Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Penetrate Nasdaq Computer Networks

Posted by Soulskill on from the turn-on-your-firewall-gentlemen dept.

PatPending tips a Wall Street Journal report claiming that hackers have repeatedly broken into the computer networks of the company running the Nasdaq Stock Exchange. "The exchange's trading platform—the part of the system that executes trades—wasn't compromised, these people said. However, it couldn't be determined which other parts of Nasdaq's computer network were accessed. Investigators are considering a range of possible motives, including unlawful financial gain, theft of trade secrets and a national-security threat designed to damage the exchange. The Nasdaq situation has set off alarms within the government because of the exchange's critical role, which officials put right up with power companies and air-traffic-control operations, all part of the nation's basic infrastructure."

18 of 106 comments (clear)

  1. Given how far the stock market is from reality by sethstorm · · Score: 3, Funny

    I'm not sure people would notice, even if it was worse.

    --
    Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
  2. False flag? by commodore64_love · · Score: 4, Interesting

    Given the government's insistence they need to have power to kill-switch the internet, I can't help wondering if this was staged.

    --
    "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
    1. Re:False flag? by Anonymous Coward · · Score: 5, Interesting

      Given the government's insistence they need to have power to kill-switch the internet, I can't help wondering if this was staged.

      From that comment I can tell you're actually familiar with how politics works.

      Unfortunately that goes so strongly against the combination of what most people are taught growing up plus what they would naively like to believe that you're likely to encounter a lot of irrational resistance. It's the kind of "yeah yeah how's that tin-foil hat fitting you" dismissal from people who refuse to seriously research the idea and look for past instances of it, yet feel that their highly emotional stance is a valid one. Perhaps they could start to enlighten themselves by researching Operation Northwoods to see what kind of false-flag operations our government is seriously prepared to use. Government is full of primitive asshats who subscribe to consequentialism; that is, the notion that the ends justify the means.

      Most ideas in politics like an "Internet kill-switch" are presented as proposals. They're more than that. They're more like "this is what we fully intend to do anyway" or they're more like "this is what we have been doing anyway and are now trying to legitimize by signing into law" (remember the retroactive immunity for warrantless wiretapping?). The proposal stage leads to a stage of framed debate, during which time the emphasis is placed not on the importance of civil rights and limited government, but instead on terrorists, hackers, or some other outside threat serving as a boogeyman.

      It's good old "correlation does not equal causality" again, and I'll explain the cart-before-horse nature of it. This is all designed to look like these actions are the effect of reasonable debate and popular support. In reality the appearance of debate and the drumming up of support is the effect of these actions. The ones who push for these increasingly fascist measures understand one thing very well: they only need a moment of support and it will be permanently enshrined in law, never to be repealed, no matter how many later regret getting suckered by the fear-based rhetoric. Understand this and you'll rarely (if ever) be surprised by anything you see on the news.

      As to whether this particular event was staged, I don't have proof one way or the other. It does remind me of a quote from Franklin D. Roosevelt: "In politics, nothing happens by accident. If it happened, you can bet it was planned that way."

    2. Re:False flag? by Fnkmaster · · Score: 2

      It's funny you say this, but I have set up servers in the data center that houses the primary NASDAQ exchange servers in Carteret, New Jersey (there's also a backup facility elsewhere in New Jersey).

      They don't publicize this data center's location, but it's not exactly top secret within the finance industry because lots of firms need fast, direct access to route orders and get market data. Heck, Google will tell you exactly where it is if you ask the right questions.

      The building is a Verizon data center, and there is definitely physical security there consisting of an access gate, and a guard who has to buzz you in. But if you have the money to get a rack there (figure $2k a month) you can get on the access list for the building. Once on the list, you can get into the rear area where NASDAQ has all their servers - I had their area pointed out to me and I believe there was much stuff of theirs not in large cages, but just regular, locked racks.

      Anyway, if an adversary were intent on creating mayhem or extracting profits, physical access wouldn't be quite as hard to obtain as one might think.

  3. Wall Street Bonuses by Anonymous Coward · · Score: 5, Interesting

    Wall Street Bonuses last year was $20.3 billion.
    I think it's obvious who is hacking the system.

  4. Trouble in the national casino! by wordsnyc · · Score: 5, Insightful

    Considering that 80% of activity in the market is program trading and that 70% of shares are held for 11 seconds or less, I think we have bigger problems. This whole shebang is not, strictly speaking, capitalism. It's parasitic roulette played with imaginary money. Of course, at the end of the week the players get to take home real money.

    --
    Sent from the iPad I found in your car.
    1. Re:Trouble in the national casino! by Anne+Thwacks · · Score: 4, Insightful
      Make that 7 days, to allow people time to read the weekend coverage of the companies' market trading conditions. (And to ensure the risk of coming unstuck if you are relying on microsecond movements).

      No wealth is created by this kind of activity. The money that goes to the winners comes from your bank charges and insurance premiums.

      --
      Sent from my ASR33 using ASCII
    2. Re:Trouble in the national casino! by Doctor+O · · Score: 2

      This is most interesting, can you tell me the source to those numbers? I want to use them next time somebody is trying to talk me into buying any stock-based financial product. Or wants to tell me why the stock markets should NOT be made illegal.

      --
      Who is General Failure and why is he reading my hard disk?
  5. Research frustration by DoofusOfDeath · · Score: 2

    Any yet it's almost impossible to get research funding for developing proof systems for computer programs, and/or developing proof-friendly (e.g., non-Turing-complete) languages, which could eliminate whole categories of vulnerabilities and bugs. Epic.

