WASHINGTON (Reuters) - A sovereign review into final year's cyber attack on Nasdaq OMX Group found surprisingly messy confidence practices that done a sell user an easy aim for hackers, people with believe of a examine said. The sources did not wish to be identified since a matter is classified.
The ongoing examine by a Federal Bureau of Investigation is focused on Nasdaq's Directors Desk partnership module for corporate boards, where a crack occurred. The Web-based module is used by directors to share trusted information and to combine on projects.
The investigators found that Nasdaq's simple mechanism design was sound, that kept a trade systems protected from a hackers, according to 4 people who were briefed on a FBI examine or had believe of Nasdaq's efforts to urge a confidence with a assistance of outmost consultants.
The sources, however, pronounced a investigators were astounded to find some computers with prehistoric software, misconfigured firewalls and uninstalled confidence rags that could have bound famous "bugs" that hackers could exploit. Versions of Microsoft Corp's Windows 2003 Server handling system, for example, had not been scrupulously updated.
While Nasdaq is not a initial association to concede module updates to relapse inadvertently, investigators were astounded that a sell user was not some-more observant about what a attention calls "cyber hygiene" given a significance to financial systems.
"This was easy pickings," pronounced one chairman informed with Nasdaq's security practices. "You would have suspicion they would be like a cyber Fort Knox, though that wasn't a box during all."
Nasdaq shielded a confidence practices and pronounced no information was compromised by a cyber attack, that was rescued in Oct 2010.
Carl-Magnus Hallberg, comparison clamp boss of information record services for Nasdaq OMX, told Reuters it was astray to interpretation that confidence practices were messy simply since a Directors Desk module was breached. He pronounced it would have been probably unfit to urge opposite a hackers who used malware that had not been disclosed.
"This was a worldly attack," Hallberg said. He declined to criticism serve on a specifics of a investigation, observant his association does not publicly plead sum of a confidence practices.
BROADER CONCERNS
The Nasdaq conflict has sparked concerns about a astringency of a hazard confronting a financial attention and a need for extended confidence during many companies.
Computer confidence is disproportionate opposite attention and many companies, even in a invulnerability sector, are unknowingly of malware sneaking in their networks, cyber experts say.
Sources pronounced a malware found in Nasdaq's network was formidable and insidious, though worse confidence measures and some-more commitment could have helped a association detect a penetration some-more quickly.
While disappearing to criticism on that claim, Nasdaq pronounced it invests heavily in network confidence and has about 1,000 people operative on information record issues worldwide.
Officials during a FBI and a National Security Agency, that is also concerned in a investigation, declined comment.
It was not transparent how prolonged a antagonistic module was benefaction on Nasdaq's network before it was found.
Hallberg pronounced Nasdaq rescued a breach, took movement to lessen it and told sovereign authorities, who are still investigating. Nasdaq also common a electronic signatures it identified from a conflict with other companies to assistance them avert identical attacks, Hallberg said.
Nasdaq has about 10 companies advising it on confidence issues, including a vital U.S. invulnerability contractor, he added.
Nasdaq disclosed in Feb a cyber conflict on Directors Desk, a use a association sells to corporate boards. Nasdaq bought a secretly hold Washington-based association in 2007.
Thomson Reuters Corp, a primogenitor of Reuters News, sells a product famous as BoardLink that competes with Directors Desk.
Hallberg pronounced Nasdaq was operative closely with other companies and supervision agencies around a universe to boost data-sharing on confidence threats.
He pronounced a company's confidence systems were heavily regulated in each nation where it operates, and generally in a United States, where a Securities and Exchange Commission conducts 4 audits per year. Any concerns identified by such audits were dealt with immediately, he said.
(Additional stating by Jonathan Spicer and Basil Katz in New York. Editing by Tiffany Wu)
News referensi http://news.yahoo.com/exclusive-lax-security-nasdaq-helped-hackers-231729383.html
