Nasdaq Breach Allowed Hackers to Spy on Confidential Company Board Info

Reuters is reporting that the breach of Nasdaq's Web-based service, called Directors Desk, discovered in October of 2010 and not disclosed until February of this year, was much worse than first thought.

Directors Desk, says an article from the Wall Street Journal from February, "...lets leaders of companies, including board members, securely share confidential documents." At the time, sources close to Nasdaq said that "... as far as they can tell no information from Directors Desk, which is operated separately from Nasdaq's trading platform, was taken or compromised."

However, the Reuters story now says that its sources report that the hackers were able to install malware that allowed them to spy on what was happening at the Directors Desk. What was taken - and what was done with the information - is unknown, as is how long the malware was resident before it was discovered last October.

Both the US National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) are investigating the incident.

Nasdaq says that it spends "nearly a billion dollars a year on information security" but even this amount apparently was not enough.

Nasdaq is not commenting on the story by Reuters other than to confirm that the investigation is continuing. I suspect a number of corporate directors are calling Nasdaq today asking them for a fuller explanation of what happened.

Related Stories

Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Contributors

 
Contributor
Willie D. Jones
 

Newsletter Sign Up

Sign up for the ComputerWise newsletter and get biweekly news and analysis on software, systems, and IT delivered directly to your inbox.

Advertisement
Advertisement