Hackers Penetrate Nasdaq Computer Networks

PatPending tips a Wall Street Journal report claiming that hackers have repeatedly broken into the computer networks of the company running the Nasdaq Stock Exchange. "The exchange's trading platform—the part of the system that executes trades—wasn't compromised, these people said. However, it couldn't be determined which other parts of Nasdaq's computer network were accessed. Investigators are considering a range of possible motives, including unlawful financial gain, theft of trade secrets and a national-security threat designed to damage the exchange. The Nasdaq situation has set off alarms within the government because of the exchange's critical role, which officials put right up with power companies and air-traffic-control operations, all part of the nation's basic infrastructure."

Given how far the stock market is from reality

[sethstorm]

I'm not sure people would notice, even if it was worse.

Re:

[Lazareth]

Well, the difference would be that instead of people playing honest poker, somebody would be stacking the deck. Oh, wait...

Re:

[sethstorm]

The deck would just be stacked one more time.

False flag?

[commodore64_love]

Given the government's insistence they need to have power to kill-switch the internet, I can't help wondering if this was staged.

Re:

[Tapewolf]

Kill-switch for NASDAQ...?

Re:

[Tubal-Cain]

Your ideas are intriguing to me and I wish to subscribe to your newsletter.

Re:False flag?

[Anonymous Coward]

Given the government's insistence they need to have power to kill-switch the internet, I can't help wondering if this was staged.

From that comment I can tell you're actually familiar with how politics works.

Unfortunately that goes so strongly against the combination of what most people are taught growing up plus what they would naively like to believe that you're likely to encounter a lot of irrational resistance. It's the kind of "yeah yeah how's that tin-foil hat fitting you" dismissal from people who refuse to seriously research the idea and look for past instances of it, yet feel that their highly emotional stance is a valid one. Perhaps they could start to enlighten themselves by researching Operation Northwoods to see what kind of false-flag operations our government is seriously prepared to use. Government is full of primitive asshats who subscribe to consequentialism; that is, the notion that the ends justify the means.

Most ideas in politics like an "Internet kill-switch" are presented as proposals. They're more than that. They're more like "this is what we fully intend to do anyway" or they're more like "this is what we have been doing anyway and are now trying to legitimize by signing into law" (remember the retroactive immunity for warrantless wiretapping?). The proposal stage leads to a stage of framed debate, during which time the emphasis is placed not on the importance of civil rights and limited government, but instead on terrorists, hackers, or some other outside threat serving as a boogeyman.

It's good old "correlation does not equal causality" again, and I'll explain the cart-before-horse nature of it. This is all designed to look like these actions are the effect of reasonable debate and popular support. In reality the appearance of debate and the drumming up of support is the effect of these actions. The ones who push for these increasingly fascist measures understand one thing very well: they only need a moment of support and it will be permanently enshrined in law, never to be repealed, no matter how many later regret getting suckered by the fear-based rhetoric. Understand this and you'll rarely (if ever) be surprised by anything you see on the news.

As to whether this particular event was staged, I don't have proof one way or the other. It does remind me of a quote from Franklin D. Roosevelt: "In politics, nothing happens by accident. If it happened, you can bet it was planned that way."

Re:

[bigpet]

I don't think anybody is going to call him tin-foil hat crazy because he essentially said:
"The timing seems suspiciously convenient, we should consider the possibility that this was staged."

you call 'em tin-foil hat crazy when they say:
"The timing is suspicious, it was an inside job"

Regarding the things the US government has done to get legitimization for what they want (immediate reason for the start of the Vietnam war) this would be a perfectly reasonable thing to do for them if it was really high priori

Re:

[eiiiI'monslashdot]

lool you are crazy!

Re:

[sumdumass]

I can't for the life of me understand why you got modded troll.. I didn't RTFA but I'm going on a wild guess and assuming that the hackers didn't walk into the NASDAQ HQ, sit at a terminal and guess a password while everyone walked by no noticing them.

But just in case someone out there failed to put knowledge from one area together with a comment in another, the situation is like this, the US government wants a kill switch for the internet. They claim it's to stop attacks. Recently, we saw Egypt shutting do

Re:

[Fnkmaster]

It's funny you say this, but I have set up servers in the data center that houses the primary NASDAQ exchange servers in Carteret, New Jersey (there's also a backup facility elsewhere in New Jersey).

