FTSE reviews website policy after hack
A website run by stock exchange indices company FTSE, co-owned by the London Stock Exchange (LSE) and the Financial Times (FT), was defaced on Friday morning, prompting a security review at the firm.
The hack, a simple defacement by a relatively unknown group of hackers calling themselves ‘katkrew’, posted a web page over the top of ft-se.co.uk, one of two URLs pointing to a public information website run by the company.
No confidential data is thought to have been present on the website, which runs Netscape 3.0 on Sun’s Unix operating system, Solaris.
Donald Keith, managing director of FTSE Europe, confirmed that the website had been hacked. He told vnunet.com: ‘There was a breach this morning but no business-critical data was affected. We do take this very seriously. I’m particularly concerned about this issue and we will review how the breach took place and what steps can be taken to ensure it doesn’t happen again.’
Keith said the company was in the process of implementing a new ecommerce strategy for www.ftse.com, the other address of the current website.
Experts said this morning’s attack may have been made possible because the website was running old software, and that FTSE may have got off lightly.
Chris McNab, network security analyst at MIS Corporate Defence Solutions, said similar hacks on US stock exchange websites had been far more complicated, taking as long as nine months from placing entry points into a network, so-called back doors which only the hacker knows about, to exploiting the hole.
Gavin Day, director of IT and operations at FTSE, ruled out any possible implications for FT.com or the LSE. He explained that the FTSE website was run from a dedicated server and that the only links to either of the other websites were HTML links on a web page. He did admit that the firm had been running old software on its website but said this would change.
- This article first appeared on vnunet.com.