Hackers who infiltrated the Nasdaq's computer systems installed malicious software on the exchange's computers that allowed them to spy on scores of directors of publicly held companies, according to two people familiar with an investigation into the matter. The emerging details further highlight the increasing threat hackers pose to corporations with a rash of highly sophisticated attacks on high-profile companies and financial institutions - from Google to Citigroup and the International Monetary Fund. Nasdaq OMX Group disclosed in February that its system were hacked last year. That sparked an investigation involving the FBI and National Security Agency that is ongoing. The attack on Nasdaq is an example of a "blended attack," where hackers infiltrate one target in order to facilitate access to another. In March hackers stole digital security keys from EMC Corp's RSA Security division that they later used to access the networks of defense contractor Lockheed Martin Corp. Nasdaq's trading platforms were not compromised, the exchange said when it disclosed the attack in February, although an internet-based software programme was attacked. Advertisement Nasdaq sells that programme, called Directors Desk, to listed and private companies, which use it to let board members get access to and share documents and communicate with executives, among other things. While the Directors Desk was infected, hackers were able to access confidential documents and communications of the directors who got access to the programme, said Tom Kellermann, chief technology officer with security technology firm AirPatrol Corp. Another person familiar with the investigation confirmed Kellermann's account of the matter, but declined to be identified by name because he is not authorized to discuss the matter. It is unclear how long the Directors Desk application was infected before the exchange identified the breach, according to Kellermann and the other source. Investigators have learned that hackers were able to spy on the computer systems of "scores" of directors who logged onto the application at Nasdaq's directorsdesk.com site before the malicious software was removed, potentially gathering sensitive corporate secrets, according to those sources. "God knows exactly what they have done. The long term impact of such attack is still unknown," Kellermann said. Kellermann is a well-regarded cyber security expert who has advised the Obama Administration on cyber security policy. In February, Nasdaq said there was no evidence the hackers accessed or acquired customer information. A spokesman confirmed today that the investigation continues, but declined to give further details. Army General Keith Alexander, director of the highly secretive National Security Agency and head of US Cyber Command, told reporters that NSA and Nasdaq had reached conclusions about the origin of the attack. He said the information was classified, but added that many areas were now seeing "advanced persistent threats," the cyber community's code phrase for attacks by nation states. He said NSA was working with Nasdaq to help protect its network against further attacks. "The key is, with attribution, you can show them how to defend against it," he said, after a speech at a security conference in Baltimore. "That's easy to do." SURSA: Nasdaq hacking details revealed by source | BUSINESS News
