the American government.  What will happen to the foreign markets of Google and Facebook and Apple and Android if it widely believe that one American judge can order these giant companies to invade one person’s privacy?

This is about the Benjamins just as much as about the privacy rights of people.

Hillary Clinton Apologizes For…. Something

ABC News:

Hillary Clinton on Tuesday told ABC News’ David Muir that using a personal email account while Secretary of State was a “mistake” and that she is “sorry” for it.

“I do think I could have and should have done a better job answering questions earlier. I really didn’t perhaps appreciate the need to do that,” the democratic presidential candidate told Muir in an exclusive interview in New York City. “What I had done was allowed, it was above board. But in retrospect, as I look back at it now, even though it was allowed, I should have used two accounts. One for personal, one for work-related emails. That was a mistake. I’m sorry about that. I take responsibility.”

This is the farthest Clinton has gone yet in offering an apology for her use of a private email server while Secretary of State.

For reasons surpassing my understanding, the email “scandal” has been around for a couple of months, supplanting the Benghazi scandal for Hillary Clinton which turned out to be nothing.

Every time I read about it, I feel like I should blog in depth about it, because it really seems to be a BIG DEAL.  But I haven’t figured out what the BIG DEAL is.

I go over to Fox News, who reports on this endlessly.  And while the chattering heads on, say, Fox’s “The Five” keep insisting that Hillary “broke the law”, I have yet to hear what that law is.  I’ll tell you what it LOOKS like.  It LOOKS like they are trying to catch Hillary in some kind of “You said that, NOW you say this” perjury trap.  It is investigating for the sake of investigating, because at SOME point, they will find SOMETHING that doesn’t jibe with what she has said.  It almost doesn’t matter what.  If she said it was rainy on January 5, 2011, and they find an email from that day saying it was sunny… well, then I guess we have “Rainy-gate”.  Anything to knock her down in the polls.

But seriously, Hillary Clinton broke no law.  She simply didn’t.  Yes, emails to and from her were on her own personal private server.  But that was not illegal.  The National Archives established protocols for preserving emails, but that’s THE NATIONAL ARCHIVES.  Their job is history, not security.  And obviously, there are security concerns, as well as investigative concerns (emails need to be preserved if there is a a Freedom of Information Act request, to give one example).

At first blush, it might LOOK like Hillary was trying to hide something, by keeping her emails off the government computers.  Except that… they WEREN’T kept off the government computers.  If she sent an email to a government email address, it was saved on that government server.  If she received an email from a government email address, it was saved on that government server as well.  And if she sent or received a person email, then it wouldn’t be subject to FOIA requests or pose a national security risk.

So it doesn’t really look that bad when you actually think about.

The second concern is security.  Clinton’s personal server (it is assumed) is not as secure as the State Department’s server (although the federal government has been hacked, and to our knowledge, the Clinton home server has never been hacked).  Did Clinton receive or transmit classified information?  Her foes say yes, completely overlooking the fact that at the time the information was sent or received, it WASN’T classified.  It is illegal for someone to “knowingly” receive a classified document or briefing and then turn around and send along that info in an unclassified email.  This, Clinton insists, did not happen, and there has been no evidence that this did happen.  (When you hear Clinton foes try to compare her to General Patraeus, this is the salient difference.  Patraeus KNEW the information he passed on to his paramour-writer friend was classified).

Some argue that some of the information received by Clinton, while not marked as “CLASSIFIED”, were of such sensitive nature that they were – I love this phrase — “born classified”.  Maybe.  Maybe to some.  But did Hillary know it at the time?  Did she even read all her email?  Who knows?

You see, part of the problem is there is no consensus in the government as to what is “classified” and what isn’t.  As Jeffrey Toobin explains in the New Yorker, while classified information is generally defined as anything with the potential to damage national security, in reality, “government bureaucracies use classification rules to protect turf, to avoid embarrassment, to embarrass rivals—in short, for a variety of motives that have little to do with national security.”  Since the process by which the government classifies information is a complicated and subjective one, it is impossible for someone to know today what will be classified tomorrow, and even whether it should be classified at all.

