Forgot your password?
typodupeerror
Security The Almighty Buck

Nasdaq Intrusion Spreads To Listed Companies 50

Posted by Soulskill
from the careful-they-might-tank-the-economy dept.
New submitter SpzToid writes "Nasdaq's Directors Desk is a program sold to both listed and private companies, whose board members use it to share documents and communicate with executives. Apparently Directors Desk was infected during a breach widely publicized earlier this year. It has now become known that hackers were able to access confidential documents and communications of the corporate directors and board members who received this infected application, said Tom Kellermann, chief technology officer with security technology firm AirPatrol Corp. It is unclear how long the Directors Desk application was infected before the exchange identified the breach, according to Kellermann and another source."
This discussion has been archived. No new comments can be posted.

Nasdaq Intrusion Spreads To Listed Companies

Comments Filter:
  • "Reports indicate that the modified version replaced the "Idiot Defense" button (which normally wipes all records of having read the various incriminating documents and was a key selling point of the software) with a button that would email the documents to all 50 states' attorneys general."

    Nah, it probably just copied everything and sent it all to China.

  • by inject_hotmail.com (843637) on Friday October 21, 2011 @06:14PM (#37799456)
    What could go wrong?
  • by msobkow (48369) on Friday October 21, 2011 @06:32PM (#37799616) Homepage Journal

    The idea of a secured system designed for the sole purpose of allowing executives and board members of the corporations to communicate in secret is profoundly disturbing on so many levels...

    • by tlhIngan (30335)

      The idea of a secured system designed for the sole purpose of allowing executives and board members of the corporations to communicate in secret is profoundly disturbing on so many levels...

      If it's a private company, not a big deal - that's why they're called private companies. What's worrying is that this is promoted by a stock exchange for the sole purpose of private communications and documents in public companies.

      That's the big problem. I don't care if Craigslist (private) uses it - they don't have the

      • What's worrying is that this is promoted by a stock exchange for the sole purpose of private communications and documents in public companies.

        Exactly right.

        Why the fuck is *NASDAQ* promoting this program? They're a stock exchange. Let them do that. Let someone else write and sell garbage like this.

        Security breaches like this taint NASDAQ's reputation. And for what? The amount of revenue this could have generated is peanuts compared to revenue from running the exchange itself.

        Oh, for the good old days, when "heads will roll for this" was meant literally, not figuratively. Just think of it as a little chlorine in the gene pool.

    • Re:Disturbing (Score:5, Insightful)

      by causality (777677) on Friday October 21, 2011 @07:04PM (#37799894)

      The idea of a secured system designed for the sole purpose of allowing executives and board members of the corporations to communicate in secret is profoundly disturbing on so many levels...

      Yes. I'll say up-front that I don't advocate such a criminal activity and anything I say next should be interpreted in that context. I'll add that my reason for this isn't because I'm so sympathetic to the execs who were made to look stupid by this breach, nor do I blindly believe that everything which is legal is good and everything which is illegal is bad, but because I imagine it would be serious prison time if anyone doing it got caught. I'm tempted to say that if caught, they should receive a medal, not prison time.

      Having said that ... I smiled and felt a certain satisfaction when I read this news. They may have made the legal system and the financial system into their personal playgrounds, and established a revolving door between the two, but this finally is one arena where they are going to get humbled again and again. The hackers who perpetrate such attacks are idealistic and can do a great deal with little or no organization, making them quite difficult to include in the corruption represented by their targets of choice.

      By contrast, we long ago gave up any serious notion of our politicians actually representing us and implementing some serious transparency and accountability in either system. I have said before and will reiterate again, you breed lawlessness when you systematically eliminate every legitimate "working through the system" method of effecting change or obtaining justice. Want to go through the court system? Well I hope you have lots of money and years of your life to invest in something you are likely to lose anyway. Want to run for office? I hope you don't cross the political and financial interests who can get you there, who are the gatekeepers much more than the voting booth has ever been. Most people are law-abiding and will stop there. Others, not so much.

      The power brokers who will be humiliated and maybe even harmed by this are simply reaping what they have sown. This is one realm where they are not so untouchable. In my opinion, it's healthy for society that they be reminded of that from time to time, and any decent person with principles wants that to happen in this sort of nonviolent manner. If you haven't noticed, people are getting fed up with the status quo and the direction in which it is moving. Something has to change; this is an amicable way for it to happen.

      • by Dripdry (1062282)

        Here here. (does that qualify this as a "me too" post?)

        Over the last few years I feel as if more and more "Violence is the answer" posts around the internet are popping up. Some may argue that freedom is only won with the blood of patriots, but I deeply hope that our republic is not so far gone that this is the only option left (and one that is, honestly, not likely to happen in any case). So, while I also do not condone illegal activity, I can say that I hope transparency and fairness can be reintroduced

        • by causality (777677)

          Here here. (does that qualify this as a "me too" post?)

