FBI Says, Unpatched Vulnerabilities and Poor Firewall Configurations Responsible for NASDAQ Hack

America’s largest electronic stock exchange, NASDAQA was repeatedly hacked over the past year. While the central trading platform remained unaffected, it could not be determined what other areas were really affected by the hacks. This fiasco stirred up a row of analyses, and the NASDAQ has been a subject of interest for the US Secret Services and the FBI since then.


A year has passed since the unraveling of the hacks and there have been continuous investigations. The FBI has finally narrowed down the cause of the hacks to poor firewall configurations and unpatched vulnerabilities, especially in Microsoft Windows Server 2003. The incorrectly configured firewalls were found in the stock exchange computers. The NASDAQ exchange handles some of the world’s fastest financial operations. Vulnerability in such a critical system is unacceptable, given that the responsibility of maintaining these systems is usually given out in contracts, to software firms.

According to Reuters,

The ongoing probe by the Federal Bureau of Investigation is focused on Nasdaq’s Directors Desk collaboration software for corporate boards, where the breach occurred. The Web-based software is used by directors to share confidential information and to collaborate on projects.

The sources, however, said the investigators were surprised to find some computers with out-of-date software, misconfigured firewalls and uninstalled security patches that could have fixed known “bugs” that hackers could exploit. Versions of Microsoft Corp’s Windows 2003 Server operating system, for example, had not been properly updated.

This shows the sheer ignorance of people at all layers at NASDAQ, towards cyber-security. NASDAQ has stated that no data was stolen or altered on their computers, though it is highly probable, given that they had write access to the NASDAQ computers.

Published by

Chinmoy Kanjilal

Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. You can connect with him on Twitter @ckandroid.