All the latest UK technology news, reviews and analysis

Hackers target NASDAQ Community for passwords and account data

18 Jul 2013
Nasdaq technical glitch hits Apple Facebook and Microsoft

Cyber criminals have targeted the NASDAQ Community forum with a password-stealing attack, looking to gather sensitive information that could be used to mount a larger, more costly campaign.

NASDAQ sent out an email warning users that their account information may have been compromised, but confirming no trading or stock exchange information or systems had been affected by the breach. NASDAQ is yet to confirm how many of the community users have been affected and at the time of publishing had not responded to V3's request for comment.

NASDAQ has since taken the community website offline to upgrade its systems to plug the breach. NASDAQ has been a common target of criminals and was hit by a more serious cyber attack in 2011.

While the information stolen is not necessarily dangerous, it could be used by criminals to mount subsequent, more advanced attacks. In general the information is used by criminals to create more tailored phishing messages, or make more intelligent password guesses when attempting to infiltrate victims' main work accounts.

However, F-Secure analyst Sean Sullivan told V3 the information stolen from NASDAQ could theoretically be used to mount an even more dangerous attack. "How bad is this? That really depends on how forthcoming the NASDAQ community admins have been," he said.

"Imagine this: Suppose the NASDAQ community forum wasn't just compromised for its users' passwords – but also to use it as a watering hole. You thought the Twitter, Facebook, Apple, Microsoft watering hole attack compromises via the iPhone Dev SDK forum was bad? Well, I think that would be nothing compared to the kind of damage that could be done via NASDAQ."

A watering hole attack is a tactic commonly used by hackers to target specific groups. It sees them infiltrate a commonly visited website by people within the target industry and lace it with malware, letting them infect a large number of people, without having to mount multiple attacks.

The potential value of password and account information has made it an increasingly valuable commodity for cyber criminals, with many selling it on cyber black markets. Most recently Webroot researcher Dancho Danchev reported uncovering a Russian cyber gang selling thousands of users' Skype and Twitter password details on a newly created blackmarket.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

Work location poll - office, remote or home?

Where do you spend most time working on your primary work device?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Beacon technology: what are the opportunities and how does the technology work?

This paper seeks to provide education and technical insight to beacons, in addition to providing insight to Apple's iBeacon specification


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Business Analyst – Fintech50

Business Analyst – Fintech50 Quant Capital is urgently...

Global Head of Retail Insurance - Digital

The Global Head of Digital will be responsible for leading...

QA Officer

QA OFFICER Contract - Up to £11 per hour Crewe...

Technical Support Engineer

Technical Support Engineer - Citrix / Appsense / SCCM...
To send to more than one email address, simply separate each address with a comma.