          Over the last few years I feel as if more and more "Violence is the answer" posts around the internet are popping up. Some may argue that freedom is only won with the blood of patriots, but I deeply hope that our republic is not so far gone that this is the only option left (and one that is, honestly, not likely to happen in any case). So, while I also do not condone illegal activity, I can say that I hope transparency and fairness can be reintroduced peacefully, that the sordid and the powerful can be humbled by whatever means is best for the most people.

          Also, something about Tarkin, and a grasp, and slipping through fingers?

          The following should be construed as my opinion. In this psychotic legal environment, I will add that it is to be interpreted as a hypothetical scenario. With that out of the way...

          I'll be straight with you. For those who really run the show, I think violence is exactly what they are trying to provoke. They have been and are gearing up for it in many different ways. Power-hungry fevered egos would love nothing more than an excuse to clamp down and enforce perpetual martial law. I believe this is wh

          • by rrohbeck (944847)

            On the other hand, serious commentators have said the powers that be will only start to take notice when we have riots like in the UK. Just sayin'.

          • by fostware (551290)

            It ties in beautifully with the Fear, Uncertainty, Doubt currently in use by everyone in power at the moment, where opposing viewpoints are dismissed as violent, dangerous, extremist, damaging to your wallet / the economy and everything else depicted of non-conformists in books like "1984" and "Fahrenheit 451", etc.

            And just like "Fahrenheit 451", the masses are placated by faux interactivity and big screen TVs.

            Both books will be "strongly suggested" reading once my child is able to read and understand, but

          • by Renraku (518261)

            Ahh, but they have a card up their sleeve for just that situation. If you won't get violent, there are people that will. People that often work in law enforcement. People that won't be there when the riot police start issuing beat downs. Then they'll say on the news that the OW...err...insurgents..got violent and attempted to vandalize/loot/stampede/etc. It'll all be right there on tape.

            It'll be blasted across your TV screen and favorite news website. Look, see what those protesters did today! We had

        • by Alex Belits (437) *

          Here is something more disturbing and just as relevant, though violence has no part in it:

          Freedom is a stupid idea to begin with. All the time humans have to sacrifice something they want to achieve something more valuable and important. Sure, freedom is attractive -- as long as it is your freedom. But if some form of freedom is supposed to be available to either everyone or no one, it may be a perfectly valid reasoning that having it is not worth the trouble of other people having it, too. Most of "economi

          • Actually, the founding fathers were very concerned that Liberty might be conflated with Freedom, and today it seems they were right. Liberty, basically, is a sum of non-contradictory rights held in common. Freedom is just an exemption of control, and often can conflict with other freedoms. Mostly, the founding fathers were concerned that liberties should be clearly enshrined, and that freedoms were mostly up to localities to implement or disagree upon as they saw fit.

            The problem I see is that we have for

            • by Alex Belits (437) *

              Liberty, basically, is a sum of non-contradictory rights held in common. Freedom is just an exemption of control, and often can conflict with other freedoms.

              I am pretty sure, this is not a definition accepted anywhere. "Non-contradictory rights held in common" are never sufficient to form a basis of a society -- conflict is unavoidable and any resolution that requires a participation of any third party necessarily involves oppression. Claiming that some form of oppression is "natural" and therefore is not oppression at all, are based on nothing but subjective preferences of a person making such claim, and are often rejected after society's preferences.

              Same foun

          • by tombeard (126886)

            You are confusing positive rights and negative rights.
            http://en.wikipedia.org/wiki/Negative_and_positive_rights [wikipedia.org]

        • by Dripdry (1062282)

          Replying to my own post here, if anyone is still reading this overall discussion.

          Litigious world: I do not condone illegal activity.

          I think causality might have the way of it: The way to cut them off is to stop feeding the beast. What if monetary protests began, like very large numbers of people not paying taxes, not shopping for goods and services, and generally peaceful civil disobedience occurred?
          Also, the idea that those higher up WANT us to commit violence to seal a litigious fate worse than death does

      • by msobkow (48369)

        What a shame I can't mod you up after commenting myself. Well said.

    • Re:Disturbing (Score:4, Insightful)

      by Shoten (260439) on Friday October 21, 2011 @07:08PM (#37799934)

      The idea of a secured system designed for the sole purpose of allowing executives and board members of the corporations to communicate in secret is profoundly disturbing on so many levels...

      Actually, it makes an enormous amount of sense. Keep in mind that things like IPOs, discussion around delisting, and other decisions that involve both a stock exchange and a public-traded company don't just happen. There's a good bit of communication that has to happen first, and even a rumor about some events can have impact on that company's stock price. So just as it is with company-internal information about financials during a quiet period just before an official announcement, it makes sense for there to be a channel of communications whereby things can be kept quiet until they are deliberately (rather than accidentally) disclosed.

