noonneeJuly 18, 2014 2:08 PM

So, the conclusion is:

- nobody is sure who were behind the potential attack

- nobody know what would be the result of the attack (since there was only information being copied, but no service affected)

- there are other corporations / exchanges who refused to cooperate in the investigation, and might be vulnerable as well

That's it? I missed something ?

Name (required) but without the colonJuly 18, 2014 2:51 PM

So no one is really looking after US network security? My take away from this is that we are doomed. That the conjecture that all the universe's advanced civilizations have self-anihilated so very soon (you have to think on the right time-scale to see this) after gaining the ability to technologize that it explains why we continue to not detect intelligent life elsewhere. It's all dead now; their EM transmitters etc. have stopped. Like ours soon will. As our species gets bigger and bigger, and correspondingly more and more unwieldy (it's a scale problem without any apparent solution, at least so far), we are also getting dumber and dumber. Look at all those crazy science-denying politicians we are actually still electing. Not good, imo. They keep denying science, we keep electing them, as if "doing science" was roughly on a par with taking up macramé as a hobby. We don't know who to blame, which is a way of saying nobody quite knows what to do next. If you don't whose fault something is, then you don't whose fault it isn't, and so no one can be trusted.

Or something. I'm not an expert at how civilizations, or biospheres, usually terminate. But I just ran out of coffee, and it hurts. So don't take me too seriously.

securitynewsfreakJuly 18, 2014 5:13 PM

It is Bloomberg, Bruce. More propaganda than CNBC. Isn't it a perfect timing of news due Snowden and Russia? It isn't only CIA that utilizes media outlets. Do you remember reading about the Operation Mockingbird? Other agencies have them too. It is too much of a perfect timing and clues are left too easily.

StarChildJuly 18, 2014 6:15 PM

The story was reported extensively in 2011.

In 2013, the story of NASDAQ's hack by four Russians and an Ukrainian broke big news. This attacked happened during the same time period. It was also the infamous Albert Gonzalez case.

According to this article, the secret service pushed the angle that these two hacks were related. They were early on veto'd out because of that.

This article notes the attack was initially found by the FBI. I would infer from the description and some details in the story that the FBI had a rule for this on some kind of border level mass IDS system, and this rule indicated it was a Russian FSB attack code. Apparently, the NSA had previously seen this code and felt they had positive identification of it being FSB.

This article seems to rely heavily on one disillusioned, anonymous, governmental source, though other sources are also included.

At times, it appears that there may be more then one disillusioned, anonymous, governmental source deeply tied to the case. Or it could be simply one source. Maybe they should have given him a name to help explain if this was one source or several?

The kill code angle is also argued against in the same article. It appears that the evidence it was kill code is under considerable question.

The article also argues that the same source has been used by what is believed to be Chinese cyberspies. (Was this found before or after the NSA rule sets the FBI deployed? Who knows.)

It is also noted that NASDAQ systems were a "swamp" of compromises, which made the investigation much more difficult.

The CIA was tasked heavily in this investigation, though it appears their conclusion was nebulous.

Maybe it was a "for profit" attack by someone at the FSB? Maybe by someone who had stolen the code?

The NSA (apparently) argued that the sourcing to the FSB is strong because:

-> It utilized two zero day vulnerabilities (Whether these vulnerabilities were ever seen before in the wild is left unsaid.)
-> Its' programming was highly sophisticated.
-> They had sourced it before to the FSB. How? We do not know.

It does appear that this story was released for some ulterior agenda.

And is not the claims that "kill code" is never seen before contradictory to the claims that there have been a "few" reported instances? While one could resolve that contradiction by claiming the "few" reported instances (not sourced) never before involved "critical US systems"... I find that claim dubious.

After all, it is common practice for countries to set up "worst case scenario" weapon caches and sabotage points. Russia definitely did this heavily during the Cold War. And what else are all these nations doing hacking these critical infrastructure system? Just gathering data? Energy data? Refinery data? Financial data?

Joe KJuly 18, 2014 7:13 PM

From the article:

[...] like a killer using someone else’s gun.

Okay, totally had to stop reading there, roflmao. Still hurts to
breathe. But I'm definitely going back for more of that sweet, sweet
comedy gold, as soon as I can catch my breath.

Protip: When reading the article (if you are at all familiar with the
American television show called The Simpsons) do make sure to hear
voice of Kent Brockman.

And, when you get to the quote from George Venizelos (FBI New York
Assistant Director in Charge), let Chief Wiggum take the podium:

"The investigation into the Nasdaq intrusion is an ongoing’s complex and involves...[er] evidence and [um...] facts... that evolve over time."

Bonus points for getting the voice right for J Syversen.

Speaking of jingoism and fine journalism, another long article comes
to mind:

65535July 20, 2014 3:46 AM

“It does appear that this story was released for some ulterior agenda.” –StarChild


“More like long crap about russians-are-hackers-hail-the-nsa.” -G

I agree.

Given the recent news of the NSA/GCHQ spying, web pole slanting, cyber war on certain sites and individuals, targeted file destruction, silent calls to cell phones and so on, I am suspicious that this inconclusive article on a 2010 to 2011 security breach is PR spin by the agency to blunt negative perceptions of the agency.

