spinofflive
File photo of the NZX stock exchange ticker (Supplied)
File photo of the NZX stock exchange ticker (Supplied)

TechAugust 31, 2020

Why news websites survived the cyber attacks that took down the NZ stock exchange

Staff Writer
File photo of the NZX stock exchange ticker (Supplied)
File photo of the NZX stock exchange ticker (Supplied)

Over most of last week, the NZX had to pause because of persistent cyber attacks. Similar attacks have today been reported against news websites. So how did they come through basically unscathed? 

The NZX stock exchange is a critical piece of financial infrastructure, yet persistent cyber attacks have caused website crashes that led to trading being halted last week. 

At the same time, similar distributed denial of service (DDOS) attacks have been launched against news websites Radio NZ and Stuff, with the possibility that others have also been targeted. And yet, they don’t appear to have had an effect on either the performance of the site, or the experience of readers. 

Radio NZ wouldn’t be interviewed about the attacks, instead giving a brief statement through a spokesperson. “RNZ has been targeted by more than one cyber attack in the last 24hrs. We understand this may have been the same group that has been attacking the NZX and we are currently investigating. We have no further detail at this time however our site remains secure and this has not impacted our audience.” 

However, tech experts believe the differing outcomes may not be due to how the sites are defending themselves behind the scenes, but because of the nature of the content being uploaded to them, and the way they already handle traffic. 

A DDOS attack basically involves sending an overwhelming volume of traffic to a website, which it cannot handle. These can come from anywhere in the world, and often involve either armies of bots, or computers that have been taken over by viruses or malware. A DDOS attack isn’t a hack, as such – that is where a malicious actor tries to gain unauthorised access to a computer or network. 

AUT professor of computer science Dave Parry said a major reason why trading had to be halted on the NZX is because of the financial information presented on the site. “The NZX is constantly updating the prices, and all of the exchange rates and everything. So it’s vitally important that it allows users to see these updates in real time.

“It’s not attacking the actual trading, but the infrastructure that analyses the trading and makes it into something the website can understand is possibly also being attacked,” he added. 

In contrast, a media site is relatively static, so it’s broadly acceptable if it takes a few minutes to see new data. Parry said the NZX has legal and financial responsibilities to “service everyone equally” in terms of the information it gives. “If it’s a trading website, and you’re waiting to sell your shares – particularly if you’re in competition with somebody else to buy shares, and they can see the price before you – that’s a commercial advantage.” 

News websites also have content regularly being uploaded, but what goes up is very different. “If you download a page from Stuff, it might take you three or four minutes to read it, but during that time, you’re not going to be downloading anything else – you’ll just be reading that article,” said Parry, referencing the contrast to the more dynamic information on the NZX. Much of that data on news websites is also “cached” – in other words, it’s stored to make it easier for users to access quickly. 

AUT computer science professor Dave Parry (Supplied)

What if you’re watching a video or listening to a podcast – wouldn’t that require the streaming of constant data? Tech expert and self-described digital plumber Ben Torkington explained that the videos on websites aren’t really stored on the website itself, which reduces the weight of data – instead, they’re farmed out to providers known as content delivery networks. 

“The CDN provider has massive resources, and can easily scale capacity to respond to DDOS attacks. Because the actual images and videos don’t change, there’s not even caching involved, you simply host the image/video content on your CDN and link directly to it in the content you serve,” said Torkington. 

Trading on the markets was able to take place today, despite attacks continuing. In part, that was because the NZX had secured the services of major international CDN Akamai Technologies.

The nature of traffic generally received by each type of site is also different. News websites will often have systems in place to deal with huge volumes of readers arriving all at once – after all, the appearance of a DDOS attack isn’t entirely dissimilar to a major breaking news story. 

They’ll also be much more likely to see the bulk of their traffic come in from New Zealand, rather than internationally, whereas much of the traffic on the NZX website already comes from international traders. With DDOS attacks being overwhelmingly more likely to come from overseas, this can make it harder to distinguish between what is and isn’t legitimate. 

So could the NZX have put systems in place to prevent the DDOS attacks from bringing everything down? While the NZX has been investing heavily in its IT infrastructure in recent years, analysis from BusinessDesk suggests it hasn’t necessarily been aimed at preventing DDOS attacks – rather, it was more focused on improving the integrity of the trading platform itself. 

