The History of Stock Quotes

The History of Stock Quotes

In honor of all the fervor around Bitcoin, we thought it would be fun to revisit the role finance has had in the history of technology even before the Internet came around. This was adapted from a post which originally appeared on the Eager blog.

On 10th of April 1814, almost one hundred thousand troops fought the battle of Toulouse in Southern France. The war had ended on April 6th. Messengers delivering news of Napoleon Is abdication and the end of the war wouldn’t reach Toulouse until April 12th.

The issue was not the lack of a rapid communication system in France, it just hadn’t expanded far enough yet. France had an elaborate semaphore system. Arranged all around the French countryside were buildings with mechanical flags which could be rotated to transmit specific characters to the next station in line. When the following station showed the same flag positions as this one, you knew the letter was acknowledged, and you could show the next character. This system allowed roughly one character to be transmitted per minute, with the start of a message moving down the line at almost 900 miles per hour. It wouldn’t expand to Toulouse until 1834 however, twenty years after the Napoleonic battle.

The History of Stock Quotes
Cappy Telegraph System

Stocks and Trades

It’s should be no secret that money motivates. Stock trading presents one of the most obvious uses of fast long-distance communication. If you can find out about a ship sinking or a higher than expected earnings call before other traders, you can buy or sell the right stocks and make a fortune.

In France, it was strictly forbidden to use the semaphore system for anything other than government business however. Being such a public method of communication, it wasn’t really possible for an enterprising investor to ‘slip in’ a message without discovery. The ‘Blanc brothers’ figured out one method however. They discovered they could bribe the operator to include one extra bit of information, the “Error – cancel last transmitted symbol” control character with a message. If an operative spotted that symbol, they knew it was time to buy.

Semaphore had several advantages over an electric telegraph. For one, there were no lines to cut, making it easier to defend during war. Ultimately though, its slow speed, need for stations every ten miles or so, and complete worthlessness at night and in bad weather made its time on this earth limited.

Thirty-Six Days Out of London

Ships crossing the Atlantic were never particularly fast. We American’s didn’t learn of the end of our own revolution at the Treaty of Versailles until October 22nd, almost two months after it had been signed. The news came from a ship “thirty-six days out of london”.

Anyone who could move faster could make money. At the end of the American Civil War, Jim Fisk chartered high speed ships to speed to London and short Confederate Bonds before the news could reach the British market. He made a fortune.

It wasn’t long before high speed clipper ships were making the trip with mail and news in twelve or thirteen days regularly. Even then though, there was fierce competition among newspapers to get the information first. New York newspapers like the Herald and the Tribune banded together to form the New York Associated Press (now known just as the Associated Press) to pay for a boat to meet these ships 50 miles off shore. The latest headlines were sent back to shore via pigeon or the growing telegraph system.

The Gold Indicator

The History of Stock Quotes

Most of the technology used by the morse code telegraph system was built to satisfy the demands of the finance industry.

The first financial indicator was a pointer which sat above the gold exchange in New York. In our era of complex technology, the pointer system has the refreshing quality of being very simple. An operator in the exchange had a button which turned a motor. The longer he held the button down, the further the motor spun, changing the indication. This system had no explicit source of ‘feedback’, beyond the operator watching the indicator and letting go of his button when it looked right.

Soon, other exchanges were clamoring for a similar indicator. Their motors were wired to those of the Gold Exchange. This did not form a particularly reliable system. Numerous boys had to run from site to site, resetting the indicators when they came out of sync from that at the Gold Exchange.

The Ticker Tape

I am crushed for want of means. My stockings all want to see my mother, and my hat is hoary from age.

— Samuel Morse, in his diary

This same technology formed the basis for the original ticker tape machines. A printing telegraph from this era communicated using a system of pulses over a wire. Each pulse would move the print head one ‘step’ on a racheting wheel. Each step would align a different character with the paper to be printed on. A longer pulse over the wire would energize an electromagnet enough to stamp the paper into the print head. Missing a single pulse though would send the printer out of alignment creating a 19th century version of Mojibake.

