E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Source: Wall Street & Technology

Posted on February 14, 2011

Raising new concerns over security at exchanges, Nasdaq OMX says hackers have infiltrated its computer systems, gaining access to highly confidential data on publicly listed companies.

The operator of the Nasdaq Stock Exchange said it found "suspicious files" on its computer servers, in a Web application called Directors Desk which is used by members of corporations' boards of directors who want to share information and files.

Nasdaq said there was no evidence that its trading platforms had been compromised.

According to the Wall Street Journal, the FBI and outside forensic companies are conducting an investigation with the help of securities regulators.

The infiltration will deal a new blow to investor confidence, already shaken by the May 6 Flash Crash. While the area hacked into isn't a 'core business', the incident should raise concern at other exchanges and financial firms, says Sang Lee, managing partner at Aite Group.

"Especially as an exchange, Nasdaq is taking it seriously and addressing the issue. I don't think there is a short term implication, but it does raise overall market awareness of security problems," Lee adds, noting that the hacking should lead all exchanges to reassess their security policy.

None of the hacked files have been leaked - so far. While it is difficult to say what the hackers' real intentions were, some industry insiders say the real targets of hackers could be the top executives of corporations using the "Directors Desk" product rather than Nasdaq itself.

"What seems most likely is that the web servers were compromised in an attempt to use them to inject malicious software into their clients," commented one reader of the nakedsecurity.sophos.com blog.

This would be similar to the "Operation Aurora" attacks reported by Google in January 2010, which reportedly compromised almost 3000 corporations, the security blog noted.

Still, one of the major fallouts from this incident is likely to be that exchanges and financial firms will reassess next-generation business models such as open source and cloud computing, suggests Aite's Lee.

The Nasdaq incidence comes as officials at the London Stock Exchange and UK security services are investigating a possible breach of its open-sourced trading platform, according to a report published last month in the Times of London.

Officials believe that the LSE hack attack occurred last year and may have been responsible for a UK Flash Crash late last summer.

"[The use of cloud computing and open source] have been relegated by firms to areas that are not core businesses. But after this incident, all the main businesses may look at whether or not that type of open source environment has made it easier for people to hack into. It may not be the case. As far as I understand it, if hackers put in the hours, they can hack into [any] system. But has open source made it easier? Firms will be looking into that."

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.