Hackers Penetrate Nasdaq Computer Networks

PatPending tips a Wall Street Journal report claiming that hackers have repeatedly broken into the computer networks of the company running the Nasdaq Stock Exchange. "The exchange's trading platform—the part of the system that executes trades—wasn't compromised, these people said. However, it couldn't be determined which other parts of Nasdaq's computer network were accessed. Investigators are considering a range of possible motives, including unlawful financial gain, theft of trade secrets and a national-security threat designed to damage the exchange. The Nasdaq situation has set off alarms within the government because of the exchange's critical role, which officials put right up with power companies and air-traffic-control operations, all part of the nation's basic infrastructure."

More deregulation!

This is all the fault of too much government.

Given how far the stock market is from reality

[sethstorm]

I'm not sure people would notice, even if it was worse.

Re:Given how far the stock market is from reality

[Lazareth]

Well, the difference would be that instead of people playing honest poker, somebody would be stacking the deck. Oh, wait...

Re:Given how far the stock market is from reality

[sethstorm]

The deck would just be stacked one more time.

False flag?

[commodore64_love]

Given the government's insistence they need to have power to kill-switch the internet, I can't help wondering if this was staged.

Re:False flag?

[Tapewolf]

Kill-switch for NASDAQ...?

Re:False flag?

[Tubal-Cain]

Your ideas are intriguing to me and I wish to subscribe to your newsletter.

Re:False flag?

Given the government's insistence they need to have power to kill-switch the internet, I can't help wondering if this was staged.

From that comment I can tell you're actually familiar with how politics works.

Unfortunately that goes so strongly against the combination of what most people are taught growing up plus what they would naively like to believe that you're likely to encounter a lot of irrational resistance. It's the kind of "yeah yeah how's that tin-foil hat fitting you" dismissal from people who refuse to seriously research the idea and look for past instances of it, yet feel that their highly emotional stance is a valid one. Perhaps they could start to enlighten themselves by researching Operation Northwoods to see what kind of false-flag operations our government is seriously prepared to use. Government is full of primitive asshats who subscribe to consequentialism; that is, the notion that the ends justify the means.

Most ideas in politics like an "Internet kill-switch" are presented as proposals. They're more than that. They're more like "this is what we fully intend to do anyway" or they're more like "this is what we have been doing anyway and are now trying to legitimize by signing into law" (remember the retroactive immunity for warrantless wiretapping?). The proposal stage leads to a stage of framed debate, during which time the emphasis is placed not on the importance of civil rights and limited government, but instead on terrorists, hackers, or some other outside threat serving as a boogeyman.

It's good old "correlation does not equal causality" again, and I'll explain the cart-before-horse nature of it. This is all designed to look like these actions are the effect of reasonable debate and popular support. In reality the appearance of debate and the drumming up of support is the effect of these actions. The ones who push for these increasingly fascist measures understand one thing very well: they only need a moment of support and it will be permanently enshrined in law, never to be repealed, no matter how many later regret getting suckered by the fear-based rhetoric. Understand this and you'll rarely (if ever) be surprised by anything you see on the news.

As to whether this particular event was staged, I don't have proof one way or the other. It does remind me of a quote from Franklin D. Roosevelt: "In politics, nothing happens by accident. If it happened, you can bet it was planned that way."

Re:False flag?

[bigpet]

I don't think anybody is going to call him tin-foil hat crazy because he essentially said:
"The timing seems suspiciously convenient, we should consider the possibility that this was staged."

you call 'em tin-foil hat crazy when they say:
"The timing is suspicious, it was an inside job"

Regarding the things the US government has done to get legitimization for what they want (immediate reason for the start of the Vietnam war) this would be a perfectly reasonable thing to do for them if it was really high priority to them (which I kinda doubt).
But they have to think twice nowadays before staging something because of the potential repercussions if it's leaked shortly after they're done.

Re:False flag?

[sumdumass]

I can't for the life of me understand why you got modded troll.. I didn't RTFA but I'm going on a wild guess and assuming that the hackers didn't walk into the NASDAQ HQ, sit at a terminal and guess a password while everyone walked by no noticing them.

But just in case someone out there failed to put knowledge from one area together with a comment in another, the situation is like this, the US government wants a kill switch for the internet. They claim it's to stop attacks. Recently, we saw Egypt shutting down the internet in order to suppress civil unrest and delay the information of it from leaving the country. The US government insists it's to combat an attack. And look here, someone attacked and hacked into a common tech related stock exchange and had the potential to manipulate honest earnings while steeling from millions of American's retirement funds.

does that sound like an attack the killl switch was designed to tackle? I don't know. I don't think it was staged either, But pointing it out was no where near a troll as the parent was modded.

Re:False flag?