It was Thomas Edison who invented the ‘automatic rewinder’, which allowed the machines to be synchronized remotely. The first system used a screw drive. If you moved the print head through three full revolutions without printing anything, you would reach the end of the screw and it would stop actually rotating at a known character, aligning the printers. Printing an actual character would reset the screw. A later system of Edisons used the polarity of the wire to reset the system. If you flipped the polarity on the wire, switching negative and positive, the head would continue to turn in response to pulses, but it would stop at a predefined character, allowing you to ‘reset’ any of the printers which may have come out of alignment. This was actually a big enough problem that there is an entire US Patent Classification devoted to ‘Union Devices’ (178/41).

It will therefore be understood from the above explanation that the impression of any given character upon the type-wheel may be produced upon the paper by an operator stations at a distant point, … simply by transmitting the proper number of electrical impulses of short duration by means of a properly-constructed circuit-breaker, which will cause the type-wheel to revolve without sensibly affecting the impression device. When the desired character is brought opposite the impression-lever the duration of the final current is prolonged, and the electro-magnet becomes fully magnetized, and therefore an impression of the letter or character upon the paper is produced.

— Thomas A. Edison, Patent for the Printing Telegraph 1870

Ticker tape machines used their own vocabulary:

IBM 4S 651/4  

Meant 400 shares of IBM had just been sold for $65.25 per share (stocks were priced using fractions, not decimal numbers).

Ticker tape machines delivered a continuous stream of quotes while the market was open. The great accumulation of used ticker tape led to the famous ‘Ticker Tape parades’, where thousands of pounds of the tape would be thrown from windows on Wall Street. Today we still have ticker tape parades, but not the tape itself, the paper is bought specifically to be thrown out the window.

Trans-Lux

What’s the best way to share the stock ticker tape with a room full of traders? The early solution was a chalkboard where relevant stock trades could be written and updated throughout the day. Men were also employed to read the ticker and remember the numbers, ready to recall the most recent prices when asked.

A better solution came from the Trans-Lux company in 1939 however. They devised a printer which would print on translucent paper. The numbers could then be projected onto a screen from the rear, creating the first large stock ticker everyone could read.

The History of Stock Quotes
Trans-lux Projection Stock Ticker

This was improved through the creation of the Trans-Lux Jet. The Jet was a continuous tape composed of flippable cards. One side of each card was a bright color while the other was black. As each card passed by a row of electrically-controlled pneumatic jets, some were flipped, writing out a message which would pass along the display just as modern stock tickers do. The system would be controlled using a shift register which would read in the stock quotes and translate them into pneumatic pulses.

The Quotron

The key issue with a stock ticker is you have to be around when a trade of stock you care about is printed. If you miss it, you have to search back through hundreds of feet of tape to get the most recent price. If you couldn’t find the price, the next best option was a call to the trading floor in New York. What traders needed was a way of looking up the most recent quote for any given stock.

In 1960 Jack Scantlin released the Quotron, the first computerized solution. Each brokerage office would become host to a Quotron ‘master unit’, which was a reasonably sized ‘computer’ equipped with a magnetic tape write head and a separate magnetic tape read head. The tape would continually feed while the market was open, the write head keeping track of the current stock trades coming in over the stock ticker lines. When it was time to read a stock value, the tape would be unspooled between the two heads falling into a bucket. This would allow the read head to find the latest value of the stock even as the write head continued to store trades.

The History of Stock Quotes
Quotron Keypad

Each desk would be equipped with a keypad / printer combination unit which allowed a trader to enter a stock symbol and have the latest quote print onto a slip of paper. A printer was used because electronic displays were too expensive. In the words of engineer Howard Beckwith:

We considered video displays, but the electronics to form characters was too expensive then. I also considered the “Charactron tube” developed by Convair in San Diego that I had used at another company . . . but this also was too expensive, so we looked at the possibility of developing our own printer. As I remember it, I had run across the paper we used in the printer through a project at Electronic Control Systems where I worked prior to joining Scantlin. The paper came in widths of about six inches, and had to be sliced . . . I know Jack Scantlin and I spent hours in the classified and other directories and on the phone finding plastic for the tape tank, motors to drive the tape, pushbuttons, someone to make the desk unit case, and some company that would slice the tape. After we proved the paper could be exposed with a Xenon flash tube, we set out to devise a way to project the image of characters chosen by binary numbers stored in the shift register. The next Monday morning Jack came in with the idea of the print wheel, which worked beautifully.

