High-Frequency Trading: Security Risk

A Concentric Blog: Examining Security Risks surrounding HFT

HFT article in the NYTimes

Article discusses the rise of High Frequency Trading.

New Speed of Money Reshaping Markets.

The New Speed of Money, Reshaping Markets

By GRAHAM BOWLEY

Secaucus, N.J.

A SUBSTANTIAL part of all stock trading in the United States takes place in a warehouse in a nondescript business park just off the New Jersey Turnpike.

Few humans are present in this vast technological sanctum, known as New York Four. Instead, the building, nearly the size of three football fields, is filled with long avenues of computer servers illuminated by energy-efficient blue phosphorescent light.

Countless metal cages contain racks of computers that perform all kinds of trades for Wall Street banks, hedge funds, brokerage firms and other institutions. And within just one of these cages — a tight space measuring 40 feet by 45 feet and festooned with blue and white wires — is an array of servers that together form the mechanized heart of one of the top four stock exchanges in the United States.

The exchange is called Direct Edge, hardly a household name. But as the lights pulse on its servers, you can almost see the holdings in your 401(k) zip by.

“This,” says Steven Bonanno, the chief technology officer of the exchange, looking on proudly, “is where everyone does their magic.”

In many of the world’s markets, nearly all stock trading is now conducted by computers talking to other computers at high speeds. As the machines have taken over, trading has been migrating from raucous, populated trading floors like those of the New York Stock Exchange to dozens of separate, rival electronic exchanges. They rely on data centers like this one, many in the suburbs of northern New Jersey.

Read the rest of this entry »

Written by Roderick Jones

January 3, 2011 at 1:45 pm

Posted in Background Information, Colocation

Doug Kass predicts cyber-war aimed at NYSE

leave a comment »

Doug Kass of Seabreeze Partners predicts cyber-war attack against NYSE.

In an interview for CNBC the financial anaylst Doug Kass predicts as one of his two surprises for 2011 a cyber-attack against the NYSE that shuts down markets for over a week.

Perhaps he has been reading this blog or Institutional Investor!

Written by Roderick Jones

November 26, 2010 at 3:15 pm

Posted in Security

Tagged with , ,

Interview with HFT Review

I recently completed interview with High Frequency Trading Review a new blog designed to follow news in the HFT space.

Written by Roderick Jones

November 16, 2010 at 3:15 pm

Posted in Security

Tagged with ,

Institutional Investor: Flash Crash and CyberWar

02 Nov 2010

Roderick Jones

The ability to crash or negatively impact financial markets would be an incredible cyber-warfare tool.

The recent release of the long-awaited government report on the May 6 “flash crash” highlighted one specific trade as the catalyst for a series of chain reactions, accelerated by computer algorithms, that whipsawed the market. While the report goes a long way toward explaining the events of that afternoon, it doesn’t begin to address the systemic weaknesses of the market, highlighted by the nearly 600-point drop in the Dow Jones industrial average in a matter of minutes — and the Dow’s even faster recovery.

Flash Crash Vulnerable to CyberwarTo an observer of global security risk, the flash crash looked like a horrific new way to cause economic, political and social damage. Although the crash played out in the U.S., the systems that underpinned it are being used globally and are currently seeing their greatest growth in Asia. The rise in the use of high-speed technology and reactive algorithms to conduct a variety of market functions is driven in part by the innovation and growing dominance of high frequency trading.

One of the more startling pieces of news to come out of the flash crash is the geographic shift in trading. Wall Street is no longer the heart of the U.S. financial market, nor is London’s Square Mile the epicenter of the U.K. market. The data and trading components of the financial systems are now centered in New Jersey and Essex, respectively.

Does this mean that the “ring of steel” surrounding the City of London or the New York Police Department presence outside the Big Board can be scaled back or eliminated? Not entirely, as both market centers are still symbolic targets. But it might be a good idea to move some of these protective resources to the data centers supporting critical financial systems. Although the security of the data centers has no doubt been considered at some length, resulting in bomb-proofing and improved data protection, it would be surprising if all vulnerabilities surrounding the staffing of these sites have been fully explored.