This comment is actually a false flag. The government is trying to find all the conspiracy nuts like this agent is pretending to be. As soon as you hit reply, you get erased by Will Smith and his snipers. So don't hit reply or {#`%${%&`+'${`%&NO CARRIER

Re:False flag?

You are a government disinfo agent! Everyone knows that the government uses TV and internet to mind control the population. Why would they kill-switch it? Shouldn't you go back to covering up alien autopsies and smoking your cigars while you lurk in the shadows trying to catch Mulder?

Re:False flag?

[bonch]

Hey, I'm sure the government can be trusted. I sure can't wait for "net neutrality" and having the FCC--the same organization that flipped out over Janet Jackson's nipple and drove broadcasters like Howard Stern off the air--regulating internet traffic and telling sysadmins at ISPs how to manage the traffic on their private networks. Sure sounds neutral to me.

Re:False flag?

[eiiiI'monslashdot]

lool you are crazy!

Re:False flag?

[AmberBlackCat]

And they'll just ignore how the "kill-switch" wouldn't help at all since, by the time they realize there's a breach, information could already be leaked. In fact, the only use I could imagine for this kill-switch is to stop a DDOS, but then what sane person trades one site being killed for the entire Internet being killed?

Re:False flag?

[Fnkmaster]

It's funny you say this, but I have set up servers in the data center that houses the primary NASDAQ exchange servers in Carteret, New Jersey (there's also a backup facility elsewhere in New Jersey).

They don't publicize this data center's location, but it's not exactly top secret within the finance industry because lots of firms need fast, direct access to route orders and get market data. Heck, Google will tell you exactly where it is if you ask the right questions.

The building is a Verizon data center, and there is definitely physical security there consisting of an access gate, and a guard who has to buzz you in. But if you have the money to get a rack there (figure $2k a month) you can get on the access list for the building. Once on the list, you can get into the rear area where NASDAQ has all their servers - I had their area pointed out to me and I believe there was much stuff of theirs not in large cages, but just regular, locked racks.

Anyway, if an adversary were intent on creating mayhem or extracting profits, physical access wouldn't be quite as hard to obtain as one might think.

Re:False flag?

[clydemaxwell]

the crux of that issue is that we don't want ISPs to be treated as 'private networks'. We want them treated somewhat akin to common carriers, with regulation. It is important to note that the constitution guarantees rights for citizens, not corporations. I don't want any corporations to have rights.

Wall Street Bonuses

Wall Street Bonuses last year was $20.3 billion.
I think it's obvious who is hacking the system.

Re:Wall Street Bonuses

So what, 20.3 billion? How many employees and how many hours/week does the average employee work?

Glad I'm short right now

[DCFusor]

Because this will send a wave of uncertainty through the markets and make me money!
.

That's really scary -- I trade for my living these days (my own money only) and of course, use computers to do it -- theirs and mine.
.

We could hope that all it is is some evilt HFT firm trying to figure out how to quote-stuff better and make a little more money on the spreads quicker, but somehow, having that be the best possible likely outcome is scary itself.
.

This house of cards of money that is really only bits is utterly dependent on trust. Probably most here don't have a serious "life savings" put at risk like this (on top of the normal risks we take to get a reward), but believe me, if you wanted to put this country in the crapper, hard and long, this would be one of the easier ways to do it. Think of all the lawsuits over who had what imaginary money seconds before and seconds after a successful crack attack -- with no one having access to their own money until after "one duration of SCO lawsuits" -- ruination for many, and not just the fat cats.

Re:Glad I'm short right now

Because this will send a wave of uncertainty through the markets and make me money!
That's really scary -- I trade for my living these days (my own money only) and of course, use computers to do it -- theirs and mine.
We could hope that all it is is some evilt HFT firm trying to figure out how to quote-stuff better and make a little more money on the spreads quicker, but somehow, having that be the best possible likely outcome is scary itself.
This house of cards of money that is really only bits is utterly dependent on trust. Probably most here don't have a serious "life savings" put at risk like this (on top of the normal risks we take to get a reward), but believe me, if you wanted to put this country in the crapper, hard and long, this would be one of the easier ways to do it. Think of all the lawsuits over who had what imaginary money seconds before and seconds after a successful crack attack -- with no one having access to their own money until after "one duration of SCO lawsuits" -- ruination for many, and not just the fat cats.

Hello, George Soros, & Welcome to /.!

Interesting to see you developing new, technological methods of doing what you have always done, and now in the American markets too!

Re:Glad I'm short right now

[nedlohs]

So how are those shorts doing?

Are you seriously short at the same time the Fed is promising to use the printing press to keep stock prices up?

Trouble in the national casino!

[wordsnyc]

Considering that 80% of activity in the market is program trading and that 70% of shares are held for 11 seconds or less, I think we have bigger problems. This whole shebang is not, strictly speaking, capitalism. It's parasitic roulette played with imaginary money. Of course, at the end of the week the players get to take home real money.

