The NSA is probing a hacker attack on NASDAQ last October
March 30, 2011
The National Security Agency (NSA), the largest electronic intelligence service in the United States, is currently probing a cyber attack that was committed on the Nasdaq Stock Exchange in October 2010 amid evidence that the intrusion by attackers was more severe than first initially disclosed, according to people familiar with the investigation.
The involvement of the NSA, which uses some of the world’s most powerful computers for electronic surveillance and security code decryption technology, may help the initial investigators, both Nasdaq and the FBI, better determine just who attacked the exchange and exactly what data or sensitive information was stolen.
The NSA could also demonstrate that the attack greatly endangered the security of the nation’s financial infrastructure, and could potentially offer its own recommendations in preventing such attacks from happening in the near future.
Joel Brenner, former head of U.S. counterintelligence in the Bush and Obama administrations, and now at the Washington offices of the law firm Cooley LLP says “By bringing in the NSA, that means they think they’re either dealing with a state-sponsored attack or it’s an extraordinarily capable criminal organization.”
The NSA’s most important contribution to the probe may be its ability to unscramble encrypted messages that hackers use to extract data, said Ira Winkler, a former NSA analyst and chief security strategist at Technodyne LLC, a Wayne, New Jersey-based Internet security and IT consulting firm.
NSA investigators have yet to determine which Nasdaq systems were compromised and why, and it may take them many more months to finish their work, two of the people familiar with the matter said.
Disclosed in February, the probe of the attack on the 2nd largest U.S. stock exchange operator is also being assisted by foreign intelligence agencies, said one of the people, who declined like the others to be identified since the investigation is ongoing and classified. One of the people said the attack was more extensive than Nasdaq previously disclosed, however.
Disclosure of the attack prompted the House Financial Services Committee in February to begin a review of the security of the country’s financial infrastructure, according to the committee’s chairman, Spencer Bachus, an Alabama Republican.
The rapidly widening investigation may also complicate Nasdaq’s immediate ability to strike deals to acquire or merge with other stock exchanges at a time when several competitors have announced such moves, according to Alexander Tabb, a partner at Tabb Group LLC, a financial-markets research firm based in Westborough, MA.
“For an organization like Nasdaq, it does have an impact on the overall perception of their security, their brand, their resiliency and their overall value,” Tabb said. “For potential partners of the company, that has to be a real issue at this point.”
More than $20 billion of exchange acquisitions have been announced in the past five months, including Singapore Exchange Ltd.’s $8.3 billion offer for ASX Ltd., London Stock Exchange Group Plc’s agreement to acquire TMX Group Inc. for $3.1 billion, and Deutsche Boerse AG’s $9.5 billion deal for NYSE Euronext.
Nasdaq administrators will be hard pressed to assure potential partners that they have resolved the security issue, Tabb said. “Uncertainty in the functioning of global markets is the biggest blow-back to this event,” Tabb said.
Nasdaq reported last month that the breach of its computers and servers was limited to a single system known as Directors Desk, an in-house service application used by board members of companies to exchange confidential information on various exchange-listed companies. The company said that as far as investigators could determine, no data or documents on that system were taken. But not everyone agrees with that.
The NSA-assisted probe is now focused on how far and to what extent the security breach may have reached, including the potential compromise of other IT systems, said one of the people familiar with the probe.
Frank De Maria, a Nasdaq spokesman, declined to comment on the effect the attack might have on the company’s future strategic moves. He said Nasdaq is pursuing its probe and has no new information about the scope of the security issue that was done last fall.
“With every company now, searching the networks for break ins and insuring they’re secure has got to be a full-time job,” De Maria said in an interview.
NSA spokeswoman Vanee Vines declined to comment and referred all questions to the FBI, the lead agency in the investigation. Jenny Shearer, a spokeswoman for the FBI, also declined to comment.
Nasdaq's Directors Desk, where the break-in was discovered, is designed to allow directors and executives of Nasdaq client companies to share private files, nonpublic information that cyber criminals could trade on. Nasdaq bought Directors Desk in 2007 as part of its effort to diversify into corporate services.
Sophisticated hackers often enter computer networks through a single system, like Directors Desk, then hop to other secure parts of a computer network, the people familiar with the investigation said.
Tabb said FBI and NSA investigators are likely trying to chart which parts of Nasdaq’s network might have been accessible through Directors Desk and to ensure those vulnerabilities weren’t exploited -- a time-consuming process, but one that is imperative, he said.
Brenner, the former counter-intelligence chief, said he couldn’t independently confirm the NSA’s role in the probe, but he did say that the agency rarely gets involved in investigating cyber attacks against companies, except in some really rare and complex cases such as this one.
He added that the NSA played a part in probing the 2009 attack against Google, saying that represented “a major change” for the agency, which monitors the electronic communications of foreign entities and helps secure the networks of U.S. government agencies, especially in light of the attacks in New York on 9/11.
“It’s part of an increasing awareness that the distinction between economic and national security is rapidly breaking down,” he said. Based at Fort Meade, Maryland, the NSA has the U.S. government’s most detailed knowledge of cyber attackers and their methods, Brenner said. A 2008 executive order signed by President George W. Bush further expanded the NSA’s overall responsibilities to include monitoring U.S. government computer and server networks to detect cyber attacks.
The NSA could help identify and analyze electronic clues left behind by the hackers, including communication between the malicious software used in the attacks and the outside computers that controlled it, Brenner said.
One particular challenge in analyzing the scope of cyber attacks is that the information captured by intruders is often sent out in an encrypted form, making it difficult to tell what was taken, according to the FBI.
And an additional obstacle, Brenner said, is that the most sophisticated cyber attacks employ stealth software that is programmed to go dormant for many months and can be altered by hackers in response to rapidly changing security measures. That makes it even harder for investigators to be sure they’ve found all the malicious software and removed it from the affected network.
“But in theory, the NSA should have the ability to reconstruct the data that is being obfuscated,” said Winkler, a former NSA analyst with over 18 years of experience in computer security.
One line of inquiry pursued by investigators is whether the attack is linked to state-based cyber espionage or sabotage, which would raise national security concerns, one of the people familiar with the federal probe said.
De Maria, the Nasdaq spokesman, said in February that there was no evidence the trading platform the company runs was breached in any way, at least for now. Security dangers include the potential for intruders to alter trading algorithms and cause a market crash, according to Larry Dignan, a technical writer.
Brenner added that Internet security intruders might do just as much damage by manipulating trading to create doubt about the validity of trades. More than 93 billion shares were traded on the Nasdaq stock exchange in the fourth quarter of last year alone, equal to almost 20 percent of the U.S. equities market, according to Nasdaq’s final quarterly report to the Securities and Exchange Commission in 2010.
Overall, initial reports that the computers and servers used in the attack were based in Russia weren’t correct, the people familiar with the probe said. The investigation has yet to determine the country of origin of the attack, they said.
And the attack’s sophistication doesn’t rule out that an organized crime group was responsible either, Brenner said. Criminal enterprises have narrowed the skills gap with state-sponsored hackers, launching attacks that can penetrate even the best-guarded computer networks and the most protected data centers on the planet, he said.
Source: The NSA.
You can link to the Internet Security web site as much as you like.