The potential cyberwar element of high frequency trading is a fascinating area of future security risk — not only for financial markets but also for the countries that host them.

One of the fundamental concerns with the system becomes apparent when examining what has been described as the democratization of trading. In short, the use of technology allows companies to offer trading platforms at very low cost to anyone by locating their services in data centers alongside the exchanges themselves. For a small amount of capital, anyone can connect an algorithm to a financial market from anywhere. It remains fundamentally unclear who is responsible for conducting real-life due diligence on the traders tying into the financial system. Much political noise is devoted to which people are allowed to enter a country, but little thought is put into who is tapping into the financial system.

Anonymity, of course, is not a crime. And it has taken a while to understand what, if anything, a rogue algorithm could do if introduced into a particular market. Clearly, the ability to crash the entire market would make for a spectacular attack if the events of May 6 could be replicated, but this seems unlikely.

However, further examination suggests that a kind of denial-of-service attack could be discretely aimed at particular nodes in the financial system, as evidenced by the practice of using algorithms to bombard a market with buy and sell offers to slow it down enough to create a financial arbitrage opportunity elsewhere. It’s not that far-fetched to imagine a terrorist creating a number of algorithms that could act in concert as a denial-of-service attack against financial exchanges.

On a larger scale, the order by mutual fund firm Waddell & Reed to sell $4 billion in index futures contracts, which is being blamed for setting off the May 6 crash, will not have escaped the notice of national governments interested in exerting financial pressure on their opponents. The size of this trade may be beyond the ability of smaller groups to execute, but it is entirely possible for a government to sponsor this kind of market manipulation against its international opponents. In fact, there is a long history of using financial manipulation to gain diplomatic and even military advantage; the weakness of a massively networked system relying on trading algorithms can clearly be exploited during times of international tension.

The ability to crash or negatively impact financial markets would be an incredible cyber-warfare tool. For this reason, the flash crash should be examined further through the lens of security risk to ensure that the vulnerabilities and opportunities are well understood.

Roderick Jones is CEO of Concentric Solutions International, a San Francisco–based security risk management company.

 

Written by Roderick Jones

November 15, 2010 at 10:06 am

Posted in Flash-Crash Specific, Security

Reuters: Flash Crash Special Report

leave a comment »

PARIS (Reuters) – The 20-minute “flash crash” will reverberate for quite some time to come.

For years, America’s stock markets were the envy of the world, the model for modern trading — fast, stable, efficient and for the most part transparent.

But after the Dow Jones industrial average (.DJI) plunged nearly 700 points on May 6 before sharply rebounding, that perception changed, possibly for good.

“On May 6, I recall this beautiful flash crash that was experienced by many of you,” French Finance Minister Christine Lagarde sardonically told those gathered at a World Federation of Exchanges conference in Paris this week. “Well, we certainly don’t want that to happen, and neither do we want somebody to press the wrong key and as a result encourage a nice algorithm to precipitate it.”

The close examination of market structure in the wake of that stomach-churning freefall surprised even the most grizzled investors. They learned that a lone trader using computerized trading codes can submit tens of thousands of orders in a single second. As a result, many of the technological advances that are the hallmarks of modern stock markets are now viewed with at least a little suspicion.

“In the last 20 years came computers, electronic exchanges, dark pools, flash orders, multiple exchanges, alternative trading venues, sponsored access, OTC derivatives, high-frequency traders, MiFID in Europe, NMS in the U.S.,” Thomas Peterffy, founder of Interactive Brokers Group (IBKR.O) and a revered trading industry veteran, told the conference.

“And what we’ve got today is a complete mess.”