Re:Trouble in the national casino!

[Palpatine_li]

yeah, because ARM is selling nothing and Google is giving away its product for free, and for some reason not so obvious to your level of IQ they are bringing home boatloads of money. They are apparently using magic to make money, which should be banned.

Re:Trouble in the national casino!

[peragrin]

your post has nothing to do with the GP's.

He was saying how the majority of trades aren't interested in the companies but whether or not the stock will go up or down 30 seconds from now and how much can i make from that movement.

less 15% of investors invest for long term companies, and even less hold on to said stock for longer than a month. Most investments are only 30 second actions of buy let it go up 1 cent and sell it again. actual company performance in that face is entirely unrealistic and unnecessary.

What is needed is a minimum of a 24 hour hold time for all stocks. Kill the day traders that poison the country's economy.

Re:Trouble in the national casino!

[davester666]

The players being the large stock trading firms, of course.

Re:Trouble in the national casino!

[Anne+Thwacks]

Make that 7 days, to allow people time to read the weekend coverage of the companies' market trading conditions. (And to ensure the risk of coming unstuck if you are relying on microsecond movements).

No wealth is created by this kind of activity. The money that goes to the winners comes from your bank charges and insurance premiums.

Re:Trouble in the national casino!

[currently_awake]

Yes, I think the stock exchange -is- just a gambling casino. Or horse racing if you prefer. And in both the house tilts the rules to ensure their profits.

Re:Trouble in the national casino!

[socsoc]

[citation needed]

Re:Trouble in the national casino!

[Palpatine_li]

And you are aware that finding the price of stock does cost money and a high temporal resolution and precision of the price is useful and may worth the additional cost?

Re:Trouble in the national casino!

[WatchMaster]

when a company does an IPO, or offers more shares, they get the cash. after that the stock value is not closely related to any amount of money the company makes; the trades have no direct impact on the company. the buying and selling of shares on the market does not gain the company any cash. the value of the stocks are set by the willingness of the traders to buy and sell the shares.

while the desire to buy shares may be related to the anticipated corporate performance, there is no actual tie of share value to company performance. if there was a close match we could all make more money in the stock market. the value is set by perception, trading programs, and stock analysts. We can't predict those things that well - but the guys who operate the stock markets sure can.

Re:Trouble in the national casino!

A better idea would be to charge for each transaction (in fact, I thought this was already the case).

Re:Trouble in the national casino!

[HiThere]

24 hours isn't long enough. It should be at least a week, with preprogrammed buy and sell orders within that week allowed.

Alternatively, have there be a tax on stock transactions that decreases if you hold the stock for a long period of time. Say 100% if you hold it for 1 minute and 0% if you hold it for 5 years. Other values determined by linear interpolation. (Yes, you pay more than 100% of the stock value if you hold it for less than a minute, and you are paid if you hold it for more than 5 years. But you don't get the benefit of this until you *do* sell the stock. And if the company goes bankrupt you forfeit.)

Re:Trouble in the national casino!

[micheas]

Yes, I think the stock exchange -is- just a gambling casino. Or horse racing if you prefer. And in both the house tilts the rules to ensure their profits.

The difference between the stock market and a poker game is that in a poker game you are paying the ante, and the house keeps a share of the pot. In the stock market the value created by the workers of the company whose stock is being traded is added to the pot.

Lotto - bad, Stock - market good, poker with friends - just killing time.

Re:Trouble in the national casino!

[maxume]

There are plenty of stocks paying a 3% or greater dividend. The 3% is a direct relationship between the actual performance of the company and the stock price.

Re:Trouble in the national casino!

[aliquis]

while the desire to buy shares may be related to the anticipated corporate performance, there is no actual tie of share value to company performance.

For the minute? Most often not. For the day? Unless there is any reports or analysis, probably neither. For the week/month in a large company? Probably. Over multiple years? Definitely.

The bigger the company, the more trades, the more news and analysis, the more likely the price is somewhat right.

Re:Trouble in the national casino!

[Doctor+O]

This is most interesting, can you tell me the source to those numbers? I want to use them next time somebody is trying to talk me into buying any stock-based financial product. Or wants to tell me why the stock markets should NOT be made illegal.

Re:Trouble in the national casino!

suppose a company is very successful, and like microsoft, doesn't pay dividends. why should the stock price go up at all? it is not like the shareholders get any of the profits or increased revenues. (w/o dividends). While as an economic connection the total valuation (share price * shares) should reflect the value of the company, there is not necessarily a direct reason that it should; like I said the shareholders don't benefit directly from the growing profits, and the company doesn't directly benefit from the increased values.

there are some indirect effects, like a better valuation for the next stock offering, and the ability to borrow money. My point is that the stock market is far from rational. it is taken 'on faith' that the share values should rise with company growth, and the computer trading systems make that a reality in a semi-artificial way based on the trading algorithms that have that tautologic assumption built in.

