All the latest UK technology news, reviews and analysis


Hackers target NASDAQ Community for passwords and account data

18 Jul 2013
Nasdaq technical glitch hits Apple Facebook and Microsoft

Cyber criminals have targeted the NASDAQ Community forum with a password-stealing attack, looking to gather sensitive information that could be used to mount a larger, more costly campaign.

NASDAQ sent out an email warning users that their account information may have been compromised, but confirming no trading or stock exchange information or systems had been affected by the breach. NASDAQ is yet to confirm how many of the community users have been affected and at the time of publishing had not responded to V3's request for comment.

NASDAQ has since taken the community website offline to upgrade its systems to plug the breach. NASDAQ has been a common target of criminals and was hit by a more serious cyber attack in 2011.

While the information stolen is not necessarily dangerous, it could be used by criminals to mount subsequent, more advanced attacks. In general the information is used by criminals to create more tailored phishing messages, or make more intelligent password guesses when attempting to infiltrate victims' main work accounts.

However, F-Secure analyst Sean Sullivan told V3 the information stolen from NASDAQ could theoretically be used to mount an even more dangerous attack. "How bad is this? That really depends on how forthcoming the NASDAQ community admins have been," he said.

"Imagine this: Suppose the NASDAQ community forum wasn't just compromised for its users' passwords – but also to use it as a watering hole. You thought the Twitter, Facebook, Apple, Microsoft watering hole attack compromises via the iPhone Dev SDK forum was bad? Well, I think that would be nothing compared to the kind of damage that could be done via NASDAQ."

A watering hole attack is a tactic commonly used by hackers to target specific groups. It sees them infiltrate a commonly visited website by people within the target industry and lace it with malware, letting them infect a large number of people, without having to mount multiple attacks.

The potential value of password and account information has made it an increasingly valuable commodity for cyber criminals, with many selling it on cyber black markets. Most recently Webroot researcher Dancho Danchev reported uncovering a Russian cyber gang selling thousands of users' Skype and Twitter password details on a newly created blackmarket.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Windows 10 poll

What are your first impressions of Windows 10?
12%
5%
10%
4%
20%
3%
46%

Popular Threads

Powered by Disqus
V3 Sungard roundtable event - Cloud computing security reliability and scalability discussion

CIOs debate how to overhaul businesses for the digital era

V3 hosts roundtable with Sungard Availability Services

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Account Manager - Partners - Birmingham / UK travel

Account Manager - Partners - Birmingham / UK travel...

Technical Support Technician II

Title: Technical Support Technician II Employment Type...

Technical Support Technician I

Title: Technical Support Technician I Department: Client...

Administrator - Projects & Training

Administrator - Projects & Training Location...
To send to more than one email address, simply separate each address with a comma.