Security Experts:

DOJ Asked NASDAQ to Delay Disclosure of Security Breach

Touting “the highest level of security available to protect confidential board communications,” the NASDAQ on Saturday acknowledged that its Directors Desk platform had been compromised and had been infected with an undisclosed “suspicious file.”

Directors Desk is a solution to help board members communicate and collaborate securely, which the company says is used by more than 10,000 directors around the globe. According the Web Site, “Directors Desk incorporates state-of-the-art technology, processes and protocols to ensure the highest level of security.” Apparently the “highest level of security” wasn’t enough in this case.

Interestingly, NASDAQ OMX said that after discovering the suspicious files and initiating an investigation, the U.S. Department of Justice requested that the NASDAQ hold back on disclosing the incident to customers until at least February 14th. However, after news broke about the potential compromise of NASDAQ systems on Saturday, the company issued a statement on the incident.

Seeing that this incident appears to be targeted to the Directors Desk service, it doesn’t appear to be an attack designed to target trading operations on the exchange. It will be interesting to see additional details as they are released, but seems like it could be an attempt for a group to gain access to confidential information with the intent to profit. If an attacker was able to successfully gain access to communications taking place on the Directors Desk platform, it would surely provide incredible inside information which could lead to serious profits. Access to the communications of 10,000 directors? That's some powerful information, and having access to it would make having a Bloomberg terminal, the golden tool for traders, seem trivial.

While many details have yet to be uncovered (or at least released), the company did issue a statement, and importantly noted that this incident is completely unrelated to the NASDAQ trading platforms which power the exchange and that trading operations would not be affected.

The NASDAQ issued the following state on Saturday.

Through our normal security monitoring systems we detected suspicious files on the U.S. servers unrelated to our trading systems and determined that our web facing application Directors Desk was potentially affected. We immediately conducted an investigation, which included outside forensic firms and U.S. federal law enforcement. The files were immediately removed and at this point there is no evidence that any Directors Desk customer information was accessed or acquired by hackers. Our trading platform architecture operates independently from our web-facing services like Directors Desk and at no point was any of NASDAQ OMX’s operated or serviced trading platforms compromised.

Subsequently, the U.S. Department of Justice requested that we refrain from providing notice to our customers until, at the earliest, February 14, 2011, in order to facilitate the continuing investigation. NASDAQ OMX was honoring the U.S. Government’s request to delay notification, but when a story ran in the media on Saturday, February, 5, 2011, regarding a hacking incident at NASDAQ OMX, we immediately decided, in consultation with the authorities, that we must inform our customers.

We continue to evaluate and enhance our advanced security controls to respond to the ever increasing global cyber threat and continue to devote extensive resources to further secure our systems. Cyber attacks against corporations and government occur constantly. NASDAQ OMX remains vigilant against such attacks. We have been working in cooperation with the Government’s ongoing investigations and have received their technical advice for which we are appreciative.

The NASDAQ plans to continue trading with business as usual on Monday.

SecurityWeek contributor Matt Hines published a column Saturday on how the art of subtle manipulation via cyber attacks could slowly turn electronic markets on their heads by corrupting their very legitimacy. Is this just the start?

Related Reading:

Attackers' Subtle Markets Manipulation Could Tilt Global Economies

Hedge Fund Manager Predicts Cyber Attack Will Shut Down NYSE in 2011

view counter
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.