Lax Security to Blame for NASDAQ Hack

The cyber attack on the NASDAQ OMX Group late last year was the result of shoddy security, according to a new report via Reuters. 

The cyber attack on the NASDAQ OMX Group late last year was the result of shoddy security, according to a new report via Reuters. 

Computers running NASDAQ’s Director’s Desk, the software that was breached, had faulty firewalls, missing security patches and were running outdated software, like Microsoft’s Windows 2003 Server, said the reportNo names are mentioned in the report, but sources quoted in the report allegedly knew the workings of NASDAQ’s security infrastructure or were briefed on the Federal Bureau of Investigation’s ongoing probe.

“This was easy pickings,” said one person quoted in the story. “You would have thought they would be like a cyber Fort Knox, but that wasn’t the case at all.”

Director’s Desk, the web-based software used by 5,000 some odd NASDAQ’s directors to share, communicate and collaborate on projects was compromised in October of 2010. The hack was finally disclosed in February of this year, nearly five months after the breach.

While the stock exchange claimed that no information was leaked, the National Security Agency and the F.B.I. were both brought in to further investigate the attack in March.

As Threatpost reported last month, when the hackers initially compromised Director’s Desk, they also installed software that allowed them to spy on directors, suggesting the hackers indeed had access to confidential documents and were able to monitor the communications of board directors.

For the full report, head over to Reuters.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.