2010 NASDAQ Breach Update

Recent reports have indicated that the October 2010 NASDAQ hack was able to occur due to a lack of fundamental security practices.  The attack involved the breach of NASDAQ’s “Directors Desk” collaboration software, used by corporate boards, directors, and executives to share highly confidential information, and to collaborate on projects.  The website indicates that Directors Desk has about 10,000 users.  NASDAQ executives are understood to postulate that a substantial increase in Directors Desk customers demonstrates confidence in the product.

Despite NASDAQ’s heavy investments in IT security, including advanced monitoring, encryption, and system segmentation, many computers used at NASDAQ apparently remained unpatched for quite some time, and firewalls had also been misconfigured.   The attackers used an undisclosed mystery malware agent to avoid antivirus detection.  According to sources close to the investigation, the malware agent found in NASDAQ’s network was quite complex, but tougher security measures and higher vigilance could have detected the intrusion more quickly.

NASDAQ has defended its security practices, assuring customers that no data was actually compromised.  However, in October 2011, Reuters reported that hackers were able to spy on “scores” of directors through Directors Desk before the malicious software was removed.  It is still unclear how long NASDAQ’s systems remained compromised before the attack was discovered.  The attack was publicly disclosed in February 2011 after FBI requested notification delays, and fuels concerns about the severity of the threat facing the financial industry and the need for good information security practices at many companies.

The FBI investigation into this compromise continues, and the event continues to underscore the importance of having updated software and the latest security patches applied to help protect against exploitation of known vulnerabilities.  There is speculation that the investigation will find evidence that the attackers exploited flaws in web applications, and that insider trading occurred.