
The Nasdaq Hack - sytelus
http://www.businessweek.com/articles/2014-07-17/how-russian-hackers-stole-the-nasdaq
======
fsk
The exchanges hire many H1-bs from China, India, and Russia. They try to
minimize cost paid per hour.

It would be very easy for a spy to pose as a worker and get hired. If you get
a couple people in each area, it's completely undetectable. I had several
coworkers I suspected, but didn't want to risk my job reporting them to
compliance.

~~~
remarkEon
Do you have any data that supports this? Is there somewhere that publishes how
many H-1B visas the exchanges hire, and where they're from? Considering how
much money is flowing through these places (digitally, speaking), I'm
skeptical that there's zero background checking involved. Speaking in
hypothetical, sure it would be possible. But I'd need more data to be
convinced.

~~~
us0r
"I'm skeptical that there's zero background checking involved"

You shouldn't be.

Just yesterday it was essentially revealed Amazon does not do background
checks (at least not on Education)[0].

One of the governments contractors for background checks (including Snowden)
was charged for defrauding the government on 660,000 checks[1] (and many if
not all of these are for security clearances).

[0] -
[https://news.ycombinator.com/item?id=8600716](https://news.ycombinator.com/item?id=8600716)
[1] - [http://thehill.com/blogs/congress-blog/the-
administration/22...](http://thehill.com/blogs/congress-blog/the-
administration/221416-is-debarment-in-the-cards-for-usis)

------
jackgavigan
_In Washington, an FBI team and market regulators analyzed thousands of trades
using algorithms to determine if information in Director’s Desk could be
traced to suspicious transactions. They found no evidence that had happened,
according to two people briefed on the results._

The fact that they found no evidence that anyone traded using insider
information obtained from the compromise of Director's Desk doesn't mean that
it didn't happen. As with hackers, only the incompetent insider dealers get
caught. It's entirely possible to obfuscate trading activity to conceal the
fact that you're trading based on insider information.

------
spacefight
First sentence: "In October 2010, a Federal Bureau of Investigation system
monitoring U.S. Internet traffic picked up an alert."

Oh look, a polar bear overthere!

------
at-fates-hands
Is it really so far fetched the Russians hired some hackers to do clone the
NASDAQ, but then the hackers saw a broader opportunity to fatten their own
bank accounts?

 _If the hackers’ motive was profit, Nasdaq’s Director’s Desk, the Web-based
communication system where they first entered the network, offered amazing
possibilities. It’s used by thousands of corporate board directors to exchange
confidential information about their companies. Whoever got their hands on
those could accumulate an instant fortune._

They could've easily had multiple motives, and those could have been state
driven, or simply personal for the hackers. Either way, I'm pretty sure the
cloning theory is only half the story.

------
minimax
There is no evidence the hackers got anywhere near NASDAQ's actual exchange
networks (gateways, matching engines, etc). This whole article is ridiculously
hyperbolic.

~~~
tptacek
The article sucks, but electronic markets are, compared to other core
infrastructure, uniquely exposed. You obviously can't talk directly to a match
engine from the Internet, but equally obviously they consume input from all
sorts of systems you can talk to.

Match engines themselves are not particularly interesting as targets (their
function is, in the "attack surface" sense, pretty straightforward), but the
engines are always surrounded by a constellation of goofy little systems that
collectively expose a pretty big attack surface.

And you don't have to pop the match engine itself to compromise the market. It
often suffices just to be able to see raw message flow, or to be able to
influence posted orders.

Foreign hackers will probably break the markets before they manage to crash an
airplane or turn off the water. Don't get me started on the power grid,
though.

~~~
minimax
I guess there are kind of two things people worry about with electronic
markets and hacking. One is just crashing the market so that nobody can trade
for some period of time. The other is actually stealing funds from one or more
market participants. I'm not sure which case you had in mind, but I think the
former is probably a lot easier than the latter.

~~~
tptacek
A friend of mine once had the best idea ever for a destructive piece of
malware. Assume you have a reliable infection vector on Windows machines. Now,
instead of deleting hard drives or enrolling machines into a botnet, just find
every Excel spreadsheet you can, and subtly fuck with the numbers.

If you wanted to damage the US economy, a similar approach taken with
compromised electronic markets could probably do some real damage.

~~~
minimax
That is a cool idea because the spreadsheets are probably not backed up so you
have no reference to compare it to. This is not exactly the case in the
markets. For instance when I send my order into NASDAQ, I get an order accept
message back that includes all the parameters in the original order message.
If you artificially cancel my order when I think the order should have
executed immediately or been posted to the book, I'll notice that and call the
exchange trade desk to ask wtf happened. For displayed, non-IOC orders I'll
also see my order in the market data feed. When I get an execution the price
of the execution should match (or improve) the price of my order. I'll also
see copies of all these orders and executions in the DROP copy from my
clearing firm. In other words there are a lot of places to insert your own
surveillance to make sure your trading is happening the way you expect it to,
and many firms already have such surveillance schemes in place because 1)
regulatory requirements and 2) software has bugs and sometimes things break.

* This is all re US equity markets because that's my area of expertise. Maybe it's different on other electronic venues.

------
woodchuck64
"The CIA began to focus on the relationships between Russia’s intelligence
agencies and organized crime."

Ah, Russia: advanced technology and corruption in equal parts. And 4600 active
nuclear warheads, the IT systems of which are now protected by "a new team of
anti-hackers": [http://rt.com/news/196720-russia-missile-forces-
cybersecurit...](http://rt.com/news/196720-russia-missile-forces-
cybersecurity/)

------
known
NASDAQ != NYSE

