infosec-news February 2011 archive
Main Archive Page > Month Archives  > infosec-news archives
infosec-news: [ISN] NASDAQ Breach: Lesson for Banks

[ISN] NASDAQ Breach: Lesson for Banks

From: InfoSec News <alerts_at_nospam>
Date: Mon Feb 14 2011 - 09:23:24 GMT
To: isn@infosecnews.org

http://www.bankinfosecurity.com/articles.php?art_id=3342

By Tracy Kitten
Managing Editor
Bank Info Security
February 11, 2011

Could real-time forensics have helped uncover the NASDAQ breach sooner?

It's unclear how long cyberhackers breached and prowled NASDAQ's network
and systems. According to NASDAQ, the investigation continues. In a
statement posted to the company's website, NASDAQ says, it "was honoring
the U.S. Government's request to delay notification, but when a story
ran in the media on Saturday, February, 5, 2011, regarding a hacking
incident at NASDAQ OMX, we immediately decided, in consultation with the
authorities, that we must inform our customers."

Industry experts wonder whether the use of real-time forensics might
have detected or even prevented this incident. The Wall Street Journal
reported that NASDAQ hacks were reported in October and November to the
Securities and Exchange Commission. But nothing about when the systems
were first accessed or how often they were visited has been released.
Director's Desk, a NASDAQ subsidiary that offers Web-based tools to
executives and board members, seems to have left the gap hackers
exploited.

NASDAQ goes on to say that no evidence suggests customer information or
any of NASDAQ's trading platforms were compromised.

[...]

___________________________________________________________
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/