They don't publicize this data center's location, but it's not exactly top secret within the finance industry because lots of firms need fast, direct access to route orders and get market data. Heck, Google will tell you exactly where it is if you ask the right questions.

The building is a Verizon data center, a

Re:

[bonch]

Hey, I'm sure the government can be trusted. I sure can't wait for "net neutrality" and having the FCC--the same organization that flipped out over Janet Jackson's nipple and drove broadcasters like Howard Stern off the air--regulating internet traffic and telling sysadmins at ISPs how to manage the traffic on their private networks. Sure sounds neutral to me.

Re:

[clydemaxwell]

the crux of that issue is that we don't want ISPs to be treated as 'private networks'. We want them treated somewhat akin to common carriers, with regulation. It is important to note that the constitution guarantees rights for citizens, not corporations. I don't want any corporations to have rights.

Re:

[AmberBlackCat]

And they'll just ignore how the "kill-switch" wouldn't help at all since, by the time they realize there's a breach, information could already be leaked. In fact, the only use I could imagine for this kill-switch is to stop a DDOS, but then what sane person trades one site being killed for the entire Internet being killed?

Wall Street Bonuses

[Anonymous Coward]

Wall Street Bonuses last year was $20.3 billion.
I think it's obvious who is hacking the system.

Glad I'm short right now

[DCFusor]

Because this will send a wave of uncertainty through the markets and make me money!
.

That's really scary -- I trade for my living these days (my own money only) and of course, use computers to do it -- theirs and mine.
.

We could hope that all it is is some evilt HFT firm trying to figure out how to quote-stuff better and make a little more money on the spreads quicker, but somehow, having that be the best possible likely outcome is scary itself.
.

This house of cards of money that is really only bit

Fat cats and risk

[currently_awake]

I think a fundamental fact of the rich: they never gamble with -their- money, just yours.

Re:

[nedlohs]

So how are those shorts doing?

Are you seriously short at the same time the Fed is promising to use the printing press to keep stock prices up?

Trouble in the national casino!

[wordsnyc]

Considering that 80% of activity in the market is program trading and that 70% of shares are held for 11 seconds or less, I think we have bigger problems. This whole shebang is not, strictly speaking, capitalism. It's parasitic roulette played with imaginary money. Of course, at the end of the week the players get to take home real money.

Re:

[Palpatine_li]

yeah, because ARM is selling nothing and Google is giving away its product for free, and for some reason not so obvious to your level of IQ they are bringing home boatloads of money. They are apparently using magic to make money, which should be banned.

Re:

[peragrin]

your post has nothing to do with the GP's.

He was saying how the majority of trades aren't interested in the companies but whether or not the stock will go up or down 30 seconds from now and how much can i make from that movement.

less 15% of investors invest for long term companies, and even less hold on to said stock for longer than a month. Most investments are only 30 second actions of buy let it go up 1 cent and sell it again. actual company performance in that face is entirely unrealistic and unnecess

Re:Trouble in the national casino!

[Anne Thwacks]

Make that 7 days, to allow people time to read the weekend coverage of the companies' market trading conditions. (And to ensure the risk of coming unstuck if you are relying on microsecond movements).

No wealth is created by this kind of activity. The money that goes to the winners comes from your bank charges and insurance premiums.

Re:

[Palpatine_li]

And you are aware that finding the price of stock does cost money and a high temporal resolution and precision of the price is useful and may worth the additional cost?

Re:

[HiThere]

24 hours isn't long enough. It should be at least a week, with preprogrammed buy and sell orders within that week allowed.

Alternatively, have there be a tax on stock transactions that decreases if you hold the stock for a long period of time. Say 100% if you hold it for 1 minute and 0% if you hold it for 5 years. Other values determined by linear interpolation. (Yes, you pay more than 100% of the stock value if you hold it for less than a minute, and you are paid if you hold it for more than 5 years. B

Re:

[WatchMaster]

when a company does an IPO, or offers more shares, they get the cash. after that the stock value is not closely related to any amount of money the company makes; the trades have no direct impact on the company. the buying and selling of shares on the market does not gain the company any cash. the value of the stocks are set by the willingness of the traders to buy and sell the shares.

while the desire to buy shares may be related to the anticipated corporate performance, there is no actual tie of share va

Re:

[maxume]

There are plenty of stocks paying a 3% or greater dividend. The 3% is a direct relationship between the actual performance of the company and the stock price.

