Hackers and cyber-crimeRevelations over the past few days that hackers had penetrated certain systems at the Nasdaq stock exchange are reverberating throughout the financial world. Indeed, the case is shaking some bedrock assumptions of a digitized, high-speed, globally connected stock market run essentially by computers with minimal human interaction. Nasdaq officials say the computer systems that actually execute buy and sell orders for the Nasdaq OMX Group (NDAQ) were not compromised.

Instead, they say the hacking allegedly affected Nasdaq's Directors Desk service, a subsidiary that offers Web-based tools to make it easier for boards of directors to prepare for, participate in and follow up on board meetings. Part of the service includes document-sharing tools for things like preliminary drafts of earnings reports and other key data and documents.

Directors Desk's roughly 10,000 clients include a Who's Who of top publicly traded companies. The concern is that enterprising hackers could have gleaned key details from board meetings if they gained full access to the service, allowing them to possibly trade on nonpublic material information. On the Directors Desk website Nasdaq says the service offers "The highest level of security available to protect confidential board communications."

Going Where the Money Is


Equally troubling are allegations that the first hacker penetrations of Nasdaq systems were reported to the Securities and Exchange Commission in October and November of last year, according to The Wall Street Journal. Other sources have said the hackers may have persisted in the Nasdaq servers for a full year.

Had the exchange been located in California, it would have been forced to report these penetrations immediately to all affected customers due to the Golden State's laws covering data-security breaches. But for Wall Street, these revelations in an age when the majority of trades are executed by high-frequency trading operations totally reliant on computerized algorithms could cause a decrease of confidence that stock exchanges can safeguard the interests of investors large and small.

Whether these particularly hackers were simply out for a thrill or were seeking to gain inside information to make ill-gotten games is more or less irrelevant. The possible hacking of Nasdaq is a sign that cyber-criminals are going to where the money is. Previously, hackers had concentrated on getting into databases or stealing credit card information for identity thefts. But a serious band of cyber-crooks could cause untold financial damage if it were to penetrate an exchange's trading operations.

Other Exchanges React

A favorite ploy of hackers who specialize in wide-scale identity theft is to add small charges to credit cards of many thousands of card-holders. A similar tactic could be used on investors, say, by adding a small amount to each offer or bid for a specific group of securities and capturing the differential over millions of trades in a manner that could go undetected for long periods and possibly forever. In coverage of this incident, sources close to the incident are reported to have said it appears the hackers weren't able to take any information from Directors Desk.

But this begs the question: If a serious group of hackers set their sights on Directors Desk, would they actually leave a trail? Possibly not. Regardless, the revelations apparently have rattled other financial exchanges. The NYSE Euronext shut down its own version of Directors Desk for undisclosed reasons.

Now the news of the hack could possibly draw more copycat attacks or highlight the juicy targets that are becoming more ubiquitous as the financial exchanges -- and the tools they offer public companies -- get increasingly digitized.

Increase your money and finance knowledge from home

Investing in Startups

The lucrative and risky world of startups.

View Course »

Investor’s Toolbox

Improve your investing savvy with the right financial toolset.

View Course »

Add a Comment

*0 / 3000 Character Maximum

3 Comments

Filter by:
Dereck

Major Fraud Alert


The entire Federal Banking System under FirstGov has been "Consumed" and "Levied" by way of a Maryland State Circuit/District Court Ruled “Appropriation and Garnishment” of all Future Earnings prior to and after 2004 against Bank Of America by way of the F.D.I.C. Regulations Prohibiting failing Banks from Merging with other failing Banks between the Dates of 08/04/08 and 10/09/09.

Bank of America violated the 21st Century Act: Final Amendments to Regulation CC Section: http://www.federalreserve.gov/boarddocs/press/bcreg/2004/20040726/attachment.pdf

seeking reimbursement of Credit, Loan, and Finance Balances as a "Bank Entity" and not a "Nonbank Consumer" as specified on Pages 85 and 86.

The person they sued through a LLC. Debt Collection Company and Law Firm was the "World Fortune Owner" who "Counterclaimed" and won.

Now all Contracts of any Corporations (Including Employment) under the "Controlling Interest" of any Investment Bank Worldwide are "Null and Void", and are also under the stipulated Rules and Regulations of an "Closely-held S Corporation rendering all Employed under Legal Actions against “Domination”, and also means that "No Corporation can hold Shares" officially making every Stock Exchange on the Planet a "Ponzi Scheme" by default.

Businesses owned by the States (Public Corporations) are being sold Stock Shares by Corporations also under the Federal Banking System in this Worldwide "Ponzi Scheme". The World Fortune Company Merrick Inc. Sweden is dissolving Millions and Billions of Dollars from "All Levels of Government"in the U.S. of Financing based upon Years of "negligent inaction" involving this case.

The Federal Government has already been forced to discontinue supplying the Financing States use to pay their debts, Persons in Government Offices may want to begin to take their jobs more seriously, these are different times from 10 Years ago and you will not be accepted civil servants here just because you say you are here to do the right thing.

May 29 2011 at 1:31 AM Report abuse rate up rate down Reply
k02101

Companies with sensitive financial information need to start controlling ALL the applications that run on their endpoints. Antivirus and behavioral security technologies that look for signatures or anomalies are not doing the job. That is clear from this recent NASDAQ attack.

The traditional approach of using anti-virus or behavioral based technologies to identify malware before it has an opportunity to do damage is no longer seen within the IT security community as a viable solution. Instead, many leading edge IT security organizations at highly visible commercial and governmental organizations are deploying a new "software security stack" that is capable of providing visibility and protection against this very targeted malware.

At its core that "stack" includes security software at the endpoint (computer devices) and the network that utilize techniques such as application control, endpoint security sensors, and application whitelisting technology to ensure that only software applications known to be good are allowed to run.

During recent interviews with many Fortune 500 companies who are dealing with these advanced attacks, the "stack" or layered approach they are using is a layered approach:

On the endpoint, the legacy antivirus solutions are still in the mix of course, from McAfee or Symantec, etc. SIEM technology, including ArcSight, HP, RSA Security, Q1 Labs, and IBM are being used as a single pane of glass for all security incidents. Layered on top of that, enterprises hire forensics groups to come in to find out what happened when these attacks take place - companies like Mandiant or Guidance Software. On top of that is advanced network protection - FireEye or Netwitness. And on the enpdoint, the advanced endpoint protection is being provided by Bit9.

February 07 2011 at 3:50 PM Report abuse -1 rate up rate down Reply
thedtecter

"Nasdaq officials say the computer systems that actually execute buy and sell orders for the Nasdaq OMX Group (NDAQ) were not compromised.

Instead, they say the hacking allegedly affected Nasdaq's Directors Desk service, a subsidiary that offers Web-based tools to make it easier for boards of directors to prepare for, participate in and follow up on board meetings. Part of the service includes document-sharing tools for things like preliminary drafts of earnings reports and other key data and documents."

LOL, double-speak for insider trading!

February 07 2011 at 6:53 AM Report abuse +1 rate up rate down Reply