“Ah-HA,” say the Hillary foes.  If that is the case, then, as the nation’s top diplomat, Clinton should still have been well aware that some of the information she was hosting on her server was POTENTIALLY sensitive and would POTENTIALLY end up classified even before it was officially ruled as such. Put another way, Hillary might not have known which information would become classified but she SHOULD HAVE KNOWN some of it eventually would be.

Yup.

That’s where they got her.

And presumably, that’s what she has apologized for.

But once you digest all that, what did Hillary Clinton DO?  She committed an error.  That’s it.

This isn’t the crime of the century, like when she and her husband killed Vincent Foster and made it look like a suicide (joke).  This isn’t even a crime.  At worst, it was an error.

Unfortunately, it is an error which is being played out in drips.  That’s because the FBI is reviewing her email and releasing whatever is unclassified in small batches to the public.  Why?  I’m not sure.  There was no security breach of Hillary’s email account.  She was admittedly stupid for making that a (remote) possibility, but she didn’t hide the fact that she was using her own non-dot-gov email system.  Republicans and Democrats alike all knew her email address.  She wasn’t hiding the fact of her private server because there was nothing to hide.  It’s only NOW that people care, because it allows them to look inside.  She was stupid for having the private server if only because it gave her foes this opportunity.  But she can’t apologize for THAT.  So she apologizes for making an error.

Big whoop.

Ashley Madison Claims Its First “Celebrity” Victim

I’m not going to say who it was, although it is someone already “disgraced”.  And I put “celebrity” in quotes, because this guy is more of a reality show star, than an actual celebrity.

There is a certain schadenfreude at this “family values” guy being revealed as someone who cheats on his wife through Ashley Madison, but I think the bigger story is that his name was leaked at all.  The lesson to be learned from the Ashley Madison leak is NOT “don’t cheat on your spouse” (although you shouldn’t) — the lesson to be learned is be very careful what you put online.  No more secrets.

UPDATE:  Okay, since he has fessed up, I’m talking about this guy, who, in a statement today, calls himself the “biggest hypocrite ever”.

Ashley Madison Hackers Release Names

The Impact Team, the name of the group that hacked the Ashley Madison website (a site owned by Avid Life Media), has released the names, addresses and phone numbers — as well as a four-digit code that could be either partial credit card numbers or just user numbers — of the 37 million users of the cheat-on-your-spouse website.

But don’t rush to a website and start looking for cheaters in your social circles.  The data is available on the Dark Web, which is part of the Internet not readily available to just anybody. Basically, it requires software and technical knowledge that I don’t have, but the information is available, and some genius tech nerdos are probably poring through the leaked names at this very moment.

Who knows?  Maybe sometime soon you’ll be able to download all 9.7 gigs of information.  But before you get giddy — yeah, it does have the makings of some sort of modern fable in which wannabe cheaters get their comeuppance — just a standard reminder that if you download it and look through it for people you might know, there’s no turning back from that. And somewhere out there, there’s a database of stuff you do that you would prefer not get out there.

Here’s the announcement of the leak, which sets forth the particular objections of the hackers:

avid-life-media-impact-team-leak-Jj3258

This sounds like someone who was caught using Ashley Madison, and was pissed that they did not do enough to keep his account secret.

I don’t know the site, although when I read that it has 37 million users, I was astounded.  Then again, if the hackers are correct, that 37 million may be “fake”.  Who knows?

But it makes little difference what the site is for.  Revealing names and phone numbers and private information is a pretty serious felony.  And it should be.  This would be true whether the hacked site is Catfancy.com or Ashley Madison.

I wonder how many marriages are going to be damaged as a result of this.  Probably not very many, as long as it stays on the Dark Web.  I wonder if that will happen.

It seems there is some truth to the assertion that Avid Life Media was lax about cyber security:

Senior staff at Ashley Madison, the hacked extramarital dating site, were raising concerns over its security procedures as recently as June, just a month before the site was attacked.

Internal documents leaked as part of the attack show concerns over “a lack of security awareness across the organisation” being raised by one vice president.

This news story is messed up in about ten different ways.

