Pages

Tuesday, 22 July 2014

Nasdaq Hack Attribution Questioned


From Bank Info Security

“Two zero-day vulnerabilities were exploited by the attackers who hacked NASDAQ's systems in October 2010. A senior U.S. legislator claims the hackers had "nation-state" backing. That claim aside, however, security experts say it's still not clear who hacked NASDAQ or why, although there's still no indication that attackers accessed or altered the systems running the NASDAQ stock exchange.

Bloomberg Businessweek reports (also see our previous post) that two different zero-day vulnerabilities - previously unknown code bugs - were used to compromise NASDAQ. The in-depth report on the breach is based on interviews with more than two dozen people who have knowledge of the attack details or related digital forensic investigation. Despite their collective input, however, the only thing that remains clear about the motive or identity of the attackers is how unclear they still remain. Indeed, even the duration of the hack remains unknown, with investigators saying it began by October 2010, but may have started earlier. Likewise, it's not clear exactly what the attackers accessed or stole.”

read more>>