Nasdaq Hacked Through Web-facing Application

Nasdaq conformed that servers in the U.S. were hacked. According to the report from WSJ, the mysterious hack included an attack against a Web facing application called Directors Desk. Here is the full statement from the Nasdaq OMX Group:

Through our normal security monitoring systems we detected suspicious files on the U.S. servers unrelated to our trading systems and determined that our web facing application Directors Desk was potentially affected. We immediately conducted an investigation, which included outside forensic firms and U.S. federal law enforcement. The files were immediately removed and at this point there is no evidence that any Directors Desk customer information was accessed or acquired by hackers. Our trading platform architecture operates independently from our web-facing services like Directors Desk and at no point was any of NASDAQ OMX’s operated or serviced trading platforms compromised.

Subsequently, the U.S. Department of Justice requested that we refrain from providing notice to our customers until, at the earliest, February 14, 2011, in order to facilitate the continuing investigation. NASDAQ OMX was honoring the U.S. Government’s request to delay notification, but when a story ran in the media on Saturday, February, 5, 2011, regarding a hacking incident at NASDAQ OMX, we immediately decided, in consultation with the authorities, that we must inform our customers.

We continue to evaluate and enhance our advanced security controls to respond to the ever increasing global cyber threat and continue to devote extensive resources to further secure our systems. Cyber attacks against corporations and government occur constantly. NASDAQ OMX remains vigilant against such attacks. We have been working in cooperation with the Government’s ongoing investigations and have received their technical advice for which we are appreciative.