The hackers who attacked the Nasdaq last year were surreptitiously spying on public company board of directors, a new report claims.
According to Reuters, citing sources with knowledge of the ongoing investigation into the Nasdaq breach, the hackers were able to access Nasdaq’s Web-based software program, Directors Desk, to spy on company executives. According to Reuters, the software is used to facilitate communication and document sharing between Nasdaq and public companies.
Hackers reportedly breached Nasdaq defenses last year, but news of the breach wasn’t made public until earlier this year. According to a report in February, it was believed that the hackers were simply “looking around” Nasdaq’s servers, but were not able to access anything critical.
However, just a month later, sources told Bloomberg that the attack appeared to be more widespread than initially believed and the National Security Agency was involved in the investigation, prompting some to wonder if the attacks posed a national security risk.
So far, neither Nasdaq nor the NSA have commented on who might have been behind the attacks, but initial evidence seemed to point to the attacks originating in Russia. Unnamed investigators speaking to The Wall Street Journal at the time said that even though the attacks might have originated from Russia, the hackers might have been routing their attack through Russian servers to disguise their true location.
Reuters’ sources didn’t divulge which companies’ directors were targeted in the Nasdaq attack, but they did say that “scores” of executives were spied on by the hackers until the malware that facilitated the breach was removed.
But even as Nasdaq tries to learn more about past breaches, the company must still worry about the future. In an interview with Reuters in July, Nasdaq CEO Robert Greifeld told the news service that “as we sit here, there are people trying to slam into our system every day,” adding that his organization spends close to $1 billion each year on security alone.
Nasdaq did not immediately respond to CNET’s request for comment.