Re:

[aliquis]

while the desire to buy shares may be related to the anticipated corporate performance, there is no actual tie of share value to company performance.

For the minute? Most often not. For the day? Unless there is any reports or analysis, probably neither. For the week/month in a large company? Probably. Over multiple years? Definitely.

The bigger the company, the more trades, the more news and analysis, the more likely the price is somewhat right.

Re:

[aliquis]

If nothing else I guess you could liquidate the company? It's probably not the case that Microsoft is worth $ 0 :)

Re:

[twebb72]

Agreed. Parent should complain how he's broke somewhere else.

You can learn how to play ball or you can watch from the sideline.

Re:

[davester666]

The players being the large stock trading firms, of course.

Re:

[micheas]

Yes, I think the stock exchange -is- just a gambling casino. Or horse racing if you prefer. And in both the house tilts the rules to ensure their profits.

The difference between the stock market and a poker game is that in a poker game you are paying the ante, and the house keeps a share of the pot. In the stock market the value created by the workers of the company whose stock is being traded is added to the pot.

Lotto - bad, Stock - market good, poker with friends - just killing time.

Re:

[socsoc]

[citation needed]

Re:

[Doctor O]

This is most interesting, can you tell me the source to those numbers? I want to use them next time somebody is trying to talk me into buying any stock-based financial product. Or wants to tell me why the stock markets should NOT be made illegal.

Re:

[hedwards]

It depends how exactly the exchange is compromised. A group of anarchists getting in and screwing up the ownership records for the current day could do a lot of damage to the system. Basically they'd have to roll back to the close the previous day, as I'd be surprised if there were constant backups being made.

Re:

[fuzzyfuzzyfungus]

Do we even have anarchists anymore? Pre WWI, the term was applied to assorted groups who spent their time plotting revolution and occasionally assassinating some politician or other. They were the "terrorists" of their day, so fear of them was pretty hysterically overwrought; but they did actually manage to throw a bomb now and again(the chap who assassinated Archduke Ferdinand and, not exactly intentionally, ended up poking the house of cards that was Europe's grip on peace before WWI was by far the most d

Re:

[hedwards]

There are, it's just that most of them are posers, or at least that's been the case since at least the 70s or so. They definitely are still around, it's just that they're not particularly active. I know that a contingent from Oregon was the primary party responsible for all the havoc that resulted when the WTO met in Seattle some years back.

Also a fair number of the people that refer to themselves as anarchists are either hipsters or punks.

Re:

[hedwards]

They likely would tell us. The exchanges have been known to be compromised for years, in fact going back to the 30s, at no point has the system not been compromised. What they're whining about is that it's somebody other than Wall Street insiders that are likely to benefit.

Research frustration

[DoofusOfDeath]

Any yet it's almost impossible to get research funding for developing proof systems for computer programs, and/or developing proof-friendly (e.g., non-Turing-complete) languages, which could eliminate whole categories of vulnerabilities and bugs. Epic.

Re:

[Anonymous Coward]

Let me guess. You have no idea what you are talking about.

In terms of anything that would be amenable to your research, nasdaq is the best of the best. Their matching engine does not have bugs of consequence more than once a year, and the "consequence" is always small, noticed immediately and has no finanical impact. No, I don't work for nasdaq.

Let's get back to reality. They like all financial firms have to interface with 1000 different partners, each with their own protocols.

Re:

[JamesP]

Erm... no

Or, in the words of Donald Knuth "Beware of bugs in the above code; I have only proved it correct, not tried it."

Most bugs have nothing to do with 'proof'

Try proofing a code against an API, against random input, agains other (buggy) modules, etc, etc That's the problem

Probably used the passwords

[gil.i.hauer]

... that we're hacked from PlentyOfFish a little while ago!

National Security Threat OMG

[Nimey]

Time to break out the illegal wiretaps and ignore the 4th amendment some more.

Motives?

[Sporkinum]

Motives included unlawful financial gain? That's amusing!

Re:

[HiThere]

I think he's suggesting that insider trading is running unchecked. Not an unreasonable stance. The noise they made about Martha Stewart suggests to me that they wanted a smoke screen.

I don't doubt that she was guilty, but the amount that she was guilty of was truly trivial. I'm not sure it was out of the petty theft level. (Well, it's an old memory, and not that precise.)