“Plenty of other sites deal with real-time data, not just stock exchanges,” said Torkington. “Twitter and Facebook, for example, deal with real-time data and need to defend against DDOS attacks. Seems to me that whatever measures NZX had in place simply weren’t sufficient for the scale of the attack mounted against them. 

For Parry, the question of the scale of the attack is one of asymmetric warfare. “All of these things come down to the amount of effort you’re prepared to put into defence, compared to the amount of effort an attacker is prepared to put in. Once a DDOS attacker has infected a network of bots around the world, it’s virtually free to do that, and you can increase the numbers quite easily. Whereas defence involves increasing capacity, possibly moving into the cloud, possibly having multiple sites set up, having a lot of work done on your firewalls, and a lot of investigative work going on.” 

More Reading
‘Everything just got nastier’: The 2000s’ biggest bloggers say they’d never do it now They opened up their lives, took over news sites and won awards. But former bloggers say you couldn't pay them enough to do it today.
No, the Christchurch hot pools weren’t ‘hacked’ – the council just messed up Cocking up is not the same thing as getting hacked.

Parry says these attacks are common, but the interesting thing about this one on the NZX is that it has taken place over multiple days. “That’s indicating to me that the attackers have thought of some ways to change the fingerprint of the attacks, so it looks different each time. So your standard firewall – fairly crude measures – don’t work.” That implies a reasonably high level of sophistication behind the attacks. 

So what’s the point of doing it? Parry speculates that halting trading on the NZX might not be the final goal, and that instead it is about creating conditions that would allow something more sinister, and simply blocking the website would be low on the list of potential risks. The DDOS attack might just be to blind the target, so that more valuable information can be obtained. 

“As soon as you start seeing these attacks, you’re immediately suspicious that something else is going on as well. One of the first things to say is that they need to be really careful of a phishing attack or something like that. You might see emails going ‘can’t get through to the NZX? We’ve got a special route here, just click through’ and whatever – that’s a phishing attack. Any disruption is always good for these attacks.”

Keep going!
The Samsung Q950TS sitting somewhat awkwardly in the author’s lounge (Photo: Henry Burrell)
The Samsung Q950TS sitting somewhat awkwardly in the author’s lounge (Photo: Henry Burrell)

TechAugust 26, 2020

My month with a $13,000 TV

Guest writer
The Samsung Q950TS sitting somewhat awkwardly in the author’s lounge (Photo: Henry Burrell)
The Samsung Q950TS sitting somewhat awkwardly in the author’s lounge (Photo: Henry Burrell)

With a TV like the Samsung Q950TS it’s possible to set up your living room like a cinema, but ultimately it shouldn’t matter what screen you watch your favourite films and shows on, says Henry Burrell.

Despite writing about technology for a living I have never been that fussy about TVs. As long as the picture is clear and Netflix doesn’t buffer, I have not obsessed over the size of the screen, definition of the picture, or the quality of the audio from any TV I’ve had in the last decade.

This is reflected in the fact that I bought the cheapest TV on Mighty Ape for about $250 (I checked, it’s not even on sale there any more) when I moved to New Zealand and have been fine with it for the best part of a year. My fiancée is equally nonplussed by the skimpy screen’s bog standard smarts, and we tore through seasons one to three of The Wire without ever thinking that Baltimore might look and sound better on another TV.

Then Samsung asked if I wanted to review a TV. I was safe in the knowledge that literally any other TV in the whole country was an upgrade, so I asked which model they had in mind. That’s how I got to have a $13,000 65-inch 8K QLED TV dominating my living room.

Seasons four and five of The Wire have been a significantly more high definition experience.

Possibly not the ideal viewing experience (Photo: Henry Burrell)

Please bear with me for this dense paragraph. QLED is a fancy version of LCD (liquid crystal display), the display technology that most TVs have. QLED is a marketing term used by Samsung that stands for quantum dot LED TV. LED (light emitting diode) is the backlight needed for an LCD TV. QLED updates the traditional backlit LCD TV screen by adding a layer of so-called quantum dots that emit their own light, augmenting the picture and supposedly improving its vividness and clarity.

You can see why I’ve never been that fussed about TV tech, such is the minefield of jargon and confusing tech specs. Each Q, Z or X in a model name seems to come with an additional few thousand dollars on the price tag. The Q950TS QLED 8K TV I took delivery of is no different.

