Hackers penetrated Nasdaq's network





NEW YORK (CNNMoney) -- Hackers have repeatedly made their way into the computer network that runs the Nasdaq Stock Market during the past year, the Wall Street Journal reported on Saturday.

The part of the system that executes trades was not breached, sources told the newspaper. However, other parts of Nasdaq's infrastructure were accessed. Investigators from the Secret Service and Federal Bureau of Investigation are looking into the matter, the WSJ reported.

"So far, [the perpetrators] appear to have just been looking around," one unidentified person familiar with the situation told the newspaper.

The NASDAQ OMX Group (NDAQ) subsequently confirmed in a written statement that one of its Web applications appears to have been breached.

The affected application, a communications tool for corporate boards called Directors Desk, operates independently from Nasdaq's trading systems.

"Through our normal security monitoring systems we detected suspicious files on the U.S. servers," Nasdaq wrote. "The files were immediately removed and at this point there is no evidence that any Directors Desk customer information was accessed or acquired by hackers."

The WSJ said investigators have been unable to follow the trail back to any specific individual or country, and are unsure of whether they have plugged all of the network's potential security gaps.

"Cyber attacks against corporations and government occur constantly," Nasdaq said in its prepared statement. "NASDAQ OMX remains vigilant against such attacks. We have been working in cooperation with the government's ongoing investigations and have received their technical advice."

Financial networks are lightning rods for hackers and employ some of the industry's most stringent security defenses. Mischief-makers occasionally break into or slow down the public websites of major financial institutions, but successful intrusions on their internal networks are rarer -- and rarely come to light when they happen.

Hackers publicly attacked Nasdaq's website in 1999, leaving a taunting message on the site. The attack was part of a spate of invasions on dozens of sites across the Web, exploiting a weakness in a commonly used Microsoft server system. Nasdaq's internal systems were unaffected by that breach.