The master ‘computer’ in each office was primitive by our standards. For one, it didn’t include a microprocessor. It was a hardwired combination of a shift register and some comparison and control logic. The desk units were connected with a 52-wire cable, giving each button on each unit its own wire. This was necessary because they units contained no logic themselves, their printing and button handling logic is all handled in the master computer.

When a broker in the office selected an exchange, entered a stock symbol, and requested a last price on his desk unit, the symbol would be stored in relays in the master unit, and the playback sprocket would begin driving the tape backwards over a read head at about ten feet per second, dumping the tape into the bin between the two heads (market data would continue to be recorded during the read operation). The tape data from the tracks for the selected exchange would be read into a shift register, and when the desired stock symbol was recognized, the register contents would be “frozen,” and the symbol and price would be shifted out and printed on the desk unit.

Only a single broker could use the system at a time:

If no desk units were in use, the master unit supplied power to all desk units in the office, and the exchange buttons on each unit were lit. When any broker pressed a lit button, the master unit disconnected the other desk units, and waited for the request from the selected desk unit. The desk unit buttons were directly connected to the master unit via the cable, and the master unit contained the logic to decode the request. It would then search the tape, as described above, and when it had an answer ready, would start the desk unit paper drive motor, count clock pulses from the desk unit (starting, for each character, when it detected an extra-large, beginning-of-wheel gap between pulses), and transmit a signal to operate the desk unit flash tube at the right time to print each character.

Ultronics

The Quotron system provided a vast improvement over a chalk board, but it was far from perfect. For one, it was limited to the information available over the ticker tape lines, which didn’t include information like the stocks volume, earnings, and dividends. A challenger named Ultronics created a system which used a similar hardwired digital computer, but with a drum memory rather than a magnetic tape.

The History of Stock Quotes
Drum Memory

The logic was advanced enough to allow the system to calculate volume, high and low for each stock as the data was stored. Rather than store one of these expensive memory units in every brokerage, Ultronics had centralized locations around the US which were connected to brokerages and each other using 1000 bps Dataphone lines.

This system notably used a form of packet addressing, possibly for the first time ever. When each stock quote was returned it included the address of the terminal which had made the request. That terminal was able to identify the responses meant for it based on that address, allowing all the terminals to be connected to the same line.

Quotron II

At one time during system checkout we had a very elusive problem which we couldn’t pin down. In looking over the programs, we realized that the symptoms we were seeing could occur if an unconditional jump instruction failed to jump. We therefore asked CDC whether they had any indication that that instruction occasionally misbehaved. The reply was, “Oh, no. That’s one of the more reliable instructions,” This was our first indication that commands could be ordered by reliability.

— Montgomery Phister, Jr. 1989

Facing competition from the Ultronics quote computers, it was time for Jack Scantlin’s team to create something even more powerful. What they created was the Quotron II. The Quotron II was powered by magnetic core memory, an early form of random-access memory which allowed them to read and store any stock’s value in any order. Unfortunately there wasn’t actually enough memory. They had 24K of memory to store 3000 securities.

One stock sold for over $1000; some securities traded in 32nds of a dollar; the prices to be stored included the previous day’s close, and the day’s open, high, low, and last, together with the total number of shares traded-the volume. Clearly we’d need 15 bits for each price (ten for the $1000, five for the 32nds), or 75 bits for the five prices alone. Then we’d need another 20 for a four-letter stock symbol, and at least another 12 for the volume. That added up to 107 bits (nine words per stock, or 27,000 words for 3000 stocks) in a format that didn’t fit conveniently into 12-bit words.

Their solution was to store most of the stocks in a compressed format. Each stocks previous closing price was stored in 11 bits, and store the other four values as six bit increments from that number. Any stocks priced over $256, stocks which used fractions smaller than eighths, and too large increments, were stored in a separate overflow memory area.

The Quotron II system was connected to several remote sites using eight Dataphone lines which provided a total bandwidth of 16 kbps.

The fundamental system worked by having one 160A computer read stock prices from a punch tape (using about 5000 feet of tape a day) into the common memory. A second 160A responded to quote requests over the Dataphone lines. The remote offices were connected to bankers office using teletype lines which could transmit up to 100 words-per-minute where a device would forward the messages to the requesting terminal.