Re:Trouble in the national casino!

[aliquis]

If nothing else I guess you could liquidate the company? It's probably not the case that Microsoft is worth $ 0 :)

Re:Trouble in the national casino!

[twebb72]

Agreed. Parent should complain how he's broke somewhere else.

You can learn how to play ball or you can watch from the sideline.

BFD.

The Nasdaq situation has set off alarms within the government because of the exchange's critical role, which officials put right up with power companies and air-traffic-control operations, all part of the nation's basic infrastructure.

Does anyone outside of Wall Street believe that?

If NASDAQ were compromised, nothing would happen to us real investors. We'd still have our securities even if they're kept in street name.

The only people who be affected would be the traders - so, they get a day or two off.

Every one seems to be so full of themselves lately!

And it's pretty sad when a market place is considered to be so important - securities were traded long before NASDAQ existed and if NASDAQ went away, there would be a replacement - quickly. They're not irreplaceable.

Re:BFD.

[hedwards]

It depends how exactly the exchange is compromised. A group of anarchists getting in and screwing up the ownership records for the current day could do a lot of damage to the system. Basically they'd have to roll back to the close the previous day, as I'd be surprised if there were constant backups being made.

Re:BFD.

[fuzzyfuzzyfungus]

Do we even have anarchists anymore? Pre WWI, the term was applied to assorted groups who spent their time plotting revolution and occasionally assassinating some politician or other. They were the "terrorists" of their day, so fear of them was pretty hysterically overwrought; but they did actually manage to throw a bomb now and again(the chap who assassinated Archduke Ferdinand and, not exactly intentionally, ended up poking the house of cards that was Europe's grip on peace before WWI was by far the most dramatic...)

These days, the only "anarchists" I am familiar with inhabit internet message boards and aesthetically questionable garage-punk bands. They are like ten notches below "communists" as an actual threat to much of anything...

Re:BFD.

[hedwards]

There are, it's just that most of them are posers, or at least that's been the case since at least the 70s or so. They definitely are still around, it's just that they're not particularly active. I know that a contingent from Oregon was the primary party responsible for all the havoc that resulted when the WTO met in Seattle some years back.

Also a fair number of the people that refer to themselves as anarchists are either hipsters or punks.

whould they really admit it?

[thinfoilhat]
Assume for a second the whole system was compromised.
If they admit it, they would cause fear and uncertainty in the market, bringing in even worse situations. ...so would they really tell us? nah, they'd try to get the crackers for other legal crime, but they'll never admit it.
[/thinfoilhat]

Re:whould they really admit it?

[hedwards]

They likely would tell us. The exchanges have been known to be compromised for years, in fact going back to the 30s, at no point has the system not been compromised. What they're whining about is that it's somebody other than Wall Street insiders that are likely to benefit.

Research frustration

[DoofusOfDeath]

Any yet it's almost impossible to get research funding for developing proof systems for computer programs, and/or developing proof-friendly (e.g., non-Turing-complete) languages, which could eliminate whole categories of vulnerabilities and bugs. Epic.

Re:Research frustration

Let me guess. You have no idea what you are talking about.

    In terms of anything that would be amenable to your research, nasdaq is the best of the best. Their matching engine does not have bugs of consequence more than once a year, and the "consequence" is always small, noticed immediately and has no finanical impact. No, I don't work for nasdaq.

    Let's get back to reality. They like all financial firms have to interface with 1000 different partners, each with their own protocols. For these protocols you get a "specification" which in some cases is like a drug-addict's dream of his initial thoughts on the subject. And you can't negotiate this; you just have to do the best you can. And by the way, you are a big company and you have 50 groups each setting up web portals and ftp (sic) sites for various "business" partners.

    Now rationally speaking, even if Nasdaq begs for your help, the first thing they will ask of your "proof friendly' language is that it providing an exploit-free OS and web server with all modern features. And you will say: we have a project to this, and if we have enough partners commercial viability is about 350 years away. And they will go away.

I challenge you: describe, with any nonzero level of familiarty whatsoever, a challenge nasdaq faces that you field could help with. Imagine you had $1Trillion dollars in grant money 20 years ago. Still? Again, my request is that you actually tie plausible reseach advances to a specific problem they have encouteered.
I am not going to wait up for your answer :-)

Re:Research frustration

[JamesP]

Erm... no

Or, in the words of Donald Knuth "Beware of bugs in the above code; I have only proved it correct, not tried it."

Most bugs have nothing to do with 'proof'

Try proofing a code against an API, against random input, agains other (buggy) modules, etc, etc That's the problem

Re:Research frustration

/Try proofing a code against an API, against random input, agains other (buggy) modules, etc, etc That's the problem./

I don't know; xmonad seems to be doing just fine at applying proof techniques to API code.

