As the probe deepened inside Nasdaq’s headquarters and its data center, investigators had to reconstruct the path of world-class hackers whose job depended on being untraceable. The team was surprised at how vulnerable a sophisticated operation such as Nasdaq could be. “Our assumption was that, generally speaking, the financial sector had its act together much more,” says Christopher Finan, a former cybersecurity expert in the Obama White House. “It doesn’t mean that they’re perfect, but on a spectrum they’re near the top.”
What the investigators found inside Nasdaq shocked them, according to both law enforcement officials and private contractors hired by the company to aid in the investigation. Agents found the tracks of several different groups operating freely, some of which may have been in the exchange’s networks for years, including criminal hackers and Chinese cyberspies. Basic records of the daily activity occurring on the company’s servers, which would have helped investigators trace the hackers’ movements, were almost nonexistent. Investigators also discovered that the website run by One Liberty Plaza’s building management company had been laced with a Russian-made exploit kit known as Blackhole, infecting tenants who visited the page to pay bills or do other maintenance.
What one investigator referred to as “the dirty swamp” of Nasdaq’s computer banks made following the trail of the Russian malware excruciatingly slow. The agents figured the hackers first broke into Nasdaq’s computers at least three months before they were detected, but that was just a guess. There were indications that a large cache of data was stolen, though proof was scarce, and it was hard to see what was spirited out. “If someone breaks into your house, trying to figure where they went and what they took is pretty difficult because, unlike a bank, you don’t have cameras in your house, you don’t have motion sensors,” says Jason Syversen, chief executive officer of Siege Technologies, a security firm in Manchester, N.H. “In terms of cybersecurity, most companies are more like a house than a bank.”"
Lawrence Halprin, fuente Ira Keller, Portland
This is probably my favourite panel in issue 2 of Wicked + Divine.