It’s somewhat comforting to learn that hack solutions are nothing new:

Once the system was in operation, we had our share of troubles. One mysterious system failure had the effect of cutting off service to all customers in the St. Louis area. Investigation revealed that something was occasionally turning off some 160A memory bits which enabled service to that region. The problem was “solved” for a time by installing a patch which periodically reinstated those bits, just in case.

The system was also notable for introducing the +/- tick to represent if a stock had gone up or down since the last trade. It also added some helpful calculated quantities such as the average price change of all NYSE stocks.

The story of Quotron II showcases the value of preparing for things to go wrong even if you’re not exactly sure how they will, and graceful degradation:

Jack Scantlin was worried about this situation, and had installed a feature in the Quotron program which discarded these common-memory programs, thus making more room for exceptions, when the market went haywire. On the day President Kennedy was assassinated, Jack remembers sitting in his office in Los Angeles watching features disappear until brokers could get nothing but last prices.

Those of us who worked on Quotron II didn’t use today’s labels. Multiprogramming, multiprocessor, packet, timesharing-we didn’t think in those terms, and most of us had never even heard them. But we did believe we were breaking new ground; and, as I mentioned earlier, it was that conviction more than any other factor that made the work fascinating, and the time fly.

It’s valuable to remember that as easy as this system might be to create with modern technology, it was a tremendous challenge at the time. “Most of us lived Quotron 12 to 14 hour days, six and a half days a week; but the weeks flew by, and before we turned around twice, five years were gone…”

NASDAQ

Anyone who has ever been involved with the demonstration of an on-line process knows what happens next. With everyone crowded around to watch, the previously infallible gear or program begins to fall apart with a spectacular display of recalcitrance. Well so it went. We set the stage, everyone held their breath, and then the first query we keyed in proceeded to pull down the whole software structure.

The History of Stock Quotes
NASDAQ Terminal

Feeling pressure from the SEC to link all the nation’s securities markets, the National Association of Securities Dealers decided to build an ‘automated quotation service’ for their stocks. Unlike a stock ticker, which provides the price of the last trade of a stock, the purpose of the NASDAQ system was to allow traders to advertise the prices they would accept to other traders. This was extremely valuable, as before the creation of this system, it was left to each trader to strike a deal with their fellow stock brokers, a very different system than the roughly ‘single-price-for-all’ system we have today.

The NASDAQ system was powered by two Univac 1108 computers for redundancy. The central system in Connecticut was connected to regional centers in Atlanta, Chicago, New York and San Francisco where requests were aggregated and disseminated. As of December 1975 there was 20,000 miles of dedicated telephone lines connecting the regional centers to 642 brokerage offices.

Each NASDAQ terminal was composed of a CRT screen and dedicated keyboard. A request for a stock would return the currently available bid and ask price of each ‘market maker’ around the country. The market makers where the centers where stock purchases were aggregated and a price set. The trader could quickly see where the best price was available, and call the market maker to execute his trade. Similarly, the market makers could use the terminal units to update their quotations and transmit the latest values. This type of detailed ‘per-market-maker’ information is actually still a part of the NASDAQ system, but it’s only accessible to paying members.

One thing this system didn’t do is support trading via computer, without calling the money maker on the phone (the AQ in NASDAQ actually stands for ‘Automated Quotations’, no stock purchasing capability was originally intended). This became a problem on Black Monday in 1987 when the stock market lost almost a quarter of its value in a single day. During the collapse, many money makers couldn’t keep up with the selling demand, leaving many small investors facing big loses with no way to sell.

In response the NASDAQ created the Small Order Execution System which allowed small orders of a thousand shares or less to be traded automatically. The theory was these small trades didn’t require the man-to-man blustering and bargaining which was necessary for large-scale trading. Eventually this was phased out, in favor of the nearly all computerized trading based system we have today.

Now

Today over three trillion dollars worth of stocks are traded every month on computerized stock exchanges. The stocks being traded represent over forty billion dollars worth of corporate value. With the right credentials and backing it’s possible to gain or lose billions of dollars in minutes.