Re:Research frustration

XMonad is trivial compared to most real world applications. It's like 1000 lines of code and its domain is very well understood. Furthermore, there have been plenty of bugs in XMonad, and there are plenty of window managers, including those for OS X and Windows 7, that are just as stable and far more capable by default.

The vast majority of Haskell code is trivial garbage made by students without a clue. In fact, if it's on Hackage and it hasn't been made by either Credit Suisse or Galios, it's most likely crap that hasn't been tested or used by anyone other than the original author.

Probably used the passwords

[gil.i.hauer]

... that we're hacked from PlentyOfFish a little while ago!

Re:Probably used the passwords

passwords that we are hacked?

retard.

Re:Probably used the passwords

Just what I was thinking. I had to read the stupid post four times to finally figure out what he meant.

National Security Threat OMG

[Nimey]

Time to break out the illegal wiretaps and ignore the 4th amendment some more.

Motives?

[Sporkinum]

Motives included unlawful financial gain? That's amusing!

Re:Motives?

Why so?

Are you suggesting the stock exchange is intrinsically unlawful financial gain?

You need to refresh your definition of 'unlawful.'

Re:Motives?

[HiThere]

I think he's suggesting that insider trading is running unchecked. Not an unreasonable stance. The noise they made about Martha Stewart suggests to me that they wanted a smoke screen.

I don't doubt that she was guilty, but the amount that she was guilty of was truly trivial. I'm not sure it was out of the petty theft level. (Well, it's an old memory, and not that precise.)

Fire sale

[shoehornjob]

Everything must go. NASDAQ was just the first step. Better go check the basement of the social security building in MD. I'll bet you'll find the hackers there. Oh um bring some firepower with you. Seriously though, that must have been one talented hack.

Re:Fire sale

[93+Escort+Wagon]

Everything must go. NASDAQ was just the first step. Better go check the basement of the social security building in MD. I'll bet you'll find the hackers there. Oh um bring some firepower with you.

I'm sure the powers-that-be can at least find a balding, middle-aged New York cop with a drinking problem to go in.

Although finding one with a hot daughter might take a bit more work...

Privatization FTL

[MacGyver2210]

the computer network of the company that runs the Nasdaq Stock Market

Well there's your first problem. What the hell is a private corporation doing controlling an entire nation's stock market? If it's something so huge and influential and important to the country it can be the target of attack to disrupt our economy, it should damn well be under Military-grade security and government control.

Re:Privatization FTL

[Jon+Stone]

it should damn well be under Military-grade security and government control.

Is this the "military-grade security and government control" that prevents classified material being leaked to Wikileaks so effectively?

Re:Privatization FTL

> Well there's your first problem. What the hell is a private corporation doing controlling an entire nation's stock market? If it's something so huge and influential and important to the country it can be the target of attack to disrupt our economy, it should damn well be under Military-grade security and government control

Nasdaq doesn't control the entire nation's stock market. The SEC has taken aggressive steps over the least decade - with LARGE success, according to its stated intent - to create an ecosystem of many exchanges/trading venues (today about 8 core ones, and many more peripheral) to help make sure your decision to buy or sell stock can be carried out within the next millisecond even if one - such as Nasdaq - fails. It's a bad example, since Nasdaq failures are rare, but do you know how common serious ARCA, EDGX, NYSE, etc intraday failures have been over the last year? And how badly has this affected your life?

With respect, you should learn the minimal basics of today's US equity trading infrastructure before commenting.

With somewhat less respect, if you think disrupting the stock exchange is so influential and important, and threatens to disrupt our economy then ... while you have plenty of company in thinking so ... the truth IMO is that being able to trade shares in a certain fraction of the US GDP each and every day - nay each an every millisecond - isn't that important. If the law was changed so that you could only buy or sell stocks four times a year, do you really think capitalism would fall over? If so, explain.

And finally, with contempt for your intellegence/knowledge, while you can not-too-insanely argue that there is a real computer-based ("cyber"-) threat to the U.S. here, you just cannot be serious in thinking "miilitary-grade securtity" is helpful? The U.S. military? Giving better protection against computer threats than one talented random hacker? Are your referring to the Chinese military instead (not that I have any reason to believe they could begin to hold their own here either, but I know far less)? This just seems to come from some fantasy-land.

Re:Privatization FTL

[DarkOx]

Because its just a market place were private entities exchange private property with each other. Why should the government be involved at all?

Are you suggesting that everything that is huge, influential, or could impact our economy be nationalized? How about UPS and Fedex, CSX, they are the biggest distribution companies around if they were attacked it could disrupt our economy, should they be nationalize, should every one of their planes have a fighter escort, and ever rail car a platoon to guard it?

Seriously where do you draw the line?

