Nastier at NASDAQ and the ROI of Security

Here is a correction to “Nastiness at NASDAQ” BlogInfoSec, March 7, 2011. The first sentence of the second paragraph should read “From my particular perspective, the most disturbing aspect of the incident, as reported, is that either NASDAQ staff or law enforcement apparently do NOT know what the intruders did or did not do.” Sorry for omitting the “not.”

The above correction is an obvious typo. Another correction, which more recently came to light in the March 30, 2011 CNET column by Steven Musil with the title “Report: NSA joins Nasdaq hack probe” available at;title It is that NEITHER NASDAQ staff NOR law enforcement appear to have been able to determine what the hackers did and to what. Musil’s article describes how the NSA (National Security Agency) has been called in to assist the Secret Service and the FBI in the investigations. The Musil column links to another more detailed BusinessWeek article “U.S. Spy Agency Is Said to Investigate Nasdaq Hacker Attack” by Michael Riley at  It is worthwhile reading the latter article as it gives a much better picture as to what is going on at Nasdaq and why it is potentially so serious.

Riley quotes Joel Brenner, who has headed U.S. counterintelligence in the Bush and Obama administrations, as saying “By bringing in the NSA, that means that they THINK [emphasis added] they’re dealing with a state-sponsored attack or it’s an extraordinarily capable criminal organization.” An unidentified source said that “the attack was more extensive than Nasdaq had previously disclosed.” Riley says that it might take investigators months to finish their work.

Post a Comment

Your email is never published nor shared. Required fields are marked *