Over the last decade or so, the nature of much malicious computer “hacking” has changed. In the early days of the Internet, many attacks were motivated by a desire for thrills, or prestige; more recently, this hacking has become a more traditional and organized criminal activity, often motivated by money. (There are also attacks motivated by ideology or politics, of course.) So it is not surprising that the number of attacks targeted against financial institutions has risen.
According to a report published by the Wall Street Journal, some computer networks owned by NASDAQ (originally, the National Association of Security Dealers Automated Quotation system) have been under attack for most of the past year. (The NASDAQ Stock Market is the largest US trading platform for stocks not listed on the New York Stock Exchange [NYSE]. It is the largest screen-based trading exchange in the US, listing 2800+ issues, and the largest in the world by trading volume.) Apparently the attack did not affect the trading system core, but did affect peripheral Internet-accessible systems also run by NASDAQ.
Hackers have repeatedly penetrated the computer network of the company that runs the Nasdaq Stock Market during the past year, and federal investigators are trying to identify the perpetrators and their purpose, according to people familiar with the matter.
The exchange’s trading platform—the part of the system that executes trades—wasn’t compromised, these people said. However, it couldn’t be determined which other parts of Nasdaq’s computer network were accessed.
According to a follow-up story in the New York Times yesterday, the attacks first were discovered when NASDAQ staff noticed several suspicious files on their servers. Apparently, the application that was directly affected was a bulletin-board sort of system for corporate managements.
The company said it had determined that a Web-based application on its servers called Directors Desk, on which corporations can store and share information, might have been affected. Nasdaq said the suspicious files “were immediately removed and at this point there is no evidence that any Directors Desk customer information was accessed or acquired by hackers.”
According to NASDAQ, the trading platform runs independently from the Internet — something that good security practice would certainly suggest. Still, there is always a nagging fear that some out-of-the-way flaw may have been overlooked. NASDAQ, the NYSE, and other exchanges are, reasonably, concerned about the effect incidents like this one might have on investors’ confidence, especially in an era when more and more trades are being executed via computer-based systems, as opposed to traditional exchange trading floors.
As you might have guessed, there is an investigation under way.