Re:Privatization FTL

[FooAtWFU]

Okay, I'll bite at your "only buy or sell stocks four times a year". That wouldn't shoot capitalism dead, but it would be a hindrance. The market helps perform price discovery: no one really knows how much a company is worth (since it's all about future earnings), but if you have information about it that the rest of the market doesn't, you have a financial incentive to exploit it and your exploitation will help bring the price closer to what it should be. This affects how much people are willing to invest in an enterprise: can AOL really buy out Time Warner? The market is bad enough at these things already; we don't need people throwing money down the drain like that when they could be investing in something good for them and good for the economy at large. (For another example, look at the pricing of Google trying to buy Groupon, or the valuation of Facebook. Is that the way to run an economy?)

Other trouble would be the fact that it's a lot harder to get or unload stocks in a 4-times-a-year market. This will make stocks less attractive to a lot of ordinary investors. Only the really rich with high risk tolerance need apply.

Anyway. This trading doesn't take place on the millisecond level because it needs to, though. It takes place on that level because it can. High frequency trading is silly, but really the net effect on long-term demand for the stock is about zero... if you buy the stock, you need to sell it again really really soon, otherwise you're just a buy-and-hold investor like the rest of us. So let them play at it; big deal, who cares?

Never waste a good crisis

[StickANeedleInMyEye]

Old news. This happened last year. The most interesting part of the entire article appears at the end, almost as an aside.

"Prosecutors said Albert Gonzalez, perhaps the most renowned hacker, perpetrated his biggest theft ... According to a 2009 federal indictment, he used computers located in the U.S., Latvia and Estonia, in a conspiracy that netted more than 100 million stolen credit-card numbers."

Disturbing given the sheer magnitude of people affected.

Looking for motives?

I'm not a conspiracy theorist, but the first motive I came up with was manufacturing a reason for the kill switch...

Genetic

[Kingrames]

You know, it won't be long before the algorithms used for trading become pseudo-genetic, and start to do this kind of stuff themselves.

The trading that goes on is influenced as much by meta-information as it is solid information.
For all we know that could be part of the system by now already.

I wouldn't be surprised - in fact I'd EXPECT that words like "google" "fox" and "recession" are either hard-coded into algorithms or the hardest-hitting highest profile terms used to weigh the value of stocks.

There's no way you can design a secure system. Attacks like this should be considered a constant, and you need to find a smarter way to discourage them.

I say that the best way is to design a system with low-hanging fruit to serve as detection of an attack, which will shut down access to the higher level stuff when it detects intrusion - or far better, replace real information with fake information. Make the attackers think they've succeeded, feed them false positives and misinformation, and then relax knowing your information is secure. In this way you're not so much building a wall that can't be broken down, you're attacking a soft target. No idea how effective it'd be in practice though.

Don't pay any attention to this though, I'm just rambling.

Re:Genetic

[plopez]

"There's no way you can design a secure system."

Don't worry, it's probably written in COBOL. There are only three people left who understand it, and two are in a nursing home now. :)

Re:Genetic

[zoomshorts]

I am not !!!!! I may be in a week or two.

Re:Genetic

[zippthorne]

The best "fake information" would have to be virtually indistinguishable from the real information. So how would YOU tell it apart. (or more generally, how would your successors be able to tell after you retire to your "fake" mansion on a "fake" island in tahiti?

Re:Genetic

There's no way you can design a secure system.

While I agree, that's a rather defeatist attutude. NASDAQ has the money for a world-class crack IT squad. Somewhere, good IT has been devalued. If you start with shit, you will end with shit. I think it's all relative, as I do have good deadbolts on my doors and an alarm system, I'm sure it's trivial to break into my house compared to, say, Camp David. Marines armed to the teeth hiding in the woods watching the place is a hellavalot better security that I have. NASDAQ, and all big money ops should be spending MUCH MORE. I don't care how good or clever you think you might be at chess, you're not going to beat a team of Bobby Fishers.

Yet IT is seen as a money loser, while, oddly, expenses like insurance is seen as necessity. This is why black hats can clearly see, if I may quote Pavement, "there's forty different shades of black, so many fortresses and ways to attack."

Re:Genetic

Won't be long? Genetic algorithms have been part of trading for at least 20 years.

You have to remember that there is a lot of money involved when talking about trading (duh). Anyone that could come up with something better than everyone else would be fabulously rich. They have always had very smart people working on these problems. It's a extraordinarily difficult problem though and humans still reign supreme (as far as the algorithms go; machines are better at executing the algorithms designed by humans at speeds no human can do).

Much like neural networks they still don't work that well but I guess eventually we will have computer systems powerful enough to make them able to compete with humans. That's still a long ways off though (consider how genetic algorithm based chess software does against humans; not very well at all).

Re:Genetic

Whoa... there's a COBOL translater for DotNet?

