Healthcare Industry Is Not Alone with Hackers, NASDAQ Has Intruders Using Algorithms to Break In-FBI Investigation
Posted Feb 06 2011 12:39am
More and more we keep hearing about hackers getting into servers and websites and as this article states, motives can be varied. The article from the Wall Street Journal states this has been going on for a year or so without being able to find the source of who or where the hacking is coming from. So far, no damage has been done and transactions and software compiled code is ok, so the algorithms that run everything are fine. What the invaders seemed to have an interest in were the communication files, used via a secured server program called “Directors Desk” as this is where high level email and communication takes place with only the elite higher ups being able to have access, about 10,000 individuals. The owner of Directors Desk is NASDAQ OMX so what I tell all is true, the get the best coders and tech folks in the world and pay well for them, and then they market their software to other companies for some bonus dollars here.
Does the SEC know about this software <grin>. If they don’t here’s one more area of catch up for the agency and something to get on very quickly. Maybe it’s time to call in some “white hats” from the “black hats” official hacking community. The government is using them at Homeland Security. It’s called the Defcon society and since this has gone to the White House too, he’s probably already in there.
“It is a technological arms race in financial markets and the regulators are a bit caught unaware of how quickly the technology has evolved”
With the nature of shared on Directors Desk, the list of potential hackers could include foreign governments wanting corporate secrets or criminal hackers seeking access to confidential information for insider trading purposes. Gee we are back to that topic again, “inside trading”. I could certainly see a hacker looking around for information and not touching a thing as when you think about it, damaging any of the systems would in fact ruin their opportunities to trade if in fact they did secure any information.Is this the next wikileaks <grin>.
You can bet the "Director’s Desk” software programmers are in the middle of this heated investigation for sure and for good reason they want to be there. Companies like SonoSite, a healthcare company use Director’s Desk. Why? Well when you are about ready to announce a new FDA approved product, you don’t want any top secret information out in the world until it’s time, insider trading potential again. Here’s an example from a short while back of a new FDA approved product from 2009 and again no unauthorized information should be floating around out there and thus the need for software like Director’s Desk.
Hackers have repeatedly penetrated the computer network of the company that runs the Nasdaq Stock Market during the past year, and federal investigators are trying to identify the perpetrators and their purpose, according to people familiar with the matter. I worry too about some of the other strange things they do with stock exchanges and high frequency servers, like over clocking their processors. This is dangerous and ask a hospital CTO or CIO about over clocking processors and you would have to pick them up off the floor, as you don’t do it. You can have a car that can go 100 mph but do you push it and run it as 125 mph all the time? That’s what over clocking does and it brings up some real potential safety issues, like frying the brains or processors of the server if something goes wrong.
It's very much algorithmic warfare, with no real thought given to collateral damage.
I still like to go back to the 2009 flash crash and think about what really may have occurred with exchanges at the time in the process of upgrading processors to new Xeons with a whole lot more cache and memory disambiguation and wonder if that did in fact blow out the load balancers on the servers as some still had slower speed chips, and delayed a server fail over, as all posted as the transactions too place when self healing took place. Not many delve into the possible processor end of this but I did some training for Intel a while back and took advantage as best I could to read up on as much as I could as far as cores, the software on the chips and how they all came together at the time with the front side buses, and by today’s terms, much of that has changed and accelerated quite a bit, but the principles of the mechanisms are still there. I did my speculating like all the other geeks out there and wrote up my thoughts back in 2009, link below.
One thing I have to say is thank goodness the exchanges don’t run 24/7 as the IT folks would be pulling their hair out without the time in between to do their maintenance and other software/hardware work. Back on track here NASDAQ OMX might be fielding a number of inquiries now from their clients as well since it has now been established that hacking was possible. Clients may wonder how safe is the software they created?
In Los Angeles we had an intrusion that we watched kind of helplessly a couple years ago to where the internet comes in and they were seen and they came on and quietly went away, that was big and something that drew a lot attention. Hackers today I don’t believe are in it for the glory so much as they were before as if they get caught, it’s right off to jail and by just looking around and gaining information , they can use it elsewhere and remain anonymous as this is what could have been occurring here. Hackers write algorithms to get in to systems so there’s a good side and a dark side of computer code.
We have an SEC that better get some serious ALGO MEN on hand and get in to the 20th century here if their regulation methodologies are going to be effective. Perhaps regulation in some areas now may not look so bad and if the SEC in turn via upgraded technologies and audit trails has information to also stay on top of minding their business, all might be able to get along when it comes to wars on security an unauthorized access. BD
The exchange's trading platform—the part of the system that executes trades—wasn't compromised, these people said. However, it couldn't be determined which other parts of Nasdaq's computer network were accessed.Investigators are considering a range of possible motives, including unlawful financial gain, theft of trade secrets and a national-security threat designed to damage the exchange.