If there’s one story you should read this week, its Michael Riley’s extensive report over at Businessweek on the 2010 compromise of systems belonging to the Nasdaq stock exchange, “How Russian Hackers Stole the Nasdaq.”
The incident was extensively reported at the time, but not in great depth. Obviously, the parties involved weren’t talking. And Nasdaq’s public statements about the compromise woefully downplayed its severity, as Riley’s report makes clear.
Among the interesting revelations: the Nasdaq may have fallen victim to a third-party compromise – similar to the hack of Target earlier this year. In the case of Nasdaq, investigators from the FBI, NSA and (eventually) CIA found discovered that the website run by the building management company responsible for Nasdaq’s headquarters at One Liberty Plaza had been “laced with a Russian-made exploit kit known as Blackhole, infecting tenants who visited the page to pay bills or do other maintenance.”
What’s clear is that the U.S. government and Nasdaq had lots of evidence that the attack was sophisticated and, possibly, nation-backed. According to Riley, the hackers had used two zero-day vulnerabilities in combination – a hallmark of ultra-sophisticated and determined adversaries. Also, the malware used was similar, in many ways, to a program the NSA had seen before. That malware was designed and built by the Federal Security Service of the Russian Federation (FSB) as a data theft and offensive cyber tool that could disrupt infected networks.
But the case wasn’t clear-cut. For one thing: investigators found evidence that plenty of other hackers had access to Nasdaq’s networks, also. That shouldn’t be surprised, since reports of other, criminal hacks of the Nasdaq have made headlines in recent years.
Unwinding the threads of the different attacks was hard work. U.S. officials were confident that Russians were behind the Nasdaq attack, they weren’t clear about a motive. Was this a straight-up case of cyber espionage, or a cyber criminal operation conducted by a sophisticated actor. Maybe even a cadre of FSB agents spinning up a side business in cyber crime?
Reviews of the Nasdaq’s systems didn’t show any effort to manipulate or game the exchange. Moreover: the infections seemed focused on systems used to store Nasdaq’s proprietary technology, not core trading systems.
In the end, investigators reasoned that the hack was likely the work of the FSB or some other government affiliated group. At the time, Russia was in the process of revamping its two, domestic stock exchanges, with an eye to turning Moscow into Europe’s new financial center. The Russian government, it appeared, wanted to stand on Nasdaq’s shoulders when building their new exchange.
There is a lot more worth reading over on Businessweek’s site: How Russian Hackers Stole the Nasdaq – Businessweek.