Security expert breaches NASDAQ exchange's website in just 10 minutes using only the Firefox web browser
A cybersecurity executive hacked into the NASDAQ website in only 10 minutes.
By using any combination of browser history, cookies or phishing attacks, hackers can easily take over the exchange’s website, said a security expert who claims took control of the site in only 10 minutes.
Ilia Kolochenk, CEO of High-Bridge Tech, a Switzerland-based technology consulting firm, detailed to the New York Daily News how he notified NASDAQ of the vulnerability multiple times only to be ignored.
Here a glitch, there a hack: Trading on the NASDAQ Market has been halted in the past for glitches, now the exchange's website has been hacked - in only 10 minutes
A good hacker can get full access to Nasdaq.com in a couple of days with the ability to do almost whatever he wants, such as push an announcement that Facebook shares have dropped 90% [which] could cause havoc on the stock exchange,’ Mr Kolochenk told the Daily News.
Calling it ‘quite frightening,’ Mr Kolochenk boasted to the paper that he was able to hack into Nasdaq.com in only 10 minutes – armed with only the Firefox web browser.
All it was took was inputting random HTML code into the site’s script to see if it would be detected before displaying on the site, he further explained. Once it wasn’t, the security expert knew he had found a problem.
Hackers can use codes to display just about anything on any website, including ‘a fake Web form demanding credit card numbers and other personal information or to inject malware to infect PC users,’ Mr Kolochenk warned.
Hacker's delight: Using only a web broswer, Ilia Kolochenk claims he hacked the NASDAQ website in only minutes
‘The only limit is the hacker’s imagination,’ said Mr Kolochenk.
Users could also be forwarded to outside sites maliciously designed to collect information hackers can then use to steal unsuspecting people’s information – also known as phishing. This information can then be used to commit identity theft.
A NASDAQ spokesperson told the Daily News they had contacted Mr Kolochenk regarding his findings, and explained the exchange takes monitoring its website seriously.
‘We work with leading security vendors and have a trained and professional team that evaluates all credible threats across our digital assets.’
Hacked: Mr Kolochenk hacked the site by entering random HTML code from a web broswer, no special tools were needed
Multiple messages left by MailOnline with an exchange spokesperson asking what has been done to mitigate similar attacks in the future were not immediately returned.
This is only the latest in a recent series of events that have called into question the technology used by exchanges and financial firms.
Trading was halted on all four US options exchanges Monday for over an hour after a technical glitch caused quotes to be inaccurately displayed.
Spectacular failure: Facebook's IPO on Nasdaq was initially a bust, as technology issues delayed trading made a mess of trades for the majority of the day
Trading was halted for over three hours in August after a ‘technical glitch’ made trading unfeaseable. Many experts speculated at the time that it appeared from the outside that NASDAQ was hacked, but the exchange denied the rumors.
In April, the Chicago Board Options Exchange – the world’s largest options exchange – delayed opening four hours as a technical glitch was fixed. That halt came only days after hackers broke into the website of retail broker Charles Schwab.
Most infamous, though, is the botched May 2012 Facebook initial public offering on NASDAQ. Trading in the IPO, which is supposed to start at market open, was delayed half an hour and then riddled with errors the rest of the day, which the exchange also blamed on software.