On The Ashley Madison Hack

So, a few days ago, the website Ashley Madison was hacked and its 37 million customers could soon have their data leaked online by a crew calling themselves The Impact Team.  Ashley Madison, for the uninitiated, is a site that lets spouses cheat on their partners — kind of like a match.com for adulterers. The Impact Team has threatened to release a huge trove of data beyond the snippets of information they already leaked from Avid Life Media, the owner of Ashley Madison and related properties Established Men and Cougar Life, if the cheating site was not shut down.

Why is Impact Team doing this?  Well, it seems they were particularly aggrieved at a service launched by Ashley Madison last year, promising it could delete users’ information so it was irrecoverable for $19. The hackers claimed that service didn’t do as advertised, and customers’ names and addresses were still stored on ALM’s servers.

“Full Delete netted ALM $1.7mm in revenue in 2014. It’s also a complete lie,” The Impact Team said in a notice alongside the leak, in which they also claimed to have taken complete control of ALM’s “office and production domains”, as well as “all customer information databases”.

If that is true, I think they have a point.

Now, I suppose the news of the leak is ho-hum news to a lot of people, but to 37 million — wait…. let’s just contemplate that number.

Wow.

Ok.  Well to them this is potentially… bad.  REAL bad.

What disgusts me are people like Christian evangelist Franklin Graham, who posted a message on his Facebook page about the matter Wednesday afternoon, stating:

The Bible says, “be sure your sin will find you out.” Ashley Madison, the website for people who want to cheat on their spouses was hacked this weekend. Their slogan is: “Life is short. Have an affair.” Hackers threatened to reveal personal data related to 37 million users. I have news for all those worried cheaters out there wringing their hands—God already knew! His holy Word says, “Nothing in all creation is hidden from God’s sight. Everything is uncovered and laid bare before the eyes of him to whom we must give account” (Hebrews 4:13). Times may have changed, but God’s laws and standards never change—all sin has a price. The New York Daily News calls this an “‪#‎adultery‬ website.” Isn’t it a shame that immorality is such big business?

You know what?  F you, Franklin Graham.

Not being married nor inclined to cheat, I’m not personally affected by this hack, but it does establish a terrible precedent.  We don’t want to snicker at the cheaters who got caught because you never know what could be out in the dark hidden recesses of the web that reflects badly on you or. . .  and this is important . . . someone with the same name as you.  So I think we need to pay attention to this type of thing a little more closely.

Are We Under Cyberattack?

Imma just tell this story in Tweets

So United went down (It went up after 2 hours), and NYSE went down (it went up after 3 hours).  Also down (and now back up) today, the Wall Street Journal computers.

But…..

Many think this is a Chinese government hacking attack.  First of all, China is in some serious shit:

While most recent financial news has focused on the crisis currently facing Greece, another disaster is stirring further east that makes Alexis Tsipras’s problems look like chicken feed.

Since the middle of June, the prices of Chinese company shares have fallen by 30 per cent. That amounts to around $3.2 trillion dollars that has been wiped off the stock market in only a few weeks.

It’s hard to make sense of such a huge number, but this figure is higher than the UK’s GDP in 2013, a comparatively modest $2.7 trillion.

The sudden drop in prices came after months of solid growth. Since November last year, Chinese stocks had more than doubled, largely due to small retail investors – ‘mum and dad’ investors playing the stock market – using borrowed money.

There are concerns that the Chinese government’s response could be partially responsible for the sell-off.

Which is why the Asian markets did so bad yesterday.  Hong Kong’s Hang Seng index plunged as much as 8% before closing down 5.8% and China’s Shanghai Composite sank 5.9%. Japan’s Nikkei 225 index lost 3.1% to close at 19,737.64.  That’s what was facing Wall Street as it opened today.  (As I write this, the now-reopened Dow is down 238 points today).

But the theory that China might be behind these computer outages today could be supported by data from the Norse Intelligence Network,  a California-based online security company. The company offers up a real-time cyber attack map, which seemed to show at midday on Wednesday that China was the number-one attacker and the US was the number-one target:

norse630

I don’t know if this is usual or not.  But it looks like St. Louis is getting bombarded.

To be continued…..?