Fire sale

[shoehornjob]

Everything must go. NASDAQ was just the first step. Better go check the basement of the social security building in MD. I'll bet you'll find the hackers there. Oh um bring some firepower with you. Seriously though, that must have been one talented hack.

Re:

[93 Escort Wagon]

Everything must go. NASDAQ was just the first step. Better go check the basement of the social security building in MD. I'll bet you'll find the hackers there. Oh um bring some firepower with you.

I'm sure the powers-that-be can at least find a balding, middle-aged New York cop with a drinking problem to go in.

Although finding one with a hot daughter might take a bit more work...

Privatization FTL

[MacGyver2210]

the computer network of the company that runs the Nasdaq Stock Market

Well there's your first problem. What the hell is a private corporation doing controlling an entire nation's stock market? If it's something so huge and influential and important to the country it can be the target of attack to disrupt our economy, it should damn well be under Military-grade security and government control.

Re:

[Jon Stone]

it should damn well be under Military-grade security and government control.

Is this the "military-grade security and government control" that prevents classified material being leaked to Wikileaks so effectively?

Re:

[Anonymous Coward]

> Well there's your first problem. What the hell is a private corporation doing controlling an entire nation's stock market? If it's something so huge and influential and important to the country it can be the target of attack to disrupt our economy, it should damn well be under Military-grade security and government control

Nasdaq doesn't control the entire nation's stock market. The SEC has taken aggressive steps over the least decade - with LARGE success, according to its stated intent - to create an

Re:

[FooAtWFU]

Okay, I'll bite at your "only buy or sell stocks four times a year". That wouldn't shoot capitalism dead, but it would be a hindrance. The market helps perform price discovery: no one really knows how much a company is worth (since it's all about future earnings), but if you have information about it that the rest of the market doesn't, you have a financial incentive to exploit it and your exploitation will help bring the price closer to what it should be. This affects how much people are willing to invest

Re:

[DarkOx]

Because its just a market place were private entities exchange private property with each other. Why should the government be involved at all?

Are you suggesting that everything that is huge, influential, or could impact our economy be nationalized? How about UPS and Fedex, CSX, they are the biggest distribution companies around if they were attacked it could disrupt our economy, should they be nationalize, should every one of their planes have a fighter escort, and ever rail car a platoon to guard it?

Serio

Genetic

[Kingrames]

You know, it won't be long before the algorithms used for trading become pseudo-genetic, and start to do this kind of stuff themselves.

The trading that goes on is influenced as much by meta-information as it is solid information.
For all we know that could be part of the system by now already.

I wouldn't be surprised - in fact I'd EXPECT that words like "google" "fox" and "recession" are either hard-coded into algorithms or the hardest-hitting highest profile terms used to weigh the value of stocks.

There's no way you can design a secure system. Attacks like this should be considered a constant, and you need to find a smarter way to discourage them.

I say that the best way is to design a system with low-hanging fruit to serve as detection of an attack, which will shut down access to the higher level stuff when it detects intrusion - or far better, replace real information with fake information. Make the attackers think they've succeeded, feed them false positives and misinformation, and then relax knowing your information is secure. In this way you're not so much building a wall that can't be broken down, you're attacking a soft target. No idea how effective it'd be in practice though.

Don't pay any attention to this though, I'm just rambling.

Re:

[plopez]

"There's no way you can design a secure system."

Don't worry, it's probably written in COBOL. There are only three people left who understand it, and two are in a nursing home now. :)

Re:

[zoomshorts]

I am not !!!!! I may be in a week or two.

OOCOBOL

[plopez]

even better..... :)

http://home.swbell.net/mck9/cobol/ooc/ooc.html [swbell.net]

Re:

[zippthorne]

The best "fake information" would have to be virtually indistinguishable from the real information. So how would YOU tell it apart. (or more generally, how would your successors be able to tell after you retire to your "fake" mansion on a "fake" island in tahiti?

That would suck

[Daetrin]

For all that the day to day transaction on the stock market have very little relation to what's happening in the real world, when the stock market crashes it does have an effect on the real economy.

So i guess it's a really good thing that we don't have to worry about a cyberwar [slashdot.org] or we might be it real trouble! After all, the countries that don't like America would never want to hurt us economically unless they were also willing to invade!

