The incident marks the second security violation in a little more than a year for Nasdaq, which is owned by the Washington-based National Association of Securities Dealers. Last year, a group that calls itself "United Loan Gunmen" broke into the server running the Nasdaq and American Stock Exchange Web sites but failed to make off with any sensitive financial data.
Judy Inosanto, a spokeswoman for Nasdaq, said that the latest security breach remained isolated to the Nasdaq-100 Index page and that the mechanism that people use to conduct financial transactions throughout the market "was in no danger of being compromised." The hacker's message has been removed.
Inosanto said Nasdaq does not comment on what, if any, steps the company has taken to bolster security on the site.
In the message left on the Nasdaq Web site, the hacker made reference to the ease with which Microsoft's Windows Server could be hacked.
In May 1999, Nasdaq announced a $2 million program to replace its Tandem Computers' and Sun Microsystems' systems with 22 Unisys Aquanta ES5000 four-way servers. Nasdaq made the change as part of an effort to enhance the performance of its real-time surveillance and troubleshooting operations. The Unisys servers feature Pentium III Xeon processors with Windows NT Server, Microsoft SQL Server and other Microsoft software.
The hacker also mentioned the hacker group "Crime Boys," the Brazil-based group that is widely believed to be responsible for the defacement in March of the main Web pages maintained by the US Bureau of Land Management's National Training Center and the U.S. Army's Reserve Officer Training Corps Command. The group also attempted a third series of attacks against NASA's Jet Propulsion Laboratory, which forced the agency to block all Internet traffic from Brazil.