NASDAQ reports hackers broke into its servers

Graham Cluley
Graham Cluley
@[email protected]

NASDAQThe NASDAQ stock exchange has called in investigators from the FBI after discovering it had become the target of hackers, but insists that “at no point” were its trading systems compromised.

Suspicious files were discovered on Directors Desk, a web-based application which, according to NASDAQ’s own press releases, “serves more than 10,000 directors representing more than 230 organizations worldwide, including many Fortune 500 companies”.

In a statement on its corporate website, NASDAQ says it removed the suspicious files (which one must assume were malware-related) immediately and that it has not found any evidence that customer information was accessed.

NASDAQ statement

Sign up to our free newsletter.
Security news, advice, and tips.

According to NASDAQ, the US Department of Justice requested that it not go public about the hacking while it continued its investigation. Specifically, they requested that the earliest that customers should be told should be February 14th 2011. However, an article published by the Wall Street Journal this weekend forced the stock exchange to make a statement earlier.

Those responsible for securing stock exchanges around the world know that they are potentially a big target for hackers – but the “Hollywood scenario” of evil cybercriminal geniuses breaking into servers and messing around with the world’s economies has so far been rebuffed.

In fact, aside from the fairly insignificant “pump and dump” scams we have seen manipulating penny stocks over the years, the most notable computer security breach at a stock exchange happened in Russia in 2006 when a computer virus forced Russian Trading System stock exchange systems to be shut down.

Very little information has been made public about the NASDAQ security breach, but one possibility that investigators will be looking at is likely to be that the motive was to steal information from corporations accessing the Directors Desk application.

Remember, it would be the top level executives within major firms who would have been using the compromised system – senior staff who would have had access to the most sensitive (and therefore most valuable) information about their companies. For cybercriminals, that would be like hitting the mother lode.

As such, large companies who use the NASDAQ Directors Desk service might be wise to double-check their own systems to see if there are any signs that their own systems might have been breached, or information stolen.

Certainly, some major firms are likely to be wanting more information from NASDAQ regarding what happened, and how they can be reassured that their own companies have not been compromised as a result.

Image source: victoriapeckham’s Flickr photo stream. (Creative Commons)

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.