The flash crash has altered the heated debate over how to reconstruct the European Union’s interconnected marketplace. And in Asia and Latin America, the aftermath is threatening to hamstring needed upgrades to trading systems, several industry executives and regulators told Reuters.

In a nutshell, the crash put the world’s most sophisticated trading firms, hedge funds and brokers on the defensive, and it strengthened the hands of some traditional investors and even politicians who had agitated for better safeguards in the complicated marketplace.

The fallout has just begun.

Regulators, playing a bigger role, will at the very least shine a brighter spotlight on today’s high-speed marketplace. At the most, they could try to put the brakes on trading advances that are now commonplace.

DENTED CONFIDENCE

The Dow was down 1,000 points when it touched bottom on May 6. Based on the Wilshire 5000 total market index (.W5000), the broadest measure of U.S. equities, that represented a brief paper loss of about $1 trillion from the day’s open.

The incident muzzled exchange operators who previously rarely missed an opportunity to remind the world that public markets were relatively unscathed as the 2007-2009 financial crisis unfolded in private over-the-counter markets.

“I think we were sort of feeling very confident about that, and the flash crash has to some extent dented that confidence,” Jane Diplock, executive committee chairman at the International Organization of Securities Commissions (IOSCO), said in an interview. “While the flash crash, fortunately, did not bring about systemic collapse, what it did was it showed us how important it is to understand what’s happening in markets.”

Earlier this month, the U.S. Securities and Exchange Commission and the U.S. Commodity Futures Trading Commission issued a report that said a single, computer-executed sale worth $4.1 billion by a money manager helped trigger the flash crash.

The 104-page report concluded that the liquidity crisis that day was exacerbated by high-frequency traders quickly offsetting their positions between futures and stocks, and by the overall crush of sell-at-any-price orders.

Exchanges globally have seized on the role that “market fragmentation” played in dispersing and sapping that liquidity — that is, the availability of bids and offers. Stocks trade on 50 some venues in the United States, where the market is more fragmented than in Europe.

“There is a balance between market integrity and complexity, and the U.S. market, lately, seems very complex to us,” Rainer Riess, managing director of Deutsche Boerse’s (DB1Gn.DE) cash equities section, said in an interview.

At the Paris conference, exchange executives repeatedly urged a crackdown on the alternative trading venues that have proliferated, driving down trading fees and eroding their market share over the last decade.

“This incident on May 6 is a symptom of market fragmentation and a call to better coordinate,” said Dominique Cerutti, deputy CEO of NYSE Euronext (NYX.N). “It’s a real life, sad example that bad things can happen if you don’t take care.”

The SEC opened the door to alternative trading venues in 1999, and made them an integral part of the national order routing system with so-called Regulation NMS in 2005 — two big decisions to spur competition that shaped today’s marketplace. The EU took similar steps with its 2007 markets in financial instruments directive, or MiFID, while these low-cost high-tech venues have also cropped up in Canada, Japan and elsewhere.

The European Commission’s sweeping review of MiFID, which began before the U.S. crash, has zeroed in on “transparency” in markets.

It could as early as this year propose tighter rules for both the alternative venues that publicly display prices, and for the so-called dark pools that keep prices anonymous — venues that are typically owned by the world’s biggest banks including Credit Suisse Group AG (CSGN.VX) and JPMorgan Chase & Co (JPM.N).

BATTLE LINES

Whatever the flash crash’s ultimate impact, it has the potential to revamp the way tens of trillions of dollars circulate through the world’s stock markets. It could also spell significant changes to the business models of banks, brokers, exchanges, funds, and the increasingly dominant proprietary trading firms that all interact daily.

The biggest battles in coming years will likely center on so-called high-frequency trading, or HFT, in which firms use computer codes called algorithms to submit rapid-fire bids and offers, making short-term markets and earning tiny profits on price imbalances.

Having effectively replaced the trading floor specialists of years past — and often based in offices nowhere near Wall Street or the City of London — these operations remained quite profitable through the volatile market drop two years ago this month. HFT is now involved in an estimated 60 percent of U.S. stock trading, and 40 percent of that in Europe.