These markets make it possible for both the average citizen and billion dollar funds to invest in thousands of companies. In turn, it allows those companies to raise the money they need to (hopefully) grow.

 

Our next post in this series is on the history of digital communication before the Internet came along. Subscribe to be notified of its release.

Smart Parent Guide: How to talk to your child about the dangers online?

We use the internet for everything; shopping, researching, socializing, learning, navigating. The same is true for our kids. They use the internet to play games, talk to their friends, and do their homework. And kids are curious, wanting to learn and discover the world around them. Of course, we want to encourage this as much as possible.

The problem with this is that the internet can be a dangerous place. Unfortunately, just as in the real world, there are criminals on the internet looking to take advantage of innocence and trust.

With great power comes great responsibility.

In addition to possible predators, cyberbullying has also received a lot of media attention in recent years. Social media makes it easy for peers and even strangers to be cruel while hidden safely behind a computer screen.

Obviously, we want to protect our kids from these dangers, but where to start? This guide will give you a starting point to help your kids navigate the internet:

 

The Internet may also open the door for things we don’t want our kids to see or be exposed to at an early age.

Educate yourself

As with anything, you should understand the dangers that your kids could face and the possible solutions.

  • Figure out what kind of devices your kids are actually using and what they can do. For example, if your child plays video games, see if those games connect to the internet and if they are multiplayer games. This allows other players to contact your child without you knowing it.
  • This site is a great place to start, for both educating yourself and your children about being safe online. It offers tons of resources, teaching tools, and courses.

 

Educate your kids on using today’s technology.

Educate your kids on using today’s technology.

Talk about the potential dangers

  • The tired old saying “communication is a key” really applies here. Letting your kids know that there are real dangers on the Internet can help them make smart choices, rather than resenting you for putting rules in place.
  • Explicitly tell your kids which information they can and cannot share online, and why. Passwords, addresses, phone numbers, etc. should never be shared, although it seems self-explanatory, it may not be to younger kids.
  • Make sure your kids know that anything they post is publicly and permanently visible to anyone on the internet. What they post now could affect them for years down the line, and this is a very important point to stress. Although if pictures and posts may not seem like a big deal now, they could come back to bite them.
  • An important point to mention is that if you wouldn’t do it in person, you shouldn’t do it online.

 

Tell your kids which information they can and cannot share online.

Tell your kids which information they can and cannot share online.

Make your expectations clear

  • Set up a set of rules that your kids agree to follow to ensure their safety. These rules should change as your children grow, but should always be straightforward.
  • Check out this informative site that can provide you with a “Family Contract for Online Safety”. It outlines a list of rules that kids should be following, such as only downloading things with explicit permission and never ever giving out passwords. It also gives a list of rules that parents should follow to help keep their kids safe, such as “try to get to know my child’s “online friends” just as I try to get to know his or her other friends”. Apparently, these rules are up to you- decide what works best for your family and stick with it.  

 

Set up a set of rules that your kids agree to follow to ensure their safety.

Set up a set of rules that your kids agree to follow to ensure their safety.

Designate times and uses

  • Based on your set of rules, set up designated times that your kids can and cannot use the internet. For example, no phone or laptops after 9 pm. This works because it helps kids wind down screen-free before bedtime, and also gives you the peace of mind that they aren’t staying up into the wee hours on sketchy sites.
  • Decide what your children should be using a computer to do. Do they need it to complete their homework, play games, or watch movies in their room? Perhaps, you will decide that it is best for them to watch movies in the family room, where parents and siblings can monitor what they are seeing, or that they must complete all homework before checking social media.  
  • For teens, apps such as Self Control allow them to blacklist certain sites for a period of time, which can help cut out social media and streaming while they are getting homework done (distractions from productivity, like these adorable videos).

 

Talk to your kids about online safety.

Talk to your kids about online safety.

Think about setting up parental controls

  • Parental controls allow you to block certain sites. You can start by asking your ISP what it offers in terms of filtering and blocking certain content. Most ISPs do. You can choose to block specific inappropriate content such as ‘pornography’ or ‘racism’. Check out this guide to parental controls.
  • This may or may not be necessary, depending on your kids’ age and your family. These will obviously work betters on toddlers as opposed to teens.
  • It is important to mention that the blacklists are imperfect and may block some good content while letting some bad content through. Whitelists are very limiting. That’s why it’s so important to take the time to educate your kids instead of relying only on these controls. Even if something sketchy happens, your kids will know what to.

