As Nasdaq's site hit by hackers, report says half of world's exchanges suffered cyberattacks

As Nasdaq's site hit by hackers, report says half of world's exchanges suffered cyberattacks

Summary: According to a report, half the world's financial exchanges suffered cyberattacks in past year. And on Thursday, hackers hit the Nasdaq's Community pages.

TOPICS: Security
(Image: Rob Tannenbaum/Nasdaq)

A report examining securities cybercrime has found that half of the world's critical financial exchanges suffered cyberattacks in the past year.

The International Organization of Securities Commissions (IOSCO) said in a staff working paper [PDF] that attacks against such trading, stock and financial institutions are increasing in volume. And, despite the apparent temptation to attack these targets for financial gain, the motivations appear to be aimed at destabilizing the markets over stealing money.

The paper comes in the same week as hackers attacked the Nasdaq stock exchange's community site on Thursday.

New York-based Nasdaq sent out an email to users warning that their account information — such as email addresses and passwords — may have been compromised but noted that no "e-commerce or transactions" had been affected. The stock exchange ground confirmed that no other system suffered a breach.

Investors and hobbyist traders alike use the community site to discuss trading and stock portfolios, among other things. 

Users are advised to change their passwords in case the passwords collected during the attack are institutional accounts that could give remote unauthorized access to internal banking or financial networks.

The report notes that such instances are IT-related issues rather than extensions of financial crime. This includes data theft, which as the Nasdaq's case proves true, is also a significant motivator to hackers and attackers.

But while thus far very little, if any, money has been taken from outside attacks, denail-of-service attacks remain as one of the most disruptive forms of attacks, behind malware and malicious software.

Most common and most disruptive form of cyber-attack? (Image: IOSCO/World Federation of Exchanges)

These so-called "advanced persistent threats" could be particularly damaging to exchanges, the report notes. The paper cited other studies that pegged the damages figure as high as $388 billion or $1 trillion through direct and indirect costs.

One quarter of all exchanges surveyed recognized that current systems design to mitigate intrusions "may not be able to stand up against a large-scale and coordinated attack," the report says.

Has your organization suffered a cyber-attack in the last year? (Image: IOSCO/World Federation of Exchanges)

In terms of laws and legislation, just over half of respondents said that judicial sanctions in their jurisdiction are effective in deterring cybercriminals.

Many noted that because of the global nature of e-crime and the very cross-border nature of financial transactions, many exchanges "expressed doubt over the effectiveness of current regulation" in deterring cyber criminals, due to the difficulty in investigating claims and prosecuting suspects.

But even a boost to the laws may not be able to prevent damaging effects on the financial and stock markets.

Twitter warned in April of more hacks to come after the hacking of the Associated Press' Twitter account. A tweet about an apparent explosion at the White House led to a flash plunge in the Dow Jones Industrial Average, dropping more than 100 points in a matter of seconds.  

Pro-democracy hacking group the Syrian Electronic Army allegedly sent the tweet after successfully gaining access to the news agency's Twitter account.

Though the AP's account was immediately suspended, it was still enough to wipe around $136 billion off the financial slate in just a couple of minutes before the markets recovered.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Nazdac

    So the hit the Nazdac eh!! Excellent work keep it up, This fake money system must go
    • Fake Money System?

      Well, you can send any of that useless fake money you have in your possession to any number of charitable-relief organizations if holding it makes you uncomfortable. In the meanwhile, why don't you clue us in on how you obtain food, housing and clothing without using the filthy, fake money you deride? Do you grow and process your own food, make your own clothing from the sheep you raise, build your own domicile with tools you smelt from ore and forge in your shop? Then tell us how 320 million Americans can do the same on their 0.1 acre each.
      Oak Park Greg

    Remember the days when Most banks and Wall Street was running on VMS (OpenVMS)? And you read about all of the Cyberattacks? I didn't think so...
    • Yeah, those were the days

      Before network interconnectivity and a computer in every home. VSM wasn't secure, it just wasn't online. Banks exchanged data not by connecting computers, but by sending tape reels to each other.
      • Yeah, those were the days

        Yeah, those were the days; days of lower velocity of money; lower returns; slower business. Let's go back to 1850 when the gold made periodic trips east to west then west to east, accompanied by banking panics each time. But it was safe--excepting occasional train robberies, of course.
        Oak Park Greg
      • Dinosaurs walked the earth with humans

        I seem to remember this was the time when the Digital Backbone carried most of the internet traffic, Digital products were the network (ethernet, Decnet etc.) and Microsoft had not yet invented the internet. If you had a Microsoft OS you had to use Trumpet Winsock or Wollongong stack.

        BTW add inventing search engine technology (Alta Vista) and many other innovations.

        The real problem is that security has to be by design, not adding more crap on an already flawed architecture. VMS never got pwned at Defcon. What other OS can say that?
        • VMS never got pwned at DEFCON???

          Is like saying the Model T Ford never lost at Daytona. LOLOLOL!!!!!!
    • Yes

      That's because VMS was written based on high level security. All PC based software has security as an add-on.
  • We really do need

    A separate secure, traceable transaction based internet.
  • If you think that VMS was the be-all, end-all for security

    Read Cliff Stoll's excellent book "The Cuckoo's Egg" to see how VMS got owned in 1988.
    • The Cuckoo's Egg

      Great book by Cliff Stoll, but it wasn't just VMS systems that got hacked. A number of Unix systems were also hacked because of weak, easily guessed, and unchanged passwords. But the book sure brought computer and network security to the forefront.