  6. Genetic by Kingrames · · Score: 2, Interesting

    You know, it won't be long before the algorithms used for trading become pseudo-genetic, and start to do this kind of stuff themselves.

    The trading that goes on is influenced as much by meta-information as it is solid information.
    For all we know that could be part of the system by now already.

    I wouldn't be surprised - in fact I'd EXPECT that words like "google" "fox" and "recession" are either hard-coded into algorithms or the hardest-hitting highest profile terms used to weigh the value of stocks.

    There's no way you can design a secure system. Attacks like this should be considered a constant, and you need to find a smarter way to discourage them.

    I say that the best way is to design a system with low-hanging fruit to serve as detection of an attack, which will shut down access to the higher level stuff when it detects intrusion - or far better, replace real information with fake information. Make the attackers think they've succeeded, feed them false positives and misinformation, and then relax knowing your information is secure. In this way you're not so much building a wall that can't be broken down, you're attacking a soft target. No idea how effective it'd be in practice though.

    Don't pay any attention to this though, I'm just rambling.

    --
    If you can read this, I forgot to post anonymously.
  7. Re:Privatization FTL by Jon+Stone · · Score: 3, Insightful

    it should damn well be under Military-grade security and government control.

    Is this the "military-grade security and government control" that prevents classified material being leaked to Wikileaks so effectively?

  8. Re:BFD. by hedwards · · Score: 2

    It depends how exactly the exchange is compromised. A group of anarchists getting in and screwing up the ownership records for the current day could do a lot of damage to the system. Basically they'd have to roll back to the close the previous day, as I'd be surprised if there were constant backups being made.

  9. Scary... by fuzzyfuzzyfungus · · Score: 2

    I do actually find this story rather scary; but not because of the "zOMG hackerz@!" angle. Of course there are going to be hackers sniffing around stock exchanges. Given that online attacks aimed at penny-ante shit like hotmail accounts, facebook, and WoW are economically viable, obviously there is going to be some interest in hitting the places where the actual money lives...

    The scary bit is the idea that it is a generally accepted truth among the feds and similar that the ability of noise-traders to slosh imaginary money around like shit through a goose is a critical part of American infrastructure and a national security concern. As important as Power companies? Srsly? Are we really so deep in stacks of heavily leveraged electronic monopoly money that continued access to electronic exchanges is as important as continued access to electricy? If so, we really are fucked.

  10. Malicious intent or testing the systemz.. by jackdub · · Score: 2

    This is one of the many areas that Schneier and Clarke talk about being 'offlimits' when nation/actors conduct 'cyberwar'. Of course, who plays by the books? Not the bad guys... or us for that matter!

    1. Re:Malicious intent or testing the systemz.. by zippthorne · · Score: 2

      Well, if there have to be bad guys, why not us?

      --
      Can you be Even More Awesome?!
  11. Re:Privatization FTL by Anonymous Coward · · Score: 2, Insightful

    > Well there's your first problem. What the hell is a private corporation doing controlling an entire nation's stock market? If it's something so huge and influential and important to the country it can be the target of attack to disrupt our economy, it should damn well be under Military-grade security and government control

    Nasdaq doesn't control the entire nation's stock market. The SEC has taken aggressive steps over the least decade - with LARGE success, according to its stated intent - to create an ecosystem of many exchanges/trading venues (today about 8 core ones, and many more peripheral) to help make sure your decision to buy or sell stock can be carried out within the next millisecond even if one - such as Nasdaq - fails. It's a bad example, since Nasdaq failures are rare, but do you know how common serious ARCA, EDGX, NYSE, etc intraday failures have been over the last year? And how badly has this affected your life?

    With respect, you should learn the minimal basics of today's US equity trading infrastructure before commenting.

    With somewhat less respect, if you think disrupting the stock exchange is so influential and important, and threatens to disrupt our economy then ... while you have plenty of company in thinking so ... the truth IMO is that being able to trade shares in a certain fraction of the US GDP each and every day - nay each an every millisecond - isn't that important. If the law was changed so that you could only buy or sell stocks four times a year, do you really think capitalism would fall over? If so, explain.

    And finally, with contempt for your intellegence/knowledge, while you can not-too-insanely argue that there is a real computer-based ("cyber"-) threat to the U.S. here, you just cannot be serious in thinking "miilitary-grade securtity" is helpful? The U.S. military? Giving better protection against computer threats than one talented random hacker? Are your referring to the Chinese military instead (not that I have any reason to believe they could begin to hold their own here either, but I know far less)? This just seems to come from some fantasy-land.

  12. Fat cats and risk by currently_awake · · Score: 3, Interesting

    I think a fundamental fact of the rich: they never gamble with -their- money, just yours.

  13. Government Run a muck by DarkOx · · Score: 2

    First of this is a private company. Sure they are probably one of the most regulated organizations in existence but they are still private. Other that SEC compliance issues that might be a result of this hack Government has no damned business being involved or even commenting.

    Second comparing it to air traffic control is just stupid. The market has circuit breakers, it takes holidays, and there is a history of closures and outages. When was the last time anyone turned off air traffic control? That's right NEVER, on the other hand the nation seems to hmm along just fine Saturdays, Sundays, all the hours outside of 9:30a - 4p the rest of the week, without the NASDAQ being open.

    I am not saying unexpected market closures are not majorly disruptive but nobody dies so they really are not up their with some of those other services.

    --
    Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html