 

Ask your ISP what it offers in terms of filtering and blocking certain content.

Ask your ISP what it offers in terms of filtering and blocking certain content.

Keep an eye on your kids’ interactions

  • There is a fine line between invasive spying and checking up on your kids’ accounts, which is important to do. Create an account and friend your children on their social media accounts; Snapchat, Facebook, Instagram, Vine. Chances are your children has all of them, and make sure you know what is going on there. This should be a condition to creating accounts on any of these platforms.
  • As I mentioned earlier, make some attempt to get to know your child’s online friends in the same way you would get to know their school friends. This may be difficult but is worth a try for the peace of mind.

 

Keep an eye on your kids’ interactions.

Keep an eye on your kids’ interactions.

Make sure your kids know they can come to you if something seems off

  • After all of this, your child still may end up in an unsafe situation. Some things, like cyberbullying, find a way regardless of your attempts to shelter your children from it.
  • What you can do is make sure that your child knows they can come to you for help, without judgment. If you know about the situation, you can help them find a mature and safe way to deal with it. In this case, ignorance definitely is not a bliss.

TIME says: “The biggest key to keeping your children safe online isn’t walling off the Internet or crippling their computers (though a little bit of that can help), it’s helping them understand how big the world is, and which places within it are safe to roam”.

For more tips on how to stay safe from hackers and other dangers on the internet, in general, check out our Ultimate CUJO Guide to staying safe online.

Who should protect smart homes from hacking?

Home users are more connected but less protected than ever before. Growing amount of smart home devices is mostly insecure by design. Criminal hackers already abuse this explosion in connectivity.

Who can secure the home networks?

Smart homes are more connected

Every household today contains multiple connected devices, and the number will increase over the next five years. Gartner predicts that the number of connected devices will reach 20.4 billion by 2020. Statista offers a higher number: according to their data, it might be almost 31 billion devices installed by 2020.

Even if these numbers are not exact, the trend is clear: the amount of smart devices is increasing and will not stop soon.

According to Pew Research Center, a third of American homes now have three or more smartphones. The number of laptops, tablets and gaming consoles is growing as well. More homes are enjoying the help of virtual assistants, smart thermostats or cameras.

According to our own data, a typical household protected by CUJO AI has 14-15 smart devices connected to LAN on average. Mostly it’s laptops, smartphones, and tablets, with a growing number of Internet of Things gadgets joining the top ten.

Devices are not secure

Traditional devices with browsers (smartphones, laptops, tablets) continue to be most susceptible to outside attacks. The main risk for a home user is that their devices can get infected by malware. That might lead to encryption of files, loss of privacy and money.

The standard protection offered for the usual devices (laptops, tablets, smartphones) is antivirus software, which doesn’t address many cybersecurity issues such as camera hacks, DDoS attacks, and ransomware. Furthermore, restrictions by Apple make it impossible for antivirus to secure iPhones and iPads.

Sadly, most of IoT devices are insecure by design. Since of most smart home devices are based on new technology, there is no security standard for IoT devices yet. Manufacturers prioritize low cost and speed-to-market over security, and IoT devices are left vulnerable to all kinds of threats.

Smart devices (TVs, cameras, DVRs) are increasingly targeted both by traditional and new hacking methods. Since it’s not possible to install endpoint security on the majority of devices that customers use today, customers have become vulnerable to hacks.

Broadband services are impacted by the IoT devices their customers install in their homes. On many occasions, these home IoT devices are the ones creating the vulnerabilities.

It is usually assumed that the devices will be placed on a secure network, but this is not the case most of the time.

Hackers are using a more sophisticated approach

The cyber threat landscape grows: cybercriminals use more sophisticated methods and release hundreds of thousands new malware samples each day.

The number of the computer viruses or other malicious software is continuously increasing. More than 317 million new malware were created last year. More conservative sources quote that 250 000 new malware threats are released daily.

Even if the numbers might differ, the direction is clear, and it points towards the need for better cybersecurity both for home users and businesses.

