Nasdaq admits hackers planted malware on web portal
Nasdaq admitted on Saturday that unidentified hackers had succeeded in planting malware on one of its portals.
The US stock exchange is keen to stress that trading systems were not affected by suspicious files found on Directors Desk, a web-based dashboard application used by an estimated 10,000 execs worldwide. In a statement, Nasdaq said that there was no evidence that customer information had been exposed by breach.
The stock exchange had been asked to stay quiet about the attackers by DoJ investigators until at least 14 February, but it was obliged to go public earlier than planned after the Wall Street Journal broke the story last weekend. Nasdaq has begun the process of notifying customers about the security snafu, which was detected internally by its security screening systems.
Evil hackers subverting stock exchanges for their own gain has been a popular theme of haxploitation flicks for years. However, in reality, one of the few confirmed breaches of any stock exchange happened when a Russian Trading System was compromised by malware back in 2006, notes net security firm Sophos.
It adds that it is likely that the Directors Desk hack was designed to plant malware on the systems of users via drive-by-download attacks.
Late last month, it emerged that the London Stock Exchange and one of its counterparts in the US were in the process of investigating possible hacking attacks. Investigators are assessing whether a collapse in the trading price of five firms last summer might be explained by a breach in the open-source trading system used by the LSE. Officials had previously blamed the entry of incorrect prices for the snafu. An unnamed US exchange is also reportedly in the process of investigating a similar attack. ®
out with the old, timing seems out?
Errm El reg needs to do some date and fact checking.
The .net windows based system hasn't quite been switched off yet (due to be any day now)
So if there was an attack last summer, then it would be against the Accenture developed windows pile, that is being thrown out in next few weeks.
What will take over in february 2011 is an Oracle / Red Hat system from Millenium IT
When it goes live then you can start your stone throwing, but until then you are simply criticizing .net technology :P
The new system might well be something that LSE can sell to other smaller exchanges as it offers much better share transaction speeds than anything currently on the market.
You could support this instead of knocking as it is good for UK biz.