Como hackers russos colocaram uma bomba digital na NASDAQ?
21 de julho de 2014
How Russian Hackers Placed “Digital Bomb” Into the NASDAQ?
Till now, identities of the hackers have not been identified by the agencies who are investigating the whole incident from past four years. However, it has been identified that the intruder was not a student or a teen, but the intelligence agency of another country.
The Hackers successfully infiltrated the network of NASDAQ stock exchange with customize malware which had ability to extract data from the systems and carry out surveillance as well. However, a closer look at the malware indicated that it was designed to cause widespread disruption in the NASDAQ computer system.
MALWARE EXPLOITS TWO 0-DAY VULNERABILITIES
According to a magazine cover story, the malware that was actually used by the hackers to infect NASDAQ servers exploited two mystery zero-day vulnerabilities.
The attack on the NASDAQ stock exchange was reported by Bloomberg Businessweek in its investigative cover story, “The Nasdaq Hack”, which detailed the incidents took place at the NASDAQ leading up to the discovery of the inserted digital time bomb.
According to the magazine, it all started in October 2010, when the FBI was monitoring the Internet traffic in the United States and noticed a signal coming from NASDAQ, which indicated a malware infection. The most troubling part was that the malware was actually an attack code, which was created to cause significant damage, from another country’s foreign intelligence agency.
In February 2011, NASDAQ stock exchange confirmed the breach to its network and notified its customers.
The feds alerted and warned NASDAQ officials, who already knew about a compromise in their systems but had neglected to bother and inform anyone about it. The U.S. National Security Agency (NSA) was called in to help investigate the hack attacks against the company that runs the NASDAQ stock market.
After a five-month investigation by the FBI, NSA, CIA and US Treasury Department, it was uncovered that the malware used two unnamed Zero-day security flaws, for which there were no patches existed. Rather, it is unclear that the hackers targeted which software, and whether the hackers used these zero-day vulnerabilities to infect NASDAQ systems or to exfiltrate data.
In fact, one of the forensic investigators described the NASDAQ servers as “the dirty swamp,” because very few records were available that would have revealed daily activities on the servers and helped retrace the steps of the intruders.
“The agents found little evidence of a broader attack. What they did find were systematic security failures riddling some of the most important U.S. financial institutions. It turned out that many on the list were vulnerable to the same attack that struck Nasdaq.
They were spared only because the hackers hadn’t bothered to try.”
Further analysis of the attacking code indicated that the malware attacked the NASDAQ systems was similar in design to the malware written by the Russian Federal Security Service for the purpose of spying and, NSA agents says, had the ability to seriously disrupt the exchange’s activities.
But it is also possible that the malware which had been used belongs to another country, Bloomberg notes. China was a primary suspect, for both its intrinsic features and its ability to confuse an investigation.
Nasdaq spokesperson says that the malware did not reach the stock exchange, as originally stated in the cover story headline. “The events of four years ago, while sensationalized by Businessweek, only confirmed what we have said historically: that none of Nasdaq’s trading platforms or engines were ever compromised, and no evidence of exfiltration exists from directors’ desks,” said NASDAQ spokesman Ryan Wells.