Hackers leave ‘digital bomb’ in Nasdaq
NEW YORK — Russian hackers managed to slip a “digital bomb” into the Nasdaq — one with the potential to sabotage the stock market’s computers and wreak havoc on the U.S. economy.
That’s according to an investigative report by Bloomberg Businessweek, which revealed the details of a 2010 cybergrenade that never detonated.
Although it had been reported previously that hackers had snooped around the Nasdaq’s computer network, specific information about the attack had remained secret until this week.
Hackers broke into Nasdaq’s network four years ago with custom-made malware that had the potential to spy and steal data. But it could also cause digital destruction, potentially disrupting Nasdaq’s computer system.
It’s still unclear who the attackers were. A federal official briefed on the investigation said the FBI has not developed enough evidence to conclude a foreign government was responsible behind the hack.
George Venizelos, the FBI’s New York assistant director in charge, explained in a statement to CNNMoney that the agency is still investigating the break-in.
Bloomberg’s story points its finger at the Russian government, which Russia called “pure nonsense.” Yevgeniy Khorishko, the Washington embassy’s press secretary, said there was nothing more to say about the matter.
However, those familiar with the investigation say the more likely attacker is an independent Russian hacker from the city of St. Petersburg named Aleksandr Kalinin. The U.S. Secret Service and FBI say they caught him relentlessly attacking Nasdaq computers between 2007 and 2010. Cybersecurity professionals who covertly share information about attacks on major U.S. banks and financial players concur that Kalinin is the likely culprit.
Nasdaq tried to reassure listed companies and traders that hackers walked away empty-handed — and the digital bomb never went off.
“The events of four years ago, while sensationalized by Businessweek, only confirmed what we have said historically: that none of Nasdaq’s trading platforms or engines were ever compromised, and no evidence of exfiltration exists from directors’ desks,” said Ryan Wells, a company spokesperson.
Yet the fact that the bomb never went off isn’t the point. The details of the attack make clear — in real terms — the national security threats long feared by technology experts.
Hackers halting trades for a day and tanking the stock market is now a real possibility, said Christopher Finan, who served as a White House cybersecurity expert sometime after the Nasdaq incident. He said the U.S. government needs to focus more on protecting against these kind of attacks from occurring in the future.
“It’s not farfetched, and people should understand this can happen,” Finan said. “This shows we’re not seeing enough investment in infrastructure for systems with national consequences.”
It’s yet another sign hack attacks can have the ability to paralyze a nation. The U.S.-made Stuxnet worm destroyed centrifuges at an Iranian nuclear plant in 2009. Iran ruined 30,000 computers at Saudi oil producer Aramco in 2012. North Korean hackers froze some of South Korea’s banks and media networks in 2013.