The Nasdaq Hacking Case Raises Big Red Flags for Exchanges

Hackers and cyber-crime
Hackers and cyber-crime

Revelations over the past few days that hackers had penetrated certain systems at the Nasdaq stock exchange are reverberating throughout the financial world. Indeed, the case is shaking some bedrock assumptions of a digitized, high-speed, globally connected stock market run essentially by computers with minimal human interaction. Nasdaq officials say the computer systems that actually execute buy and sell orders for the Nasdaq OMX Group (NDAQ) were not compromised.

Instead, they say the hacking allegedly affected Nasdaq's Directors Desk service, a subsidiary that offers Web-based tools to make it easier for boards of directors to prepare for, participate in and follow up on board meetings. Part of the service includes document-sharing tools for things like preliminary drafts of earnings reports and other key data and documents.

Directors Desk's roughly 10,000 clients include a Who's Who of top publicly traded companies. The concern is that enterprising hackers could have gleaned key details from board meetings if they gained full access to the service, allowing them to possibly trade on nonpublic material information. On the Directors Desk website Nasdaq says the service offers "The highest level of security available to protect confidential board communications."

Going Where the Money Is

Equally troubling are allegations that the first hacker penetrations of Nasdaq systems were reported to the Securities and Exchange Commission in October and November of last year, according to The Wall Street Journal. Other sources have said the hackers may have persisted in the Nasdaq servers for a full year.

Sponsored Links

Had the exchange been located in California, it would have been forced to report these penetrations immediately to all affected customers due to the Golden State's laws covering data-security breaches. But for Wall Street, these revelations in an age when the majority of trades are executed by high-frequency trading operations totally reliant on computerized algorithms could cause a decrease of confidence that stock exchanges can safeguard the interests of investors large and small.

Whether these particularly hackers were simply out for a thrill or were seeking to gain inside information to make ill-gotten games is more or less irrelevant. The possible hacking of Nasdaq is a sign that cyber-criminals are going to where the money is. Previously, hackers had concentrated on getting into databases or stealing credit card information for identity thefts. But a serious band of cyber-crooks could cause untold financial damage if it were to penetrate an exchange's trading operations.

Other Exchanges React

A favorite ploy of hackers who specialize in wide-scale identity theft is to add small charges to credit cards of many thousands of card-holders. A similar tactic could be used on investors, say, by adding a small amount to each offer or bid for a specific group of securities and capturing the differential over millions of trades in a manner that could go undetected for long periods and possibly forever. In coverage of this incident, sources close to the incident are reported to have said it appears the hackers weren't able to take any information from Directors Desk.

But this begs the question: If a serious group of hackers set their sights on Directors Desk, would they actually leave a trail? Possibly not. Regardless, the revelations apparently have rattled other financial exchanges. The NYSE Euronext shut down its own version of Directors Desk for undisclosed reasons.

Now the news of the hack could possibly draw more copycat attacks or highlight the juicy targets that are becoming more ubiquitous as the financial exchanges -- and the tools they offer public companies -- get increasingly digitized.