      • Re:Disturbing (Score:4, Interesting)

        by HornWumpus (783565) on Friday October 21, 2011 @07:29PM (#37800072)

        "People of the same trade seldom meet together, even for merriment and diversion, but the conversation ends in a conspiracy against the public, or in some contrivance to raise prices."

        Adam Smith (the commie bastard).

      • by causality (777677)

        The idea of a secured system designed for the sole purpose of allowing executives and board members of the corporations to communicate in secret is profoundly disturbing on so many levels...

        Actually, it makes an enormous amount of sense. Keep in mind that things like IPOs, discussion around delisting, and other decisions that involve both a stock exchange and a public-traded company don't just happen. There's a good bit of communication that has to happen first, and even a rumor about some events can have impact on that company's stock price. So just as it is with company-internal information about financials during a quiet period just before an official announcement, it makes sense for there to be a channel of communications whereby things can be kept quiet until they are deliberately (rather than accidentally) disclosed.

        I believe what you have there is a self-fulfilling prophecy or maybe a Catch-22.

        If these things were always done publically and transparently with no secrecy, rumors wouldn't cause people to bolt like frightened animals. Any rumor that is heard could be compared to the information that has accumulated thus far and a judgment could be made as to whether it is consistent with decisions that have already taken place. In fact it wouldn't be a rumor; it would be verified and documented or it would be bullsh

      • by rrohbeck (944847)

        It has been shown that the "invisible hand" of the market works if all participants have same knowledge.
        So if you want real market capitalism there can be no secrets. Even any delay distorts the optimum.
        Hence scammers. Err, speculators. Err, traders.

      • by tombeard (126886)

        So you say there must be a legal hidden channel so collusion can take place?

  • Simply analyzing the probabilities involved in computer intrusion should be enough to convince anyone that can understand high-school mathematics that we NEED to unplug critical infrastructure from global networks. Unfortunately the powers that be seem woefully ignorant of how technology works. The anti-piracy campaigns that involve breaking DNS highlight this ignorance.
    • by Dunbal (464142) *
      So write a book about it, become a consultant, and charge them money for telling them how to avoid trouble.
      • by gweihir (88907)

        So write a book about it, become a consultant, and charge them money for telling them how to avoid trouble.

        That will not help. The problem is the decision makers do not have the incentives to make the right decisions and a lot of incentives to make the wrong ones. Incidentally, there are quite a few good books on the topic by now.

    • by geekoid (135745)

      yeah. most critical infrastructure is off line.

    • by gweihir (88907)

      While it would be nice to do so, it will hardly be possible. Instead it is high time to send those making bad IT security decisions to prison for it. While this will also hit a few engineers, most will be managers going cheap, ignoring warnings and generally being incompetent.

      • While it would be nice to do so, it will hardly be possible. Instead it is high time to send those making bad IT security decisions to prison for it. While this will also hit a few engineers, most will be managers going cheap, ignoring warnings and generally being incompetent.

        I don't see this being hardly possible at all, thirty years ago we got along fine without having our critical infrastructure's information systems not plugged into a global network. I'm speaking more of nuclear reactors, hydroelectric dams, shipping locks, railway switches etc.

        On the subject of stock exchanges, I seriously doubt much good has come from plugging stock exchanges into the global information network. Even as recently as fifteen years ago people were physically trading stocks on the floor of

      • by Dripdry (1062282)

        Unfortunately, with such a twisted legal system, that could be tough.

        Someone here on slashdot gave an account of an executive hiring his wife as an IT project engineer. She had no experience, and proceeded to run the entire project into the ground. However, since she had an executive title, she went on to other companies and made a lot of money, while her assistant (who had to do 2 jobs, manage and fix/develop this project), who was quite experienced and competent, had his career ruined.

        I mention this becau

  • Not even conclusive independent traffic recording seems to have been in place. These idiots must have believed it could not happen to them. Time to make this criminally negligent and send those responsible away for a few years. And yes, I most likely mean management making bad decisions.

  • by ctnp (668659)

    #winning

    I posted this earlier on my mobile as an AC and it was deleted, presumably by some mod.

    • by ctnp (668659)

      Oops, shows up in the comments list now. Odd caching. Please disregard, nothing to see here, move along.

  • Whoever broke into this had no idea how lame most directors meetings are. This is a simple but overpriced collaboration and calendar app for 70 year olds, with a 24 hour help desk. Nice, uncluttered GUI.

    The main corporate secrets that filter up to board members involve mergers, acquisitions, and firing the CEO. Knowing about M&A activity early has trading value; not much else does. M&A activity is so slow right now that it's barely worth following.

    Incidentally, this is "cloud-based". NASDAQ run

  • That might be interesting.

We are Microsoft. Unix is irrelevant. Openness is futile. Prepare to be assimilated.

Working...