Hackers target Nasdaq service

Company says no customer data appears to have been compromised
By The Monterey County Herald (California)
Updated: 02-7-2011 10:55 am

NEW YORK (AP) The company that runs the Nasdaq stock market said Saturday that hackers penetrated a service that handles confidential communications between public companies and their boards.

The service run by Nasdaq OMX Group Inc. carries strategic information for about 300 companies. The company said it appears no customer data were compromised.

Nasdaq OMX said the hacking attempts did not affect its trading systems. Nasdaq is the largest electronic securities trading market in the U.S. with more than 2,800 listed companies.

The application, Directors Desk, makes it easier for companies to share documents with directors between scheduled board meetings, online talks and Web conferencing on a board.

Because board directors have access to information at the highest level, penetrating the service could be of value for insider trading.

A federal official said hackers broke into the systems over more than a year. Investigators are trying to identify the hackers, the official said. The motive is unknown.
The official spoke on condition of anonymity because the inquiry by the FBI and Secret Service is continuing.

Nasdaq OMX spokesman Frank DeMaria said the Justice Department requested that the company keep silent about the intrusion until at least Feb. 14. The Wall Street Journal reported the investigation on its website late Friday, prompting Nasdaq to issue a statement and notify its customers.

DeMaria said Nasdaq OMX detected "suspicious files" during a regular security scan on U.S. servers unrelated to its trading systems and determined that Directors Desk was potentially affected. It pulled in forensic firms and federal law enforcement for an investigation, but found no evidence that any customer information was accessed by hackers.

Nasdaq acquired the company behind Directors Desk in 2007.

In 1999, hackers infiltrated the websites of Nasdaq and the American Stock Exchange leaving taunting messages, but Nasdaq officials said then that there was no evidence the break-ins affected financial data.


Associated Press Writer Pete Yost contributed from Washington.

Report: 'Ransomware' threats growing

Attacks use viruses to hold a user's comptuer hostage
BY TECHWEBNEWS.COM
via NewsEdge Corporation
Updated: 01-20-2011 11:44 am
A malicious type of attack dubbed "ransomware" is on the rise, with antivirus vendor Symantec seeing at least three new variants appearing in recent months. Such attacks often utilize viruses to not just steal a person's sensitive or financial information, but also to disable hard drives and demand money to restore them.

"Threats that use extortion can be some of the most aggressive and, in some cases, offensive viruses encountered," said Symantec security researcher Gavin O Gorman in a blog post.

Unfortunately, attackers continue to advance the ransomware state of the art. For example, GPCoder.G, which first appeared in November 2010, is a small -- only 11 kilobytes -- piece of malware which, if executed, searches a hard drive for files with specific extensions, relating to everything from videos and Microsoft Office files to images and music. It then encrypts the first half of all files found, using a symmetric RSA encryption algorithm and a random key. The random, private key is then encrypted using a public key. "Without the private key from this key pair, it is not possible to obtain the symmetric key in order to decrypt the files," said O Gorman.

To get the private key, the ransomware victim must forward the encrypted symmetric key to attackers, who decrypt and return it. Unfortunately, aside from restoring the encrypted files from a backup, "there is no way to bypass this technique," he said.

Some ransomware attacks, however, go light on innovative technology and heavy on psychology. For example, the Trojan application Ransomlock, discovered in December 2010, locks a user's desktop and lists a premium-rate mobile phone number the user must call to restore desktop access, at a cost of $400.

But in a twist, the attack also changes the frozen background image to a pornographic image. As a result, people "are less likely to seek technical help from another person to solve the problem, in an effort to avoid embarrassment," said O Gorman. The fix, however, is as simple as installing and running antivirus software.

Other ransomware is little more than smoke and mirrors -- more akin to fake AV than Stuxnet. For example, the Bootlock Trojan application, which first surfaced in November 2010, infects a PC and then claims to have encrypted the entire hard drive. It demands $100 to restore it. In reality, however, the virus has simply corrupted the master boot record, which can be restored using recovery tools.