Nasdaq OMX Group Inc. and Bats Global Markets Inc., two of the three biggest operators of U.S. stock exchanges, said access to their websites was disrupted by attacks that flooded their systems with traffic.
Trading systems at both companies were unaffected, according to Nasdaq’s Joseph Christinat and Stacie Fleming of Bats. Neither NYSE Euronext, the New York Stock Exchange’s owner, nor Direct Edge Holdings Inc. experienced any issues, said Richard Adamonis of NYSE and Jim Gorman of Direct Edge. They are the biggest and fourth-largest U.S. exchange operators.
“It’s more of an embarrassment than an actual security risk,” William Karsh, Direct Edge’s former chief operating officer, said in a telephone interview. He’s now the chief executive officer of the Emerging Markets Virtual Xchange. “It doesn’t stop people from trading.”
Nasdaq OMX disclosed an intrusion last year involving “suspicious” files on its Directors Desk system, which lets corporate board members communicate and share information. The National Security Agency, the top U.S. electronic intelligence service, joined a probe of the 2010 attack, people familiar with the investigation said in March.
Network managers at 104 financial-services companies surveyed for Bloomberg Government by the Ponemon Institute LLC said cybersecurity was costing them an average of $16.5 million annually. They estimate that it would cost more than 10 times that amount -- the biggest jump of any industry surveyed -- to raise their attack-prevention rate to a level of 95 percent from the current 68 percent.
Today’s attack slowed or blocked access to Nasdaq’s main website as well as nasdaqtrader.com, a market-information site.
A hacker group’s threat to erase the New York Stock Exchange from the Internet on Oct. 10 failed as its website functioned without interruption. Users saw occasional delays logging on to NYSE.com around the time the Anonymous collective said its attack was to begin.
Over the last year, Anonymous and a splinter group known as LulzSec have been involved in a string of high-profile cyber attacks whose targets include the U.S. Central Intelligence Agency, the television network PBS, Sony Corp., MasterCard Inc. and the websites of governments in Egypt and Tunisia. More than 20 members have been arrested in the U.S. and Europe.