Websites belonging to Bats, CBOE and Nasdaq OMX have been hit by directed denial-of-service (DOS) attacks since the beginning of the week. While trading systems were not affected, the attacks targeted the exchange operators’ public market data site.
A CBOE spokeswoman confirmed the attack occurred on Monday, Feb. 13. She stressed that although access to the exchange’s public website was slowed and even blocked at times, no trading systems or trade data were affected, and that no information was stolen in the attack. Users that attempted to access the exchange’s website mostly were met with a “Denial of Service” message and had to reload the page later to access it.
Bats also confirmed the attack on Feb. 13 and released a statement regarding the attack saying, "Our trading systems were not affected and there were no Exchange customer disruptions associated with the incident. Our website is used to display general information about our market activity for the casual user, and there are no critical functions supported through our general public site."
Although the perpetrators have not been identified, the Financial Times, citing people briefed on the attacks, says a group calling itself “The 99 per cent” may be responsible. The name likely is a reference to the Occupy Wall Street Movement.
Last year the hacker group Anonymous threatened to “erase” the NYSE webpage in support of the Occupy protests, although the attack failed to materialize in any significant form.
Nasdaq OMX was the victim of a more serious cyber-attack in 2010 when hackers broke into the exchange’s Directors Desk, a web-based service that allows board members of listed companies to share sensitive information securely. Following, an FBI investigation found the exchange’s cyber-security to be seriously lacking with out-of-date software, ineffective firewalls and uninstalled software patches throughout the exchange’s computers.