Russian crackers breach Nasdaq

Malicious hackers have infiltrated the computer systems of the company that operates the Nasdaq stock exchange.

Nasdaq OMX, a New York public company that owns and operates the Nasdaq and seven European stock exchanges, said it detected suspicious files on its US servers and conducted an investigation that included outside forensic firms and US federal law enforcement.

Nasdaq's software was also used by the Australian Stock Exchange and was a lynchpin for its planned $7.8 billion merger with Singapore's exchange. There was no indication the trading platform or software used by the ASX or other exchanges was affected; the breach appeared to be in unrelated web software used by the Nasdaq, investigators and the company said.

The suspicious files were removed and the Nasdaq said there was no evidence that customer information was illicitly accessed or stolen.

The breach appeared to be restricted to a web dashboard application, Directors Desk, used by executives to share confidential documents.

Security flaws were common in custom web applications and attackers had ample chance to discover them because software was maintained online and accessed worldwide, said Nicholas Percoco, senior vice president and head of information at SpiderLabs research team, part of security firm Trustwave.

After penetrating the system through the web application, the attackers likely placed malicious files – disguised as legitimate documents – on it in the hopes that a user would download them.

“If the user opened the document, it would deposit malware or a backdoor that could allow the attacker deeper access into various trading environments,” Percoco said.

Nasdaq officials said that its trading platform architecture was independent from its web services.

“At no point was any of Nasdaq OMX's operated or services trading platforms compromised,” Nasdaq said.

Nasdaq OMX did not reveal when the breach occurred, only to say that the US Department of Justice requested it refrain from notifying customers until Valentine's Day. But the company decisided to tell customers about the intrusion after the Wall Street Journal broke the story on Saturday.

According to the Journal, evidence pointed to perpetrators from Russia but cautioned that they just may have been using compromised Russian computers.

The intrusion went undetected for about a year, the article said.

“This breach is yet another example of what cybersecurity is all about,” Jon Oltsik, principal analyst at Enterprise Strategy Group, wrote in a blog post on Monday.

“These guys knew what they wanted (i.e., insider information) and found a way to get i. Imagine how much money you could have made if you had access to board of director-level banter for the past six months? That's likely what took place here.”

Nasdaq said it was devoting “extensive resources” to secure its systems against constant attacks".

“Nasdaq remains vigilant against such attacks,” it statement.

“We have been working in cooperation with the government's ongoing investigations and have received their technical advice, for which we are appreciative.”

This article originally appeared at scmagazineus.com