“Pushing for answers, the White House turned to the CIA. Unlike the NSA, which gathers intelligence solely by electronic means, the CIA is an “all source” intelligence unit and relies heavily on people. The CIA began to focus on the relationships between Russia’s intelligence agencies and organized crime. Someone in the FSB could have been running a for-profit operation on the side, or perhaps sold or gave the malware to a criminal hacking group. More analysis on the malware showed that its capabilities were less destructive than earlier believed. It couldn’t destroy computers like a wiper virus… By mid-2011, investigators began to conclude that the Russians weren’t trying to sabotage Nasdaq. They wanted to clone it, either to incorporate its technology directly into their exchange or as a model to learn from [economic spying is also practiced by the NSA]… NSA Director Keith Alexander and his agency were locked in a fight with government branches over how much power the NSA should have to protect private companies from this new form of aggression. Such a brazen attack would certainly bolster its [NSA’s] case.” -Businessweek

[In the end the NSA quit with no answers]

“After Obama was briefed for a third time, two people say, the intelligence establishment stood down.”-Businessweek

This article causes more questions than answers. This piece also indicates that the NSA may not be focusing it resources properly to protect “National Security.”

StarChildJuly 20, 2014 2:50 PM

@65535, and on the general subject of the NASDAQ hack "disclosure" (in quotes, because there have been previous disclosures on this, a matter I did not initially recall)

My primary reasons for doubting the authenticity of the story is they cited an anonymous source multiple times without indicating he/she was a singular source, despite this they were able to find what appears to be multiple other sources who were very talkative about the matter, and the timing.

On timing
-> the story is not new, though I had to look it up to be reminded of this, there were multiple news breaks back in 2011... a number of the details are new

-> the US recently arrested a 'son of a Russian politician' on mass CC fraud, so defense of their possible view that there is some deeper connection between Russian and Eastern European criminal organizations and the SVR & FSB is likely a point needing to be made at this time

-> the Russia vs Ukraine situation is an extremely volatile situation, it appears very apparent that Russia is going for at least Eastern Ukraine, and possibly all of Ukraine while the European and American nations are in a deep bind. There is distinctive talk of the possibility of war "out there".

-> in case of war or far deeper sanctions, it is very possible "asymmetric warfare"/electronic warfare/cyberwarfare may severely flare up. This means the feds have to start the information process going to corporations and "out of the loop" defensive organizations that there may be connections between Russian cybercriminal APT & Russian secret services. That there is at least some knowledge of the potential of destructive capability in Russian APT attacks.

Otherwise, their asses are bare if Russia starts to commence hitting the kill code buttons on their command and control APT projects spread wide and deep across corporations.

My "takeaway" is they are embroiled in groupthink, an insidious disease, and are deeply underestimating the Russian intentions on Ukraine. Putin's groupthink across Russian natives and expatriates is extremely high. He has the political muscle built up to do as he pleases. Which is the very same thing as political stupidity. Perhaps it could be said groupthink collectively reduces their intelligence while strengthening their "muscle".

Gronk, "Duuuh, I beat. I kill. I do as I please."

On positives:

This is the kind of thing I do believe these agencies should be involved in. Protecting their country. As opposed to muckracking in the freedoms of their respective countries and leaning strongly towards the very authoritarianism they pretend to be opposing.

While the bloomberg article hyper sensationalized the topic, especially in the first page, the author did, at least, provide what probably was as many contradictory facts to that sensationalism through the rest of the article.

So, it is true, we can be rightly critical of the reporting, at the same time, they did, at least, provide us that very ammo to do so.

xr34jhjb43brj3July 20, 2014 3:39 PM

Hate to break it to you all, but I see shady contracts regarding the US stock market all the time and I don't even look for them. They are usually asking for algorithm work but slip in that they need you to source data that is usually not legally obtainable..

I imagine most NASDAQ infrastructure is on leased line and encrypted, but if you have someone inside slipping in a external gateway it's as simple as rooting a intranet full of poorly managed windows boxes and dumping standard databases..

StarChildJuly 20, 2014 4:01 PM


I totally believe you. We just saw an enormous amount of illegal activity exposed in the 2008 financial collapse. Enron, MCI, and so many other downfalls have also highlighted not so distantly related severe problems of deep level corruption, and how it can become endemic to even "upstanding" corporations.

As many critics have also (rightly) pointed out, there was very little punishment or change for the 2008 collapse.

As a comp sec security guy who has contracted through out the industry, I have heard a lot of horror stories about hacking attacks and the very poor underlying infrastructure there. Most of these I have never seen go to press.

Pretty much across the board for financial institutions, it has been exposed that there was endemic corruption inside and the worst sorts of behavior.

If they did all that they did there without as much of a slap on the wrist, it is completely likely they are ridden with employees engaged in every manner of compromise against their own networks.

xr34jhjb43brj3July 20, 2014 6:55 PM

@StarChild: It's usually US citizens, sometimes with european, asian, russian, or ukrainian business partners. A lot of times operating from small cities like Charlotte NC too.. Most times they never succeed which is why they never show up on FBI radar. They move on to things like gambling and marketing where fraud is legal..

Ex Bank of America management and other execs I found out aren't above sticking their noses in sports gambling and stock fraud either, or at least trying to freelance out work around it..

In Russia this isn't that big, hell FSB contracts out cybercrime to college and primary kids there.. In the US it's mostly negotiated on golf corses and done by venture capital and investment banking circles..

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.