Re:

[Anne Thwacks]

if evidence were to point otherwise there would be no end to the repercussions.

All the evidence points the other way. The only need for fast trading is to allow scum to bleed the honest working man dry. (Which is important to sustaing the American way of life, in which scum to bleed the honest working man dry.)

Oblig

[plopez]

Was it Goldman-Sachs?

and who was a chairman of NASDAQ?

[bball99]

hmm... is there computer access in the prison library?

Scary...

[fuzzyfuzzyfungus]

I do actually find this story rather scary; but not because of the "zOMG hackerz@!" angle. Of course there are going to be hackers sniffing around stock exchanges. Given that online attacks aimed at penny-ante shit like hotmail accounts, facebook, and WoW are economically viable, obviously there is going to be some interest in hitting the places where the actual money lives...

The scary bit is the idea that it is a generally accepted truth among the feds and similar that the ability of noise-traders to slosh imaginary money around like shit through a goose is a critical part of American infrastructure and a national security concern. As important as Power companies? Srsly? Are we really so deep in stacks of heavily leveraged electronic monopoly money that continued access to electronic exchanges is as important as continued access to electricy? If so, we really are fucked.

Re:

[fuzzyfuzzyfungus]

I am familiar with the utility of financial instruments, limited liability corporations, and the like; and I don't deny them; but I find it disconcerting to see that high speed access to those things is being ranked with access to electricity in importance. Obviously the delta between modernity and some pre-capitalist subsistence feudalism is massive. I'm just much more skeptical of the delta between a '50's style comparatively slow trading with brokers and telephones and such and today's highly automated p

Re:

[twebb72]

Are we really so deep in stacks of heavily leveraged electronic monopoly money that continued access to electronic exchanges is as important as continued access to electricy?

Yes. It is as or more important. But you found the right website to gripe on.

Malicious intent or testing the systemz..

[jackdub]

This is one of the many areas that Schneier and Clarke talk about being 'offlimits' when nation/actors conduct 'cyberwar'. Of course, who plays by the books? Not the bad guys... or us for that matter!

Re:

[zippthorne]

Well, if there have to be bad guys, why not us?

causation

[icepick72]

Oddly, most of those subpoenaed have long since gone blind.

Re:

[icepick72]

Yep, you guessed it, wrong thread! Time to downvote...

Air gapping the computers

[currently_awake]

The prevailing wisdom with vital computer infrastructure is to have it on a private network with no internet interconnect, but how do you do that with a system designed to handle public input? I think the next step is a stripped down OS running software written just for that task, with no extra functionality. The simpler the system the fewer parts you have to security audit. Of course that still leaves the problem of are the people running the system trustworthy (It's a black box, with no public scrutiny

Government Run a muck

[DarkOx]

First of this is a private company. Sure they are probably one of the most regulated organizations in existence but they are still private. Other that SEC compliance issues that might be a result of this hack Government has no damned business being involved or even commenting.

Second comparing it to air traffic control is just stupid. The market has circuit breakers, it takes holidays, and there is a history of closures and outages. When was the last time anyone turned off air traffic control? That's right NEVER, on the other hand the nation seems to hmm along just fine Saturdays, Sundays, all the hours outside of 9:30a - 4p the rest of the week, without the NASDAQ being open.

I am not saying unexpected market closures are not majorly disruptive but nobody dies so they really are not up their with some of those other services.

CxO porn habits strike again

[alexmin]

Per WSJ story (http://online.wsj.com/article/SB10001424052748704858404576127854072207040.html , use google hole to view) intruders "...installed malicious programs on a Web-accessible system called Director's Desk, one of its technology offerings that facilitates communication and sharing of files among corporate officers."

I wonder how many key-loggers etc are cleaned up from executive workstations an laptops every day in US but never reported.

Ocean's Eleven

[rainer_d]

The crooks just realized that the largest casino is located on the East Coast. And instead of having to deal with the mob afterwards, they just have angry pensioners and some low-life pension-funds who are basically tooth-less when they can't bribe or strong-arm somebody into what they want him to do.

Wow...pretty major, no?

[hesaigo999ca]

I am not sure, but was not the economic crisis because of all the stocks having been invested and everything teetering on the edge of disaster, is this not another crisis waiting to happen?
What can be done against this, I do not think separating all computers to be independent (like in BSG) is an option here.