Incident Response, Network Security, TDR, Threat Management, Vulnerability Management

Hackers breach Nasdaq; trading systems not affected

Hackers have infiltrated the computer systems of the company that operates the Nasdaq stock exchange, the organization confirmed on Saturday.

Nasdaq OMX, a New York-based public company that owns and operates the Nasdaq, as well as seven European stock exchanges, said it detected suspicious files on its U.S.-based servers and immediately conducted an investigation that included outside forensic firms and U.S. federal law enforcement.

The suspicious files have been removed, and there is no evidence that any customer information was accessed or acquired by hackers.

The part of the system that handles trades was not affected by the breach, the company said in a statement. An investigation determined that a web-based dashboard application, called Directors Desk, which is used by corporate executives to share confidential documents, was potentially affected.

The intrusion likely resulted from a vulnerability in Directors Desk, Nicholas Percoco, senior vice president and head of information at SpiderLabs research team, part of security firm Trustwave, told in an email Monday.

Security flaws are common in custom-developed web applications, he said. Moreover, attackers have ample chance to discover such security holes because the applications are maintained online and can be accessed worldwide.

After penetrating the system through the web application, the attackers likely placed malicious files – disguised as legitimate documents – on the system in the hopes that a user would download them.

“If the user opened the document, it would deposit malware or a backdoor that could allow the attacker deeper access into various trading environments,” Percoco said.

In the statement, however, officials at Nasdaq stressed that the company's trading platform architecture operates independently from the company's web-facing services, thus it was not breached.

“At no point was any of Nasdaq OMX's operated or services trading platforms compromised,” the company said.

Nasdaq OMX did not reveal when the breach occurred, only to say that the U.S. Department of Justice requested it refrain from notifying customers until Feb. 14. But the company made the decision to inform customers about the intrusion after the Wall Street Journal broke the story on Saturday.

According to the Journal report, evidence points to the perpetrators being from Russia but cautioned that they just may have been using compromised Russian computers.

Regardless, the intrusion has been ongoing for about a year, the article states.

“This breach is yet another example of what cybersecurity is all about,” Jon Oltsik, principal analyst at Enterprise Strategy Group, wrote in a blog post Monday. “These guys knew what they wanted (i.e., insider information) and found a way to get it…Imagine how much money you could have made if you had access to board of director-level banter for the past six months? That's likely what took place here.”

Nasdaq said it is devoting “extensive resources” to secure its systems against constant attacks.

“Nasdaq remains vigilant against such attacks,” the company said in a statement. “We have been working in cooperation with the government's ongoing investigations and have received their technical advice, for which we are appreciative.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.