Exclusive: Nasdaq hackers spied on company boards

Thu Oct 20, 2011 7:31pm EDT
 
Email This Article |
Share This Article
  • Facebook
  • LinkedIn
  • Twitter
| Print This Article | Single Page
[-] Text [+]

By Jim Finkle

(Reuters) - Hackers who infiltrated the Nasdaq's computer systems last year installed malicious software that allowed them to spy on the directors of publicly held companies, according to two people familiar with an investigation into the matter.

The new details showed the cyber attack was more serious than previously thought, as Nasdaq OMX Group had said in February that there was no evidence the hackers accessed customer information.

It was not known what information the hackers might have stolen. The investigation into the attack, involving the FBI and National Security Agency, is ongoing.

"God knows exactly what they have done. The long term impact of such attack is still unknown," said Tom Kellermann, a well-known cyber security expert with years of experience protecting central banks and other high-profile financial institutions from attack.

The case is an example of a "blended attack," where elite hackers infiltrate one target to facilitate access to another. In March hackers stole digital security keys from EMC Corp's RSA Security division that they later used to breach the networks of defense contractor Lockheed Martin Corp.

Nasdaq had previously said that its trading platforms were not compromised by the hackers, but they attacked a Web-based software program called Directors Desk, used by corporate boards to share documents and communicate with executives, among other things.

By infecting Directors Desk, the hackers were able to access confidential documents and the communications of board directors, said Kellermann, chief technology officer at security technology firm AirPatrol Corp.

Investigators have learned that hackers were able to spy on "scores" of directors who logged onto directorsdesk.com before the malicious software was removed, said Kellermann and another person familiar with the investigation who was not authorized to discuss the matter publicly.   Continued...