Additional details have emerged from the compromise of the Nasdaq network that took place last year. While the investigation is still ongoing, the prognosis is starting to look grimmer than initially believed.

Investigators have uncovered evidence of unknown hackers having installed monitoring software to spy on "scores" of directors who logged into a Nasdaq web application called Directors Desk. Located at directorsdesk.com, it is a platform used by corporate boards to share documents and collaborate.

Gunter Ollmann, vice president of research at Damballa, told eWeek that "it appears that vulnerabilities within the application were probably successfully exploited by remote attackers that allowed them to peruse information exchanges between various company directors."

The current speculation is that the account of at least one board director was compromised for the attackers to gain initial access. Once inside, the hackers leveraged the access to uncover zero-day software vulnerabilities which eventually allowed them to eavesdrop on communications.

While it is still not known what the hackers were looking for, or made away with, the multiple steps required to perpetuate the hack have raised some eyebrows. Certainly, the increasing sophistication behind the compromise is making it increasingly unlikely that the entire debacle is the work of individual hackers. For now, businesses would be well advised to consider the use of penetration testing to guard against previously unknown flaws.

For more on this story:
- check out this article at eWeek
- check out this article at The Globe and Mail

Related Articles:
Hackers broke into Nasdaq network
Three ways cyber criminals make money from hacking you
Radcliffe: Medtronic in denial about insulin pump hacked at Black Hat
Amazingly true (and dumb) password practices