Originally created 09/16/99

Hackers vandalize Internet sites for stock exchanges



WASHINGTON -- Hackers vandalized the Internet sites Wednesday for Nasdaq and the American Stock Exchange, but there was no evidence they manipulated financial data during the electronic affront to the world's markets.

A group calling itself "United Loan Gunmen" infiltrated the computer running the Web sites for Nasdaq and Amex just after midnight.

The hackers left a taunting message -- the high-tech equivalent of spray-painting graffiti -- and also claimed to have briefly created for itself an e-mail account on Nasdaq's computer system, suggesting a broader breach in security.

"That's a pretty serious allegation," said Christopher Rouland, director of a team of computer security engineers, called X-force, for Atlanta-based Internet Security Systems Inc. "It's difficult to say if it's accurate, but once you breach the perimeter, it certainly is easier to get into the infrastructure."

Nasdaq Spokesman Scott Peterson said later Wednesday it was the exchange's policy not to discuss security issues but added, "the Nasdaq Web site is operational and secure. We will continue to monitor our sites to maintain their integrity."

"What we've been talking about concerns our Internet sites and has nothing to do with our trading network," Peterson said.

Nasdaq recently acquired the American Stock Exchange.

The hacker group left a message saying it intended to "make stocks rise drastically, thus making all investors happy, hopefully ending with the investors putting bumper stickers on their Mercedez' that say 'Thanks ULG!"'

"Meanwhile, ULG members go back to flipping burgers at McDonalds."

Christopher Ullman, a spokesman for the Securities and Exchange Commission, which oversees the nation's stock exchanges, declined to comment.

Rouland said the attacks on Nasdaq and Amex were likely to cause anxiety among computer professionals on Wall Street.

"It certainly will in the financial communities," he said. "People will notice, and it will cause a buzz. This is going to cause more people to pay attention to security."

Nasdaq's Web site runs software from Microsoft Corp., called Internet Information Server, that has suffered several serious security problems during the past year. Microsoft has distributed patches in each case but relies on local computer administrators to install them correctly.

"System administrators can forget to install patches," Rouland said.

Another expert, Russ Cooper, said it's a mistake to assume that the Internet's most popular sites are secure from hackers.

"It would be nice if we could assume that a high-profile site would have better security people on staff," said Cooper, who runs the NTBugtraq discussion group on the Internet for security flaws. "Unfortunately, my experience is that's a hope, not a reality."

The hacker group also had claimed responsibility earlier this week for the defacement of the Internet site for Matt Drudge, the Internet gossip columnist, and electronic attacks against C-Span last week and against ABC just weeks ago. All those organizations also used Microsoft's Internet Information Server to run their Web sites.

Nasdaq trading volume averages about 800 million shares a day.

As global financial markets have expanded at a dizzying pace, Nasdaq has adopted an aggressive international strategy. Earlier this year, Nasdaq took over the Amex and announced plans to establish an electronic trading exchange in Japan.

Nasdaq also has set up a joint Web site with Hong Kong's stock exchange that will allow U.S. investors to trade in Hong Kong securities, has signed a similar deal with the Australian Stock Exchange, and is looking into new alliances in Europe.

The global expansion by the world's second-largest stock market has sharpened its competition with the largest, the New York Stock Exchange, which uses a traditional trading floor.