In October 2010, a Federal Bureau of Investigation system monitoring U.S. Internet traffic picked up an alert. The signal was coming from Nasdaq (NDAQ). It looked like malware had snuck into the companyâs central servers. There were indications that the intruder was not a kid somewhere, but the intelligence agency of another country. More troubling still: When the U.S. experts got a better look at the malware, they realized it was attack code, designed to cause damage.
As much as hacking has become a daily irritant, much more of it crosses watch-center monitors out of sight from the public. The Chinese, the French, the Israelisâand many less well known or understood playersâall hack in one way or another. They steal missile plans, chemical formulas, power-plant pipeline schematics, and economic data. Thatâs espionage; attack code is a military strike. There are only a few recorded deployments, the most famous being the Stuxnet worm. Widely believed to be a joint project of the U.S. and Israel, Stuxnet temporarily disabled Iranâs uranium-processing facility at Natanz in 2010. It switched off safety mechanisms, causing the centrifuges at the heart of a refinery to spin out of control. Two years later, Iran destroyed two-thirds of Saudi Aramcoâs computer network with a relatively unsophisticated but fast-spreading âwiperâ virus. One veteran U.S. official says that when it came to a digital weapon planted in a critical system inside the U.S., heâs seen it only onceâin Nasdaq.
Read more at Bloomberg Businessweek.