In 2010, elite hackers, most likely from Russia, used at least two zero-day vulnerabilities to penetrate the computer network operated by Nasdaq Stock Market, a hack that allowed them to roam unmolested for months and plant destructive malware designed to cause disruptions, according to a media report published Thursday.
The intrusion initially caught the attention of officials inside the National Security Agency, the Central Intelligence Agency, and departments of Defense, Treasury, and Homeland Security for two reasons, Bloomberg Businessweek journalist Michael Riley reported in an article headlined How Russian Hackers Stole the Nasdaq. One, it appeared to be the work of hackers sponsored by Russia or another powerful nation-state. Two, far from the typical espionage campaigns that merely siphon out secret data, the malware involved in the attack contained what early on appeared to be a digital bomb that could cause serious damage.
Riley's 3,100-word cover article traces the resulting federal investigation, which also involved the FBI, Secret Service, the National Cybersecurity and Communications Integration Center, and on at least three occasions, briefings provided to President Barack Obama. Ultimately, analysis of the malware showed its capabilities were less destructive than earlier believed, but there was still cause for concern. As Ars reported last year, it came around the same time that five eastern European men allegedly breached networks belonging to Nasdaq and at least seven other financial institutions. According to federal prosecutors, one of the suspects, upon gaining persistent control over the world's second biggest stock exchange, proclaimed "NASDAQ is owned."