[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] Intruder defaces Nasdaq-100 Index Web page
From:       InfoSec News <isn () C4I ! ORG>
Date:       2000-12-28 9:02:54
[Download RAW message or body]

http://www.computerworld.com/cwi/story/0,1199,NAV47_STO55654,00.html?OpenDocument&~f

By DAN VERTON
December 27, 2000

A hacker that goes by the name "prime suspectz" cracked into a Nasdaq
Stock Market Web server Saturday and replaced the contents of the
Nasdaq-100 Index page with an offensive message.

The incident marks the second security violation in a little more than
a year for Nasdaq, which is owned by the Washington-based National
Association of Securities Dealers Inc. Last year, a group that calls
itself "United Loan Gunmen" broke into the server running the Nasdaq
and American Stock Exchange Web sites but failed to make off with any
sensitive financial data.

Judy Inosanto, a spokeswoman for Nasdaq, said that the latest security
breach remained isolated to the Nasdaq-100 Index page and that the
mechanism that people use to conduct financial transactions throughout
the market "was in no danger of being compromised." The hacker's
message has been removed.

Inosanto said Nasdaq does not comment on what, if any, steps the
company has taken to bolster security on the site.

In the message left on the Nasdaq Web site, the hacker made reference
to the ease with which Microsoft Corp.'s Windows Server could be
hacked.

In May 1999, Nasdaq announced a $2 million program to replace its
Tandem Computers Inc. and Sun Microsystems Inc. systems with 22 Unisys
Corp. Aquanta ES5000 four-way servers. Nasdaq made the change as part
of an effort to enhance the performance of its real-time surveillance
and troubleshooting operations. The Unisys servers feature Pentium III
Xeon processors with Windows NT Server, Microsoft SQL Server and other
Microsoft software.

The hacker also mentioned the hacker group "Crime Boys," the
Brazil-based group that is widely believed to be responsible for the
defacement in March of the main Web pages maintained by the Bureau of
Land Management's National Training Center and the U.S. Army's Reserve
Officer Training Corps Command. The group also attempted a third
series of attacks against NASA's Jet Propulsion Laboratory, which
forced the agency to block all Internet traffic from Brazil.

[Compromised NASDAQ-100 site at:
http://www.attrition.org/mirror/attrition/2000/12/23/www.nasdaq-100.com/ ]

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV@SecurityFocus.com with a message body of
"SIGNOFF ISN".

[prev in list] [next in list] [prev in thread] [next in thread]