Russian hackers placed digital "bomb" in Nasdaq computers

by
in security on (#3D6)
It's old news, but it's only being reported today: turns out, in 2010, Russian crackers exploited a zero-day vulnerability to install some malware on the Nasdaq stock exchange systems capable of derailing the stock exchange.
The October alert prompted the involvement of the National Security Agency, and just into 2011, the NSA concluded there was a significant danger. ... [The] National Cybersecurity and Communications Integration Center (NCCIC), whose mission is to spot and coordinate the government’s response to digital attacks on the U.S. ... reviewed the FBI data and additional information from the NSA, and quickly concluded they needed to escalate. Thus began a frenzied five-month investigation that would test the cyber-response capabilities of the U.S. and directly involve the president. Intelligence and law enforcement agencies, under pressure to decipher a complex hack, struggled to provide an even moderately clear picture to policymakers. After months of work, there were still basic disagreements in different parts of government over who was behind the incident and why.
Bloomberg Businessweek does an excellent job of telling the story of competing security agencies, their different mandates, and how they cooperated and sometimes competed to deal with the intrusion.
The agents found little evidence of a broader attack. What they did find were systematic security failures riddling some of the most important U.S. financial institutions. It turned out that many on the list were vulnerable to the same attack that struck Nasdaq. They were spared only because the hackers hadn’t bothered to try.

History

2014-07-21 15:21
Russian hackers placed digital "bomb" in Nasdaq computers
zafiro17@pipedot.org
It's old news, but it's only being reported today: turns out, in 2010, Russian crackers exploited a zero-day vulnerability to install some malware on the Nasdaq stock exchange systems capable of derailing the stock exchange.
The October alert prompted the involvement of the National Security Agency, and just into 2011, the NSA concluded there was a significant danger. ... [The] National Cybersecurity and Communications Integration Center (NCCIC), whose mission is to spot and coordinate the government’'s response to digital attacks on the U.S. ... reviewed the FBI data and additional information from the NSA, and quickly concluded they needed to escalate. Thus began a frenzied five-month investigation that would test the cyber-response capabilities of the U.S. and directly involve the president. Intelligence and law enforcement agencies, under pressure to decipher a complex hack, struggled to provide an even moderately clear picture to policymakers. After months of work, there were still basic disagreements in different parts of government over who was behind the incident and why.
Bloomberg Businessweek does an excellent job of telling the story of competing security agencies, their different mandates, and how they cooperated and sometimes competed to deal with the intrusion.
The agents found little evidence of a broader attack. What they did find were systematic security failures riddling some of the most important U.S. financial institutions. It turned out that many on the list were vulnerable to the same attack that struck Nasdaq. They were spared only because the hackers hadn’'t bothered to try.
Reply 0 comments