Two very helpful friendly blokes were sent to help set it up in my house, and they told me they usually get sent to set them up for TV showroom floors. At the moment it’s listed on Harvey Norman as “Available by Special Order Only” for $12,824. I also tested out the Samsung Q70T 3.1.2ch Soundbar with subwoofer ($1,099!) to turn my humble abode into a makeshift cinema.

Putting specs and price aside for a moment to revel in the technology on show though… wow. This TV should by all rights ruin any other TV for me. My little $250 TV is sulking in the corner, ashamed to have ever shone anything into my living room. Sorry, little guy.

The Samsung Q950TS’s ‘impossibly thin’ corner (Photo: Henry Burrell)

The Q950TS is an impossibly thin slab of TV screen, a unit just 15mm thick that sits on its stand (you can also wall mount it) and shines 65 inches of glorious digital vistas into my lounge. The edges have no bezel, so the picture goes right to the extreme edges and makes it look like a floating window hovering low in the corner of the room, a UFO beaming out nature documentaries or Clint Eastwood films depending on who has the remote.

It’s an 8K TV capable of double the number of pixels as 4K, which is itself better than regular HD, but the problem is there’s simply no 8K content available. This is still the case today even after 8K TVs became commercially available about two years ago, and it means that most of the stuff I watched was below 4K resolution. But don’t get me wrong, it still looked incredible.

Curb Your Enthusiasm looked great streamed in HD over Neon via the Neon app installed directly on the TV but episodes were limited by the resolution they were shot in. The TV can make older reels look better, but it can’t magic them into 4K existence.

I also restarted Super Mario Odyssey on my Nintendo Switch. It looked so good and was so immersive that I had to be very strict with myself otherwise I would have done absolutely no work for a month, such is the tightrope life of a work-at-home freelancer.

The TV claims to be able to smooth images on the fly to look sharper, but I turned this setting off. Motion smoothing (Samsung calls it ‘Picture Clarity’) turns the intentionally moody cinematography of films like John Wick or Nightcrawler to as oddly in-the-room as an episode of Neighbours. Even Tom Cruise has rallied against motion smoothing, or the “soap opera effect”. Basically, leave it on for live TV and sports, and turn it off for everything else.

The back view, including subwoofer (Photo: Henry Burrell)

As well as Neon you can directly fire up apps like Netflix, Prime Video, Spark Sport, and Disney+ meaning you don’t need a Chromecast, but you might realise just how much you spend on TV subscriptions. There’s also Apple AirPlay built in if you want to cast from an iPhone or iPad, and there’s even Amazon Alexa or Samsung’s Bixby voice assistants if you’re too lazy to push buttons on the remote. These assistants can be used to control connected smart home devices around your house or to call up the shows you want to watch. It’s all a bit overkill when you just want to slob and watch Grand Designs.

The issue there is that terrestrial TV through an aerial looks a little grainy in comparison to the HD and 4K Netflix streams available, channel depending. Pulling that analogue signal through a cable and out over 65 large inches means actual normal telly is not as pin sharp to watch, with newsreaders occasionally appearing to be made of fleshy Lego.

But put on a decent film, draw the curtains and turn up the subwoofer and soundbar and the TV has the ability to transform your front room into a cinema, and that’s basically what you’re paying for. TV manufacturers can add voice assistants and screensavers with your calendar on them as much as they want, but if you are prepared to spend this much on a TV it’s because you want to recreate a night at the movies in the comfort of your home. With lockdown in New Zealand back in effect, that’s not a bad idea – just remember there are other HD and 4K TVs out there than this one for much less that will achieve close to the same experience.

Despite my month with one of the most expensive and undoubtedly one of the best TVs in the world, I won’t be too sad when it gets picked up and taken away. I still feel about TVs how I feel about musical instruments. You can buy the best guitar in the world but it won’t make you a good songwriter. Genius songs can be written on an op shop six string.

Even if end up watching Citizen Kane or Moonlight on my $250 TV next week, they are still masterpieces. I’ll still guiltily enjoy the odd episode of Millionaire Hotseat without it dominating an entire corner of my house. $13,000 TVs exist, and they are great if you genuinely have money to burn and a large home that can accommodate a mini cinema set up, but I still feel that for most of us it should be about what TV programme or film you’re watching and enjoying rather than the prestige of the equipment that you’re watching it on.