Security News > 2000 > December > Intruder defaces Nasdaq-100 Index Web page

Intruder defaces Nasdaq-100 Index Web page
2000-12-28 09:02

http://www.computerworld.com/cwi/story/0,1199,NAV47_STO55654,00.html?OpenDocument&~f By DAN VERTON December 27, 2000 A hacker that goes by the name "prime suspectz" cracked into a Nasdaq Stock Market Web server Saturday and replaced the contents of the Nasdaq-100 Index page with an offensive message. The incident marks the second security violation in a little more than a year for Nasdaq, which is owned by the Washington-based National Association of Securities Dealers Inc. Last year, a group that calls itself "United Loan Gunmen" broke into the server running the Nasdaq and American Stock Exchange Web sites but failed to make off with any sensitive financial data. Judy Inosanto, a spokeswoman for Nasdaq, said that the latest security breach remained isolated to the Nasdaq-100 Index page and that the mechanism that people use to conduct financial transactions throughout the market "was in no danger of being compromised." The hacker's message has been removed. Inosanto said Nasdaq does not comment on what, if any, steps the company has taken to bolster security on the site. In the message left on the Nasdaq Web site, the hacker made reference to the ease with which Microsoft Corp.'s Windows Server could be hacked. In May 1999, Nasdaq announced a $2 million program to replace its Tandem Computers Inc. and Sun Microsystems Inc. systems with 22 Unisys Corp. Aquanta ES5000 four-way servers. Nasdaq made the change as part of an effort to enhance the performance of its real-time surveillance and troubleshooting operations. The Unisys servers feature Pentium III Xeon processors with Windows NT Server, Microsoft SQL Server and other Microsoft software. The hacker also mentioned the hacker group "Crime Boys," the Brazil-based group that is widely believed to be responsible for the defacement in March of the main Web pages maintained by the Bureau of Land Management's National Training Center and the U.S. Army's Reserve Officer Training Corps Command. The group also attempted a third series of attacks against NASA's Jet Propulsion Laboratory, which forced the agency to block all Internet traffic from Brazil. [Compromised NASDAQ-100 site at: http://www.attrition.org/mirror/attrition/2000/12/23/www.nasdaq-100.com/ ] ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".


News URL

http://www.computerworld.com/cwi/story/0,1199,NAV47_STO55654,00.html?OpenDocument&~f