There have been lots of reports that governments around the world aren’t paying enough attention to protecting their critical infrastructure — telecom networks, water systems and power grids — from cyber attacks.
Stock markets would also fall into that category. Imagine what would happen if the Toronto, New York or London Stock Exchanges were put out of commission for an extended period of time, or, arguably worse, trades were manipulated.
It nearly happened. On Thursday Bloomberg BusinessWeek reported that servers running the Nasdaq exchange — home to Cisco Systems Inc., Microsoft Corp., Apple and Oracle, among others — were infected four years ago by code believed to have come from Russia. As the story details, after being discovered by the FBI — which has a unit that keeps an eye out for suspicious Internet traffic — the resulting investigation pulled in the National Security Agency (NSA, the electronics spy agency where Edward Snowden once worked), the CIA, Homeland Security and other federal departments.
NSA’s conclusion: “Elite Russian hackers had breached the stock exchange and inserted a digital bomb. The best case was that the hackers had packed their malware with a destruction module in case they were detected and needed to create havoc in Nasdaq computer banks to throw off their pursuers. The worst case was that creating havoc was their intention. President Obama was briefed on the findings.”
That conclusion is in dispute. What isn’t was the shape of network security at Nasdaq.
“What the investigators found inside Nasdaq shocked them, according to both law enforcement officials and private contractors hired by the company to aid in the investigation. Agents found the tracks of several different groups operating freely, some of which may have been in the exchange’s networks for years, including criminal hackers and Chinese cyberspies. Basic records of the daily activity occurring on the company’s servers, which would have helped investigators trace the hackers’ movements, were almost nonexistent. Investigators also discovered that the website run by One Liberty Plaza’s building management company had been laced with a Russian-made exploit kit known as Blackhole, infecting tenants who visited the page to pay bills or do other maintenance.”
In an interview for the article, a Nasdaq spokesman said today the exchange has an “enhanced ability to detect and protect the integrity of our systems.”
Meanwhile U.S. federal investigators broadened their investigation and discovered that other U.S. financial institutions were vulnerable to the same attack that hit Nasdaq. At the same time, the story says, the theory about the intent of the attack changed.
It’s a fascinating piece. But there’s also a lesson: Every IT department has to have at least one person who is on top of the latest cyber security trends, beyond patching. There are any number of sources, such as from industry associations where sensitive matters can be discussed to OpenCERT Canada. IT security has to go up another level.