Hackers have repeatedly made their way into the computer network that runs the Nasdaq Stock Market during the past year. The trading system was not compromised.
Nasdaq OMX, the shell company that owns the Nasdaq Stock
Market, has been repeatedly breached by hackers over the past year, according
to the Wall
The United States Secret Service and the Federal Bureau of
Investigation are investigating the attacks to identify the perpetrators and to
uncover their motives, according to the Feb. 5 article. Despite repeated
attempts, the hackers have not yet compromised Nasdaq's trading platform, which
handles all trades, the Journal reported.
Nasdaq OMX found "malware" on a part of its network called Director's
Desk during its normal security screenings, the company told the Journal. The
service allows company boards to communicate by securely storing and sharing
documents, the paper reported.
The trading platform architecture "operates independently"
from Web-facing services like Director's Desk, Nasdaq OMX told the Journal. "At
no point was any of Nasdaq OMX's operated or serviced trading platforms compromised,"
according to the company.
"So far, [the perpetrators] appear to have just been
looking around," a source told the Wall Street Journal.
Investigators are not sure whether all the holes have been
found and plugged, the Journal said. If the hackers eventually manage to get
access to the electronic trading systems, they could trigger a stock market
crash that could have severe repercussions across the economy.
Investigators are considering several possible motives,
including unlawful financial gain, stealing trade secrets, and a
national-security threat designed to damage the exchange, according to the
Journal. The incidents were the equivalent of someone sneaking into a house and
walking around, but not taking or tampering with anything, sources said.
"Many sophisticated hackers don't immediately try to
monetize the situation; they oftentimes do what's called local information
gathering, almost like collecting intelligence, to ascertain what would be the
best way in the long term to monetize their presence,'' Tom Kellermann, security
expert at Core Security Technologies, told the Journal.
Law enforcement considers the hacking of Nasdaq OMX to be
equivalent to hacking into utilities or other "critical infrastructure" such as
air traffic control systems and power grids.
Many advanced hackers in the world are increasingly
targeting financial institutions, particularly those involved in trading,
Kellermann said. No other stock exchanges appear to be targeted at this time, law
enforcement officials told the New York Times
"We take any potential threat seriously and we are
continually working to ensure that our systems operate at the highest levels of
security and integrity," said Ray Pellecchia, a spokesman for NYSE
Euronext, which operates the New York Stock Exchange, in a statement.
The investigation has been on-going for at least a couple of
months, and several computer crimes specialists are assisting federal
investigators, the New York Times reported. Although some of the evidence
points to Russia, investigators don't know yet whether the perpetrators are Russian
or if they are just using Russian computers as proxies.
Nasdaq had not notified customers about the breaches at the
request of law enforcement to wait till Feb. 14, but decided to inform
customers after the Wall Street Journal published the story, the company said.
Stock exchanges are often a tempting target.
Nasdaq's information and news Web site was hacked and defaced in 1999. The
London Stock Exchange was attacked repeatedly last year after switching its
trading systems to Linux, according to Computerworld