A security expert said that hackers were after the insider information stored within Nasdaq OMX to use in their own trades.
The attackers who "repeatedly" breached Nasdaq OMX
systems over the past year were most likely stealing insider information to use
for financial trades, according to a security expert.
Nasdaq OMX confirmed Feb. 5
that its systems had been breached by hackers and malware had been found on one
of its servers, but assured investors that the system that controls trades
weren't affected and sensitive information stored in its Director's Desk Web
portal had not been compromised.
According to Tom Kellermann, a former computer security official at the
World Bank and current vice president of security awareness and government
affairs at Core Security Technologies, hackers may not have been interested in
the trading system at all.
The goal of hackers is to "stay in" the network as long as they
can, he said. The "reality" is that there is no point to hack into
the trading platform, he said. It's actually more beneficial for hackers to
stay away from the trading system and to consider other applications, according
to Kellermann.
"Attacking the trading system is like punching a bee hive: There's all
sorts of alarms raised and lots of heat," Kellermann told eWEEK.
The
criminals
who infiltrated Nasdaq OMX must have been aware of the importance of these
other systems, Kellermann speculated. The criminals gained access to a system
containing sensitive insider information by getting into Director's Desk, which
they could use in trading to make money, he said.
Director's Desk is a Nasdaq OMX
subsidiary that offers Web-based tools to make it easier for boards of
directors to prepare for, participate in and follow up on board meetings. Part
of the service includes document-sharing tools for things like preliminary
drafts of earnings reports and other key data and documents, according to its
Website.
Director's Desk customers were regularly accessing the portal with
confidential information, Kellermann said. "Information is power, too"
he said.
Two
Republican
Congressmen called the attack "troubling" on Feb. 8. In a joint
letter to Nasdaq OMX, House Financial
Services Committee Chairman Spencer Bachus and committee member Scott Garrett
asked for information about how the systems will be secured going forward.
Democrat Sen. Robert Menendez also sent a letter to Securities and Exchange
Commission Chairman Mary Schapiro, Attorney General Eric Holder and Homeland
Security Secretary Janet Napolitano, stating that the SEC should "consider
investigating the extent to which hacking can disrupt trading platforms."
"This is not terrorism or a state-sponsored attack," but clearly
an attack to game the market, a form of financial fraud, Kellermann said.
Email
Print