That would suck

[Daetrin]

For all that the day to day transaction on the stock market have very little relation to what's happening in the real world, when the stock market crashes it does have an effect on the real economy.

So i guess it's a really good thing that we don't have to worry about a cyberwar or we might be it real trouble! After all, the countries that don't like America would never want to hurt us economically unless they were also willing to invade!

Nasdaq? Not if this was a serious attack.

Nasdaq? In the financial exchange world, their techies are very very good all things considered; they right a tight, efficient, ship relatively speaking. If (if, I say it louder, _if_) they were under a motivated attack that had some success, you should fear that other exchanges are more deeply compromised - most notably the NYSE. In terms of technological ability, trying to compare the Nasdaq vs NYSE is ... I just can't think of suitable analogies; maybe a car analogy ... Toyota in year 2000 vs GM in year 1975 comes pretty close... ? More likely this is an opportunistic non-consequential hack; if it's serious business they wouldn't go for Nasdaq first. That would be just silly.

        The powers that be should be deeply afraid in general. One day a terrorist might shut down key features of the USA financial system. And after that, the next time a retiree decides she needs to sell some 401(k) shares to pay for her expected retirement expenses, it may take - not microseconds, not even milliseconds, not even seconds, but maybe even HOURS for the trade to be confirmed. The truly terrible threat is that she finds out that it really made no practical difference to her after all. An awful lot of people and a ton of money is tied up on the assumption that every extra microsecond it takes to effect a stock transaction is a huge macroeconomic drag; if evidence were to point otherwise there would be no end to the repercussions.

Re:Nasdaq? Not if this was a serious attack.

[Anne+Thwacks]

if evidence were to point otherwise there would be no end to the repercussions.

All the evidence points the other way. The only need for fast trading is to allow scum to bleed the honest working man dry. (Which is important to sustaing the American way of life, in which scum to bleed the honest working man dry.)

Oblig

[plopez]

Was it Goldman-Sachs?

and who was a chairman of NASDAQ?

[bball99]

hmm... is there computer access in the prison library?

Scary...

[fuzzyfuzzyfungus]

I do actually find this story rather scary; but not because of the "zOMG hackerz@!" angle. Of course there are going to be hackers sniffing around stock exchanges. Given that online attacks aimed at penny-ante shit like hotmail accounts, facebook, and WoW are economically viable, obviously there is going to be some interest in hitting the places where the actual money lives...

The scary bit is the idea that it is a generally accepted truth among the feds and similar that the ability of noise-traders to slosh imaginary money around like shit through a goose is a critical part of American infrastructure and a national security concern. As important as Power companies? Srsly? Are we really so deep in stacks of heavily leveraged electronic monopoly money that continued access to electronic exchanges is as important as continued access to electricy? If so, we really are fucked.

Re:Scary...

As important as Power companies? Srsly? Are we really so deep in stacks of heavily leveraged electronic monopoly money that continued access to electronic exchanges is as important as continued access to electricy?

Yes, a great deal of the world's wealth is from debt, that's not necessarily a bad thing, and that shouldn't be news to you.

Re:Scary...

[fuzzyfuzzyfungus]

I am familiar with the utility of financial instruments, limited liability corporations, and the like; and I don't deny them; but I find it disconcerting to see that high speed access to those things is being ranked with access to electricity in importance. Obviously the delta between modernity and some pre-capitalist subsistence feudalism is massive. I'm just much more skeptical of the delta between a '50's style comparatively slow trading with brokers and telephones and such and today's highly automated process(I don't deny that there is a very, very large number purporting to be that delta; I just suspect that a substantial portion of that large number is illusory, balanced by an increase in tightly interlinked risk, or consists of rents extracted from the economy of people who actually make stuff).

Electricity, by contrast, basically underpins such niceties as "cities of contemporary density that actually work" and "all modern high-speed communications systems". It would only take a few days without access to refrigeration, street lights, and traffic signals for things to start getting a bit Road Warrior in many locations...

Re:Scary...

[twebb72]

Are we really so deep in stacks of heavily leveraged electronic monopoly money that continued access to electronic exchanges is as important as continued access to electricy?

Yes. It is as or more important. But you found the right website to gripe on.

Critical infrastructure is online?

Power companies and air traffic control? Brilliant. Why not put the main systems of nuclear power plants online also?

Malicious intent or testing the systemz..

[jackdub]

This is one of the many areas that Schneier and Clarke talk about being 'offlimits' when nation/actors conduct 'cyberwar'. Of course, who plays by the books? Not the bad guys... or us for that matter!

Re:Malicious intent or testing the systemz..

[zippthorne]

Well, if there have to be bad guys, why not us?

causation

[icepick72]

Oddly, most of those subpoenaed have long since gone blind.

