Byron Acohido, USA TODAY
SEATTLE - Officials for the moment say they cannot pinpoint anything malicious about the extraordinary outage of the Nasdaq stock exchange Thursday.
But the incident had all the earmarks of the three waves of denial-of-service attacks that have bedeviled U.S. financial institutions, including stock brokerages, since last September.
An Iranian hacking collective - Cyber Fighters of Izz ad-Din al-Qassam - has claimed credit for orchestrating sophisticated attacks that have overwhelmed the expensive security systems U.S. banks have put into place to keep their online banking services up and secure.
"My first thought is that it is a denial-of-service attack, but I'm not sure," says Gartner banking security analyst Avivah Litan. "It's a very attractive target. It's very visible, and that's what these Iranian state attacks are all about, making a political statement by disrupting a visible website."
More recently, a copycat group of profit-minded hackers has conducted denial-of-service attacks against certain U.S. banks as a smoke screen to divert attention while they execute an Ocean's 11-style wire transfer fraud.
Litan earlier this month blogged about that caper. These bad guys, she says, set into motion sophisticated denial-of-service attacks that overwhelmed pretty sturdy bank network security. While tech staff labored manually to get the banks' websites back into service, the crooks scrambled behind the scenes to extract funds from a bank employee's privileged account, which they had gained access to.
Instead of getting into one customer account at a time, the criminals used the employee's account to control the master payment switch for wire transfers, and moved as much money as they could from as many accounts as possible for as long as possible, Litan reports.
"Considerable financial damage has resulted from these attacks," says Litan.
However, Litan says those copycats would have a considerably harder time trying to extract funds from a stock exchange, where funds move about in a highly complex process understood only by stock market tech gurus.
It's more plausible that the Iranian ideological hackers would be behind a disruption of Nasdaq, like the three-hour outage that began shortly after noon, Eastern time, Litan reasons.
The first wave of denial-of-service attacks attributed to the Cyber Fighters of Izz ad-Din al-Qassam began last September and lasted about six weeks. Knocked offline for various periods of time were Wells Fargo, U.S. Bank, Bank of America, JPMorgan Chase & Co. and PNC Bank.
The second wave commenced in December and lasted seven weeks, knocking out mid-tier banks and credit unions.
And a third wave of high-powered denial-of-service attacks commenced in March targeting credit card companies and financial brokerages.
"I don't have any inside knowledge, but I think this one (Nasdaq) is political, as well," Litan says.
Nasdaq has been hit by hackers before. In 2011, the FBI disclosed that they discovered suspicious files lurking in a server supporting Nasdaq's Directors Desk, a cloud-based collaboration service for company board members and senior executives.
Hackers often embed such files to snoop for valuable data, in this case possibly to gain information to make trades using insider knowledge.
Nasdaq at the time issued a statement saying "there is no evidence that any Directors Desk customer information was accessed or acquired by hackers."
However, it typically takes weeks to months for forensics experts to unravel where expert hackers have roamed in a breached network.
Security experts also note that brokerage Goldman Sachs reported a startling Internet-related glitch on Tuesday.
The giant brokerage house reported a system programming error that set incorrect price limits and selling algorithms affecting contracts for companies such as JPMorgan Chase & Co., Johnson & Johnson and Kellogg Co., according to Reuters.
The timing of today's Nasdaq outage -- occurring within 48 hours of the Goldman Sachs glitch -- strikes Roel Schouwenberg, senior researcher at Kaspersky Lab, as peculiar.
"It's definitely possible that either cybercriminals or hacktivists were responsible for either of these incidents," Schouwenberg says. "So that means it could either be an operation which is financially motivated or an operation which is aimed at sabotage. However, this is speculation. These could all just be glitches of sorts, but the timing is definitely strange."
Sean Sullivan, a security adviser at F-Secure, concurs.
"Well, so far this week there's been a computer error that caused Goldman Sachs to sell options for a dollar, and now this," Sullivan observes. "It really, really makes me wonder about the undisclosed details surrounding the Nasdaq forum hack."