For instance, botnets such as Mirai and Reaper enlist unprotected smart devices. In 2016, a DDoS attack by Mirai botnet was conducted by up to 100,000 vulnerable IoT devices. It resulted in issues for 900,000 clients of Deutsche Telekom and brought down the DNS service provider Dyn.

All of that leaves the home user in a challenging position. The manufacturers do not secure smart devices. Network core solutions do not see LAN communication. Traditional solutions like antivirus and DNS firewalls are reactive by design, failing to respond to daily threats. Home networks, as a result, are left exposed to ever-increasing threats.

We believe that ISPs can address the problems that smart homeowners face today.

Learn more how we help ISPs protect their clients:

 

Find out how ISPs can solve this. Download @CUJO AI whitepaper here: https://www.cujo.com/platform/

 

Uber hack affects 57 million customers and drivers

In 2016, Uber was hacked, but the breach was not disclosed until this Tuesday. Hackers accessed the personal information of millions of Uber users’, including names, email addresses and phone numbers and the license numbers of 600 000 drivers.

Uber informed that none of the sensitive information such as credit card numbers, bank account details and social security numbers had been revealed.

“None of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”  Dara Khosrowshahi, CEO.

The company knew about this hack. Allegedly, Uber’s security team has paid $100 000 to delete the data and keep the hackers quiet. There is no evidence if they actually deleted this information. Uber comments that so far, none of the data was used and it would not confirm that the ransom was paid.

Bloomberg was the first news portal that reported on this story:

 

What has happened so far?

  • In late 2016, two hackers have accessed the information of 50 million Uber customers and 7 million drivers, including 600 000 U.S. license numbers.
  • The company didn’t disclose this information either to the customers or the drivers.
  • After finding out about the breach, Uber has allegedly paid $100 000 for the hackers to keep quiet and delete the data. Bloomberg reports that Joe Sullivan, Uber’s chief security officer at the time, is no longer with the company because of the breach and alleged cover-up.
  • Uber CEO Dara Khosrowshahi, who joined the company this September, disclosed the incident on Tuesday, 21 November 2017.
  • Uber claims that additional security measures were implemented, the hackers were identified, the vulnerabilities were fixed, and the situation is under control. According to the company, it monitors the affected accounts, and no further action has to be taken.
  • A resource page for those affected has been set up.
  • Uber offers credit monitoring and identity theft protection to the drivers free of charge.

What mistakes has Uber made?

Looking at the Ubers situation, it’s clear that the usual cybersecurity practices in big corporations need to be reviewed. Cybersecurity holes leave both clients and drivers unsecured. This situation leads to the point where people may no longer trust the company.

There are many best practices every company has to follow to keep proper cybersecurity hygiene. Mostly, it is smart to focus on the 3 fundamental principles of cyber security for business. We’ve discussed them in our previous blog post.

However, principles are one thing and reckless employers show quite a different story. Keeping important credentials in plaintext, in GitHub, is the third point in this story.

The biggest mistake that Uber has done, however, is hiding the truth from their clients, expecting to get away with a bribe. Such communication (or lack of) and incident response is one of the worst things a company can do. And this is what ex-CEO of Uber, Travis Kalanick, did, by shooting his company in the foot.

What’s the takeaway here?

While this is big, it is not as important as the breaches that were disclosed recently about Yahoo or Equifax. Private details of 57 million Uber riders and drivers were leaked. However, credit card information remained untouched and protected (at least from what we know at the moment and if we can trust what Uber say).

In this place, a user is in a position where he is not capable of doing something for himself. Proper password hygiene and all the other recommendations we were constantly giving out, are valid, but they are soon getting boring.

The thing in this situation is the loss of trust in a company and how one can react and what actions are to be taken. It’s not the data that has been stolen, it’s all these lies and trying to hide something.

And it’s not that the service of Uber is terrible. It’s great, and so is the idea of Uber. But the management and people responsible for specific actions are what drives this company lower and lower.

Should they succeed to recover after this one and start regaining user’s trust, what might happen next?


We care about the security of both homes and businesses. Almost 700 reviews on Amazon show that we are great at this.

Get CUJO and protect all your devices at once. Order today!

Netflix and no chill: a new phishing attempt

Netflix users are suffering from yet another batch of phishing emails.  They get emails that look legit and ask them to enter personal information into the website.

