The NASDAQ Hack and Coming Global Cyberwar

It was October 2010 when the FBI started an investigation on alleged malware-based cyber attacks against on NASDAQ, probably related to the operation of a state-sponsored group of hackers.

After more than 12 months in which the FBI has worked with NSA, the US intelligence concluded that a major attack against the NASDAQ caused a significant danger.

Nasdaq central servers were hit by a malicious code designed to sabotage trading activities.

Cyber attacks on trading platforms are not a novelty, in April 2013 the security firm Group-IB has detected a new variant of malware that targets the popular Russian stock-trading platform QUIK (Quik Broker, Quik Dealer) provided by Russian software developers ARQA Technologies. The malware was  used during several attacks starting November 2012 with the purpose to gather detailed information on the respective owners of the accounts.

But be aware, this time experts don’t speak of cyber espionage, they believe that the attackers operated with the specific intent to destroy the activities at NASDAQ.

In the past, we saw only a few cyber attacks which caused serious consequences on the targeted systems, like Stuxnet case and the attack which destroyed the computers at Saudi Aramco.

“One veteran U.S. official says that when it came to a digital weapon planted in a critical system inside the U.S., he’s seen it only once—in Nasdaq.” reports Bloomberg Businessweek.

Intelligence and law enforcement agencies were involved in five-month investigation, strongly committed by the Presindent, which aimed to discover cyber-response capabilities of the US critical infrastructure.

“We’ve seen a nation-state gain access to at least one of our stock exchanges, I’ll put it that way, and it’s not crystal clear what their final objective is,” “The bad news of that equation is, I’m not sure you will really know until that final trigger is pulled. And you never want to get to that.” commented Republican House Intelligence Committee Chairman Mike Rogers that anyway, hasn’t provided the details of the investigation that remain classified. 

Fortunately the response team successfully identified the cyber attack and has mitigated it, but the incident is the demonstration of the vulnerability of US critical infrastructure. To understand the cyber capabilities of the attacking country, the Government has called at the NCCIC experts from the Defense, Treasury, Homeland Security departments, NSA and FBI.

“The agents found little evidence of a broader attack. What they did find were systematic security failures riddling some of the most important U.S. financial institutions. It turned out that many on the list were vulnerable to the same attack that struck NASDAQ. They were spared only because the hackers hadn’t bothered to try.” adds Bloomber Businessweek.

The team of experts consulted for the initial assessment on the cyber attack against NASDAQ systems confirmed the seriousness of the attack. The experts organized a conference call to share the first impressions on the attack with officials of the White House,  the Justice and State Department as well as the Central Intelligence Agency.

Nasdaq-hackers-2

While the investigations go forward, the experts called in by the group will have to discover if the hackers were able to “manipulate or destabilize the trading platform” or if the cyber attack is just part of larger operation conducted by a foreign state to hit the U.S. financial infrastructure.

The incident reminds us that digital 9/11 is not an impossible event, despite countries like the US, China and Russia are dominant in the physical world, new powers are threatening their stability from cyber space. A cyber attack against a critical system like the Nasdaq could be conducted by also minor countries, like North KoreaIranSyria, that are largely invested in the improvement of their cyber capabilities.

Bloomberg summarized this concept this the following statement:

“The U.S. national security apparatus may be dominant in the physical world, but it’s far less prepared in the virtual one. The rules of cyberwarfare are still being written, and it may be that the deployment of attack code is an act of war as destructive as the disabling of any real infrastructure. And it’s an act of war that can be hard to trace: Almost four years after the initial NASDAQ intrusion, U.S. officials are still sorting out what happened. Although American military is an excellent deterrent, it doesn’t work if you don’t know whom to use it on.”