In October 2010, a Federal Bureau of Investigation system monitoring U.S. Internet traffic picked up an alert. The signal was coming from Nasdaq (NDAQ). It looked like malware had snuck into the companyâ€™s central servers. There were indications that the intruder was not a kid somewhere, but the intelligence agency of another country. More troubling still: When the U.S. experts got a better look at the malware, they realized it was attack code, designed to cause damage.
As much as hacking has become a daily irritant, much more of it crosses watch-center monitors out of sight from the public. The Chinese, the French, the Israelisâ€”and many less well known or understood playersâ€”all hack in one way or another. They steal missile plans, chemical formulas, power-plant pipeline schematics, and economic data. Thatâ€™s espionage; attack code is a military strike. There are only a few recorded deployments, the most famous being the Stuxnet worm. Widely believed to be a joint project of the U.S. and Israel, Stuxnet temporarily disabled Iranâ€™s uranium-processing facility at Natanz in 2010. It switched off safety mechanisms, causing the centrifuges at the heart of a refinery to spin out of control. Two years later, Iran destroyed two-thirds of Saudi Aramcoâ€™s computer network with a relatively unsophisticated but fast-spreading â€świperâ€ť virus. One veteran U.S. official says that when it came to a digital weapon planted in a critical system inside the U.S., heâ€™s seen it only onceâ€”in Nasdaq.
Read more at Bloomberg Businessweek.