WASHINGTON (AFP) – The Nasdaq stock exchange said hackers penetrated one of its computer systems, but that there was no evidence customer information or trading was compromised.
“Through our normal security monitoring systems we detected suspicious files on the US servers unrelated to our trading systems,” said Frank DeMaria, spokesman for Nasdaq OMX Group Inc., parent company of the Nasdaq.
Nasdaq said its Internet-based Directors Desk, which allows publicly traded companies and their boards to communicate and exchange information online, was “potentially affected” by the breach, which was discovered at the end of last year, DeMaria said.
“The files were immediately removed and at this point there is no evidence that any Directors Desk customer information was accessed or acquired by hackers,” DeMaria’s statement continued.
Nasdaq’s trading platform operates separately, “and at no point was any of Nasdaq OMX’s operated or serviced trading platforms compromised,” he said.
The US Department of Justice was notified and is investigating. A spokesman for the FBI declined to comment to AFP on Saturday.
Nasdaq said it also called in private forensic firms to assist its investigation.
US investigators had asked Nasdaq to keep the information from public view until at least February 14 “in order to facilitate the continuing investigation,” Nasdaq said in its statement.
But Nasdaq, which had agreed to the request, decided to notify customers Saturday after the Wall Street Journal published a story about the hacking.
Cybersecurity expert Clifford Neuman, a professor at the University of Southern California, said there are “serious implications for such an intrusion.” Hackers, he said, might have gained enough knowledge of the system to make the next step — into the trading system.
“Compromise of this less critical system could give an adversary an opportunity to steal passwords, or take other steps to jump to the next more critical part of the system,” said Neuman, director of USC’s Center for Computer Systems Security.
Even without penetrating the trading system, he said, a hacker might be able to manipulate stock prices by having access to a company’s information.
The targeted application is used by 10,000 board directors and company officials around the world, according to the website of Directors Desk, which is a subsidiary of Nasdaq OMX Group.
It boasts that confidential board information is safe because Directors Desk “incorporates state-of-the-art technology, processes and protocols to ensure the highest level of security.”
Nasdaq OMX Group said it is “vigilant against such attacks.”
“Cyber attacks against corporations and government occur constantly,” DeMaria said. “We have been working in cooperation with the government’s ongoing investigations and have received their technical advice for which we are appreciative.”
Nasdaq OMX Group, with 3,600 listed companies, is the largest exchange company in the world. Companies traded on the Nasdaq stock market include Google and Yahoo Inc.