Re:causation

[icepick72]

Yep, you guessed it, wrong thread! Time to downvote...

Air gapping the computers

[currently_awake]

The prevailing wisdom with vital computer infrastructure is to have it on a private network with no internet interconnect, but how do you do that with a system designed to handle public input? I think the next step is a stripped down OS running software written just for that task, with no extra functionality. The simpler the system the fewer parts you have to security audit. Of course that still leaves the problem of are the people running the system trustworthy (It's a black box, with no public scrutiny of its operations).

Fat cats and risk

[currently_awake]

I think a fundamental fact of the rich: they never gamble with -their- money, just yours.

Re:Fat cats and risk

I think everyone richer than I am must have gotten it unethically!

Generation vs efficiency

I've never understood why so much importance is put on these big financial institutions. They cannot actually create wealth. They can only increase the efficiency of an economic system by getting money from those who want to invest to those who want to expand. Economies aren't driven by investment, they're driven by spending.

One wonders if it was staged.

Im not a conspiracy theorist or anything of the sort. But with the whole internet kill switch thing back up on the block for the second time this type of thing comes at a very convienent time. Especially involving wallstreet since thats where all the countries top financial dogs hang out and effecting nasdaq effects all the rich and powerful of the country. Just struck me as odd that it wasnt a full out attack, just a release that they found hackers in there. No damage was done, but just enough to put a good scare into stockholders, investors and company heads. All the sudden to the influential people of the country a internet kill switch doesnt seem so crazy when their personal fortune is on the proverbial chopping block.

Its a pity our entire country hangs on the balance of the stock market though. We have no redundencies, no back ups or anything. Stock market is one of just a few keystones needed to keep our entire country afloat. Its all we have. We dont make anything, we dont export anything, we arent self sufficient at all. If you knock out the stock market entirely or even just intterupt it rammifications would be immediate. Stock market and our military are the only things that even put us on the radar of other countries. Without them the united states would become as important as haiti is to the rest of the world.

Government Run a muck

[DarkOx]

First of this is a private company. Sure they are probably one of the most regulated organizations in existence but they are still private. Other that SEC compliance issues that might be a result of this hack Government has no damned business being involved or even commenting.

Second comparing it to air traffic control is just stupid. The market has circuit breakers, it takes holidays, and there is a history of closures and outages. When was the last time anyone turned off air traffic control? That's right NEVER, on the other hand the nation seems to hmm along just fine Saturdays, Sundays, all the hours outside of 9:30a - 4p the rest of the week, without the NASDAQ being open.

I am not saying unexpected market closures are not majorly disruptive but nobody dies so they really are not up their with some of those other services.

Re:Government Run a muck

You forgot about the banksters jumping off buildings.

Insecure Linux..

Strikes at the heart of capitalism. Time to upgrade to OSX or Windows.

Re:Insecure Linux..

How wrong you are. Linux is at the heart of capitalism. Think of all those companies and consultants making a killing off Linux. We've got IBM, Novell, Oracle, Redhat, ...

How many fortune 500 companies run Linux?

OOCOBOL

[plopez]

even better..... :)

http://home.swbell.net/mck9/cobol/ooc/ooc.html

NOW is the time to INVEST in NEWSPAPERS!

Now is the time to buy stock in door-to-door delivered local newspaper companies. When TSHTF and the internet is switched off, the demand for good old newspapers will surge.

CxO porn habits strike again

[alexmin]

Per WSJ story (http://online.wsj.com/article/SB10001424052748704858404576127854072207040.html , use google hole to view) intruders "...installed malicious programs on a Web-accessible system called Director's Desk, one of its technology offerings that facilitates communication and sharing of files among corporate officers."

I wonder how many key-loggers etc are cleaned up from executive workstations an laptops every day in US but never reported.

Ocean's Eleven

[rainer_d]

The crooks just realized that the largest casino is located on the East Coast. And instead of having to deal with the mob afterwards, they just have angry pensioners and some low-life pension-funds who are basically tooth-less when they can't bribe or strong-arm somebody into what they want him to do.

Proof

"The exchange's trading platform—the part of the system that executes trades—wasn't compromised, these people said."

Yeah, because security professionals are great at knowing what part of systems *haven't* been compromised. Just ask Gawker.

According to Forbes blogger

Not at all what everyone's assuming - way more than what meets the eye. See
http://blogs.forbes.com/jeffreycarr/2011/02/06/nasdaqs-hacked-directors-desk-allegedly-violated-ftc-rules/
If this is pursued in a court (no, not the hackers), likely to break some new grounds.

Wow...pretty major, no?

[hesaigo999ca]

I am not sure, but was not the economic crisis because of all the stocks having been invested and everything teetering on the edge of disaster, is this not another crisis waiting to happen?
What can be done against this, I do not think separating all computers to be independent (like in BSG) is an option here.