NASDAQ reports hackers broke into its servers

Filed Under: Law & order, Malware

NASDAQThe NASDAQ stock exchange has called in investigators from the FBI after discovering it had become the target of hackers, but insists that "at no point" were its trading systems compromised.

Suspicious files were discovered on Directors Desk, a web-based application which, according to NASDAQ's own press releases, "serves more than 10,000 directors representing more than 230 organizations worldwide, including many Fortune 500 companies".

In a statement on its corporate website, NASDAQ says it removed the suspicious files (which one must assume were malware-related) immediately and that it has not found any evidence that customer information was accessed.

NASDAQ statement

According to NASDAQ, the US Department of Justice requested that it not go public about the hacking while it continued its investigation. Specifically, they requested that the earliest that customers should be told should be February 14th 2011. However, an article published by the Wall Street Journal this weekend forced the stock exchange to make a statement earlier.

Those responsible for securing stock exchanges around the world know that they are potentially a big target for hackers - but the "Hollywood scenario" of evil cybercriminal geniuses breaking into servers and messing around with the world's economies has so far been rebuffed.

In fact, aside from the fairly insignificant "pump and dump" scams we have seen manipulating penny stocks over the years, the most notable computer security breach at a stock exchange happened in Russia in 2006 when a computer virus forced Russian Trading System stock exchange systems to be shut down.

Very little information has been made public about the NASDAQ security breach, but one possibility that investigators will be looking at is likely to be that the motive was to steal information from corporations accessing the Directors Desk application.

Remember, it would be the top level executives within major firms who would have been using the compromised system - senior staff who would have had access to the most sensitive (and therefore most valuable) information about their companies. For cybercriminals, that would be like hitting the mother lode.

As such, large companies who use the NASDAQ Directors Desk service might be wise to double-check their own systems to see if there are any signs that their own systems might have been breached, or information stolen.

Certainly, some major firms are likely to be wanting more information from NASDAQ regarding what happened, and how they can be reassured that their own companies have not been compromised as a result.

Image source: victoriapeckham's Flickr photo stream. (Creative Commons)

, , , , , ,

You might like

One Response to NASDAQ reports hackers broke into its servers

  1. Bruce · 1354 days ago

    As a computer security professional who once programmed trading systems that were later merged into NASDAQ this is very interesting to me. I am confident that the trading systems are isolated from the web facing applications well enough that this is no threat to the integrity of the trading systems. What seems most likely is that the web servers were compromised in an attempt to use them to inject malicious software into their clients. This would be similar to the "Operation Aurora" attacks reported by Google in January 2010, which reportedly compromised almost 3000 corporations. There would be even more value in compromising users of the "Director's Desk" product, perhaps more than even a trading system compromise would return.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.