The battle lines are now being drawn.

In a July draft report, British EU lawmaker Kay Swinburne called for a full examination of HFT’s costs and benefits, as well as “stress tests” to determine how exchanges would handle a European version of the flash crash. Top European Commission member Michel Barnier went a step further on Tuesday, declaring that HFT needs new governing rules given the inherent risks it poses.

“I think a number of us are coming to the view that this high-frequency trading has negative social value, and that it’s not information discovery,” Nobel Prize winning economist Joseph Stiglitz, a member of the joint CFTC-SEC advisory panel studying the flash crash’s implications, said on September 30.

“They’re playing games. They’re trying to extract information from informed traders, people who are doing the research,” Stiglitz added at a reception hosted by Thomson Reuters in New York.

SEC Chairman Mary Schapiro has said HFT strategies need a closer examination, and the agency is considering saddling such traders with market-making obligations and privileges so that they provide liquidity when it is most needed. Such a move would put U.S. markets at sharp odds with Europe, which has done away with market makers.

All this tough talk has spooked high-frequency traders and the exchanges that rely on their liquidity and volumes. They note that HFT was not blamed outright in the SEC-CFTC flash crash report, and argue that its short-term strategies have made trading cheaper and easier for all investors.

Richard Balarkas, CEO of Instinet Europe, the Nomura Holdings Inc-owned (8604.T) agency brokerage and alternative venue operator, said winding back the clock is a mistake.

“I don’t think investors on the whole want to go back to a market where they all pay a tax, usually in the form of a wider spread, to a firm making monopoly profits that will in any case wave a white flag as soon as a stock has a liquidity shock,” he said in an interview.

“It’s crystal clear why the flash crash happened: a lack of buyers, and unthinking selling. It was pure, simple supply and demand within a regulatory regime that the SEC had created.”

AFTERSHOCKS

The soul searching in the United States and Europe has spawned some anxiety elsewhere. Exchanges in Asia and Latin America invested heavily in recent years to install electronic matching engines and order routing systems to attract the very kind of trading now under the microscope.

Executives said that while there are lessons to be learned from the flash crash, there is a danger in overreacting.

“It’s unfortunate for places like India, that the confidence among the global regulators was shaken in exchanges in the developed countries,” James Shapiro, head of market development at Bombay Stock Exchange (.BO), said on the sidelines of the Paris conference. “India is basically now where it needs more deregulation to some degree. This has introduced an element of caution.”

Atsushi Saito, CEO of the Tokyo Stock Exchange (.TOPX), which launched a $140-million super-fast “Arrowhead” stock trading system in January, told the conference: “We are carefully watching the report from the United States on this May 6 event… But we are very uncomfortable about the deionization of high-frequency trading.”

When so-called MiFID II takes effect in 2012, it could set the tone for any possible cross-border marketplace in East Asia, where, as in Australia and Brazil, exchanges face the prospect of new competition and a race to ever-faster electronic trading in the near future.

It is here that the most severe aftershocks of the U.S. flash crash could hit, said Joseph Gawronski, president at New York-based institutional broker Rosenblatt Securities.

“Certainly the incumbents don’t want to see fragmentation,” he said. “But at the same time they do want to see high-frequency trading come to increase their velocity. And that’s a very fine line.”

(Reporting by Jonathan Spicer; editing by Jim Impoco and Claudia Parsons)

 

Written by Roderick Jones

October 15, 2010 at 2:13 pm

Posted in Background Information, Flash-Crash Specific, SEC

Inside the NYSE Data Center

leave a comment »

Inside the NYSE datacenter with 60minutes:

http://www.datacenterknowledge.com/archives/2010/10/11/inside-the-new-nyse-data-center/

Written by Roderick Jones

October 11, 2010 at 5:19 pm

Posted in Background Information, Data Center Security, Security

60 Minutes on HFT

leave a comment »

60 Minutes ran a good piece on High Frequency Trading  Link here.

One of the more telling comments was made at the end of the interview:

Turns out it [the flash crash] was triggered when a mutual fund’s computer dumped $4.1 billion of securities on the market in a 20-minute period, which were then gobbled up by the computers of high frequency traders and sold almost immediately, sending other computers and traders heading for the exits.

