Four years ago, Russian hackers have hacked into the system of NASDAQ stock exchange, which have caused several damaged to the sock market and also brought down the entire financial structure of United State. And after the fours years, FBI team and investigator of this incident haven't identified the hackers behind it. But sources says that the attacker was not a teen or a student, but it may be the intelligence agency of other countries.
After successfully exploiting the NASDAQ server, hackers have used a malware into the attack, which have the capability to extract data from the systems and carry out surveillance as well. However researcher says that the malware was designed to infect the wide spread system of the NASDAQ.
According to the recent reports by the Businessweek, reveals that the attack was carried out by leveraging two zero-day vulnerabilities, which allowed the intruders to insert malicious code into the systems of Nasdaq and have access to them for at least three months prior to the detection of the attack.
The report of the compromise was already given to NASDAQ, but had neglected the issue. After that National Security Agecy (NSA) were called to investigate the hack incident. After the five months of investigation by FBI , NSA and CIA, it was uncovered that the malware used two unnamed Zero-day security flaws, for which there were no patches existed.
NSA point out that the code of the malware was similar to the malware previously used by the Russia’s espionage agency Russian Federal Security Service. It appears that the ability of the malware is simple spying on the financial activity of the NASDAQ.
Forensic investigator of the hack incidents says that NASDAQ system had a poor security and thus highly vulnerable to the hackers attacks. The investigator also founds evidence that several outside group have access to the NASDAQ information, but who are they, is not been clear.
Nasdaq spokesperson says that the malware did not reach the stock exchange, as originally stated in the cover story headline. "The events of four years ago, while sensationalized by Businessweek, only confirmed what we have said historically: that none of Nasdaq's trading platforms or engines were ever compromised, and no evidence of exfiltration exists from directors' desks," said NASDAQ spokesman Ryan Wells.
After successfully exploiting the NASDAQ server, hackers have used a malware into the attack, which have the capability to extract data from the systems and carry out surveillance as well. However researcher says that the malware was designed to infect the wide spread system of the NASDAQ.
The report of the compromise was already given to NASDAQ, but had neglected the issue. After that National Security Agecy (NSA) were called to investigate the hack incident. After the five months of investigation by FBI , NSA and CIA, it was uncovered that the malware used two unnamed Zero-day security flaws, for which there were no patches existed.
NSA point out that the code of the malware was similar to the malware previously used by the Russia’s espionage agency Russian Federal Security Service. It appears that the ability of the malware is simple spying on the financial activity of the NASDAQ.
Bloomberg reports that one of the forensic investigators referred to the Nasdaq’s systems as “the dirty swamp,” because very few records were available that would have revealed daily activities on the servers and would have helped retrace the steps of the intruders.
Nasdaq spokesperson says that the malware did not reach the stock exchange, as originally stated in the cover story headline. "The events of four years ago, while sensationalized by Businessweek, only confirmed what we have said historically: that none of Nasdaq's trading platforms or engines were ever compromised, and no evidence of exfiltration exists from directors' desks," said NASDAQ spokesman Ryan Wells.
The investors also reveals that attacker have not attacked into the other financial business system, as attacker can easily expand its attack with exploiting same vulnerability on other business system too.