Nasdaq’s computers were hacked, and the US is ill-equiped to prevent it from happening again

We still don’t know why or how.
We still don’t know why or how.
Image: Original image: Reuters/Shannon Stapleton
We may earn a commission from links on this page.

It’s a Russian invasion but of the cyber variety.

Sophisticated hackers launched a cyber attack on exchange platform Nasdaq back in 2010, according to Bloomberg Businessweek. The report penned by Michael Riley reads like a spy thriller and delivers this sensational revelation: the digital defenses of the exchange–home to technology giants like Microsoft, Apple and Facebook–were not up to the task.

There are lot of moving parts to the lengthy hacking narrative, which still appear to be fuzzy. That includes whether the hack was actually perpetrated by Russians or by computer whizzes enlisted by countries like China, or a group like the Syrian Electronic Army. No one seems to know for sure, but the predominance of evidence points to Russia.

At this point, there appears to be no evidence that any information was definitively spirited away, or if it was, how precisely the perpetrator benefited. But the story does spotlight how vulnerable vital global financial systems are to criminal cyber attacks. That’s particularly worrisome because in the age of digitalization, when the developed world is relying on computers for everything from personal banking to executing stock trades, cyber security has become an increasingly important issue.

But here’s what we know from the Bloomberg Businessweek piece:

  • Nasdaq was hacked as recently as 2010.
  • Probes into the breach involved a litany of US government agencies—the National Security Agency, Federal Bureau of Investigation, the Treasury Department’s Office of Critical Infrastructure Protection, the Secret Service, and the Central Intelligence Agency.
  • Evidence of multiple cyber attacks were detected when these US government agencies and independent contractors looked in to the matter.
  • Nasdaq did not initially reveal these attacks publicly; it’s possible that they determined the breaches didn’t rise to the level the required disclosure.
  • Malware and spyware (i.e., insidious software that could pose threats to the stock exchange’s network) is still likely latent and embedded within Nasdaq.
  • Investigators haven’t  determined if the malware was intended to steal information from Nasdaq, disrupt it or use it for some other nefarious purpose.

Here’s how Bloomberg Businessweek describes the vulnerabilities of other companies to attacks:

The agents found little evidence of a broader attack. What they did find were systematic security failures riddling some of the most important U.S. financial institutions. It turned out that many on the list were vulnerable to the same attack that struck Nasdaq. They were spared only because the hackers hadn’t bothered to try.

The Nasdaq systems that seem to have been exposed to the malware was something known as the Director’s Desk, where company board directors who list with Nasdaq can exchange confidential and potentially valuable financial information about their companies. So a lot of money on the stock market could be made if a cyber criminal or some sketchy organization was aiming to hack into the exchange. But that’s never offered definitively as the point of this hack.

Here’s how a Nasdaq spokesman responded to the Bloomberg Businessweek story to Quartz:

“The events of four years ago, while sensationalized by BusinessWeek, only confirm what we have said historically that none of Nasdaq’s trading platforms or engines were ever compromised and no evidence of exfiltration exists from Director’s Desk,”  he said.

In the end, talk about hacking of financial systems is becoming less and less surprising. The CBS news show “60 minutes” has spotlighted these sorts of cyber attacks over the past several years.

Most concerning—as the Bloomberg Businessweek article suggests—is that nations like the US may be ill-prepared to defend themselves from a really potent cyber invasion. House Intelligence Committee Chairman Mike Rogers, a Republican from Michigan, puts it best for Bloomberg Businessweek:

The problem is that whatever we do, the response to it won’t come back at the government, it’ll come back at the 85 percent of networks in America that are in the private sector. And they are already having a difficult time keeping up.