Information Security News
mailing list archives
How Russian Hackers Stole the Nasdaq
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 18 Jul 2014 08:54:24 +0000 (UTC)
By Michael Riley
July 17, 2014
In October 2010, a Federal Bureau of Investigation system monitoring U.S.
Internet traffic picked up an alert. The signal was coming from Nasdaq
(NDAQ). It looked like malware had snuck into the company’s central
servers. There were indications that the intruder was not a kid somewhere,
but the intelligence agency of another country. More troubling still: When
the U.S. experts got a better look at the malware, they realized it was
attack code, designed to cause damage.
As much as hacking has become a daily irritant, much more of it crosses
watch-center monitors out of sight from the public. The Chinese, the
French, the Israelis—and many less well known or understood players—all
hack in one way or another. They steal missile plans, chemical formulas,
power-plant pipeline schematics, and economic data. That’s espionage;
attack code is a military strike. There are only a few recorded
deployments, the most famous being the Stuxnet worm. Widely believed to be
a joint project of the U.S. and Israel, Stuxnet temporarily disabled
Iran’s uranium-processing facility at Natanz in 2010. It switched off
safety mechanisms, causing the centrifuges at the heart of a refinery to
spin out of control. Two years later, Iran destroyed two-thirds of Saudi
Aramco’s computer network with a relatively unsophisticated but
fast-spreading “wiper” virus. One veteran U.S. official says that when it
came to a digital weapon planted in a critical system inside the U.S.,
he’s seen it only once—in Nasdaq.
The October alert prompted the involvement of the National Security
Agency, and just into 2011, the NSA concluded there was a significant
danger. A crisis action team convened via secure videoconference in a
briefing room in an 11-story office building in the Washington suburbs.
Besides a fondue restaurant and a CrossFit gym, the building is home to
the National Cybersecurity and Communications Integration Center (NCCIC),
whose mission is to spot and coordinate the government’s response to
digital attacks on the U.S. They reviewed the FBI data and additional
information from the NSA, and quickly concluded they needed to escalate.
Thus began a frenzied five-month investigation that would test the
cyber-response capabilities of the U.S. and directly involve the
president. Intelligence and law enforcement agencies, under pressure to
decipher a complex hack, struggled to provide an even moderately clear
picture to policymakers. After months of work, there were still basic
disagreements in different parts of government over who was behind the
incident and why. “We’ve seen a nation-state gain access to at least one
of our stock exchanges, I’ll put it that way, and it’s not crystal clear
what their final objective is,” says House Intelligence Committee Chairman
Mike Rogers, a Republican from Michigan, who agreed to talk about the
incident only in general terms because the details remain classified. “The
bad news of that equation is, I’m not sure you will really know until that
final trigger is pulled. And you never want to get to that.”
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
- How Russian Hackers Stole the Nasdaq InfoSec News (Jul 18)