Attempts to phish Netflix users are pretty common. The emails appear, sometimes get into the headlines. Then they go through a makeover: a redesign to evade spam folder and other defensive filters. And later on, they reappear again.

It is the same with gaming platforms (Steam, Blizzard) or banks. 

What are phishing attempts trying to make you do?

They ask you to go to a website, enter your details (name, surname, credit card, social security number) and submit the form, so that your details would get into hands of the phisher.

These massive campaigns are impressive in numbers: they can reach 1, 10 or even 100 million users. The recent Netflix phishing attempt targeted 110 million users. This attack was personalized and it looked just like legit Netflix informational email. 

What are the goals of scammers that send out such campaigns?

They don’t need all users to get hooked on this. If they catch 0.1% of all people that got this email, they are looking at details of 110 000 users. And that’s a lot. Even 0.01% is a lot. And though defensive filters won’t allow most of such emails get through, other users will ignore it; there will be that part of people that might agree to give their private details to phishers.

How to protect yourself from Netflix phishing attempts?

  • First of all: check the sender. The sender’s email address might look legit, but it is not. Look carefully.
  • Hover your mouse pointer over the link. Check the link where you are forwarded to enter your credit card and other details by hovering over your mouse pointer or looking at the source and details of sent email. Is it really legit? 
  • Don’t click on any links that come with some powerful statement like “Your account might be compromised.” Open your browser, go to the webpage and put in your account details yourself. In case of Netflix, go to netflix.com, enter your username and password, and if you need to take any action, you will be notified.
  • Get CUJO. We are working hard to keep up to date with most recent phishing attempts, block them seconds after such campaign starts and before it gets wild.

Read more about protecting yourself from phishing attempts in our older post.

What’s up with the fake Whatsapp apps?

More than one million people have downloaded fake Whatsapp applications. It’s possibly the highest number of downloads so far. Of course, it’s not the first time it happened – counterfeit apps with adware were surfacing more and more recently.

Fake Whatsapp: how does it work?

Lately, it was not very easy to pass the security checks of Google Play Store. Malicious app developers had to reduce their actions and capabilities of fake apps. However, counterfeit apps still get their way in between legit apps and gather a significant amount of downloads.

It’s less than half a year since the last fake Whatsapp application was discovered in Google App Store. That time the first letter of the app was changed in a Unicode homoglyph attack. In such attack, specific symbols are interchanged with the same looking ones.

 

Legit Whatsapp link

Legit Whatsapp link

 

Legit Whatsapp link

Fake Whatsapp link

The twist: they have different codes. It’s not only I, l and 1 that are familiar. The same letter in different encodings is different as well. Cyrillic letter A and Latin letter A looks the same visually, though they are encoded with different codes.

That’s why for “WHATSAPP” with Cyrillic letters “A,” and “WHATSAPP” with Latin letters “A” are different words. They might be different domains, and the user might be easily confused without analyzing the source code of where the link points to or titles of the app.

In this recent fake application, the differences were even more subtle between the legit developer’s name and the fake one:

There are two extra bytes at the end of the phony URL that is barely visible to an end-user. It’s an advertisement-loaded wrapper that downloads additional code and tries to hide on user’s device by having no icon, description or name.

Are we safe?

Currently, the fake app is already banned from the Play Store. However, in such cases, users usually rely on the app distributor. In case of Android users, it’s most likely Google Play store. Of course, there is no fool-proof protection, and Play Protect is no exception.

These incidents of fake apps, residing in Google Play store are getting more and more frequent. Apps cannot utilize highly advanced malicious actions. There are still ways how to bypass the implemented security mechanisms and get, in this case, more than one million users to download that.

At the moment it is a difficult situation to give straightforward recommendations for users on how to protect themselves. One of the most obvious ones is to carefully check what and why you are installing on your device.

What permissions does the app require, is behavior the same as expected or it differs? Check what out-of-place apps might be there on your smart device. As it is seen, the user’s precaution is one of the primary defense mechanisms.

Sometime in the future, defense mechanisms of Play Store and other sources of available apps will be intact, however, attacking mechanisms of malicious players in the market, might have been developed even further.

Top

Fresh View Partners