A Bloomberg Businessweek report has revealed that the CIA, NSA, and other agencies spent months investigating a major malware attack on Nasdaq, revealing the stock exchange service's vulnerability. In 2010, the FBI picked up hints that an intruder had compromised Nasdaq's central servers. After looking closer, experts realized that the malware wasn't meant for surveillance — it was potentially capable of disrupting trading or even, in the NSA's initial opinion, "wiping out the entire exchange."
While Nasdaq had apparently detected some kind of problem, it had not reported it, and government investigators found a mess of earlier, apparently undetected intrusions. "Agents found the tracks of several different groups operating freely, some of which may have been in the exchange's networks for years," says Businessweek. And "basic records of the daily activity occurring on the company's servers, which would have helped investigators trace the hackers' movements, were almost nonexistent." From what the NSA's intelligence could detect, the malware was the work of a government, not independent hackers. A similar strain of malware had been designed by the Russian FSB, but it was also possible it had been used by another country — China was a primary suspect — for both its intrinsic features and its ability to confuse an investigation.
"We've seen a nation-state gain access to at least one of our stock exchanges."
Rep. Mike Rogers (R-MI) officially confirmed an attack in broad terms. "We've seen a nation-state gain access to at least one of our stock exchanges, I'll put it that way, and it's not crystal clear what their final objective is," he said. "The bad news of that equation is, I'm not sure you will really know until that final trigger is pulled. And you never want to get to that."
But politics also make it hard to determine what happened. According to Businessweek, some officials believed the NSA may have played up the danger of the attack and the connection to Russia. Then-head Keith Alexander was a strong proponent of increasing the US cyberwarfare force; years later, he pushed for stronger legal authority in order to prevent something like a "cyberpacket that's going to destroy Wall Street." Rogers, a notably hawkish member of Congress, would also be likely to take the attack as seriously as possible. Later analysis of the malware indicated that although it could disrupt the stock market, it couldn't wipe a network. After the CIA conducted its own investigation, the White House reportedly began to consider it an attempt at financial crime, not terrorism.
But Businessweek, which previously conducted an in-depth investigation on the Target system hack, says that the situation is still extremely murky four years later. If it was the work of the Russian government, many unanswered questions remain, especially why it was found during a period when relations were friendlier than usual. Unfortunately, Nasdaq's apparent lack of comprehensive records could make answers impossible to find.
Update and correction July 17th, 1:30PM ET: Nasdaq spokesperson Joe Christinat says that the malware did not reach the stock exchange, as originally stated in the headline. "The events of four years ago, while sensationalized by Businessweek, only confirm what we have said — that none of Nasdaq's trading platforms or engines were ever compromised and no evidence of exfiltration exists from Directors Desk."