“The events of May 6th scared people. I don’t think there’s any question about that,” SEC Chairman Mary Schapiro told Kroft.

Schapiro had already proposed rule changes before May 6 that would allow regulators to track and tag high frequency trades and she is now considering further measures.

“Are you comfortable with computers making 50 to 70 percent of the trades on Wall Street?” Kroft asked.

“One of the concerns is, if one goes wrong, if it operates in an unexpected way, given market conditions, what’s the impact of that algorithm that has behaved in an unexpected way, on lots of other investors in the marketplace?” Schapiro replied.

And Schapiro says it has happened since the May 6 crash, after circuit breakers were put in place that automatically halt trading in a stock that moves more than 10 percent in a five minute period.

“A number of times that those circuit breakers have been triggered has been because an algorithm operated in a way nobody intended for it to, causing a stock price to go wildly out of range,” Schapiro said.

—-

The fact that algorithm’s can cause dramatic systemic damage to the financial system is a significant concern.  To date this has been due to malfunctioning algorithm’s rather than malicious acts but the fact that very little regulation or control is placed around who is connecting into the system means that it is wide-open to targeted attack.  The conditions for trading algorithms to be adapted for use as cyber-weapons seem to be in place.

Written by Roderick Jones

October 10, 2010 at 8:37 pm

Posted in Background Information, Security

Tagged with ,

SEC/CFTC Report released

leave a comment »

Highly anticipated report into the May 6th Flash Crash released by the SEC/CFTC.

Report here.

Comment by Commissioner Chilton below:

http://plus.cnbc.com/rssvideosearch/action/player/id/1604879525/code/cnbcplayershare

Written by Roderick Jones

October 1, 2010 at 1:23 pm

Posted in Flash-Crash Specific

Explanation of Flash Crash: Denial of Service Attack demonstrating new Cyber Weapons

with one comment

Increasingly it would appear that a plausible explanation of the May 6th Flash Crash is what is being described by the Chicago data firm, Nanex, as a sharp acceleration in the frequency of orders being sent to exchanges that preceded the plunge in the stock market.

In a new analysis Nanex, has identified a crucial period before the market fell on May 6th when, buy and sell orders shot up markedly.  Creating a saturation in the quote traffic.  The aim and in this case the effect of this saturation is to slow down some markets so that traders can profit by arbitrage with other exchanges. This looks and feels very much like the kind of cyber-war Denial of Service Attacks launched against critical web infrastructure, which have caused so much concern in the National Security Community.  The platform is different but the tactic and implementation are the same.  Arguably though the result is more devastating.

As the Security and Exchange Commission and the Commodity Futures Trading Commission publish their long-awaited report on the flash crash (before the end of the month). It is unlikely that cyber-warfare issues will be placed at the forefront as they seek to re-assure markets and attempt to re-inject some sense of stability.  However, a new area of cyber-warfare has presented itself through investigations into the May 6th crash.  The rapid movement of data throughout the markets can be manipulated to cause, what is in essence a Denial of Service attack against a particular node in the financial network.  Traders are doing this in order to benefit from the arbitrage effect but this tactic could be applied by illicit actors to damage markets themselves.  This is most certainly a new form of cyber weapon, from which financial systems need to defend themselves.

What makes this tactic of greater concern and speaks to the overall problems with High Frequency Trading is that there is little or no security regulation governing who can connect into the financial system in this way. Companies such as Gravitas offer Turn Key technology solutions for High Frequency Traders allowing them high speed connections to all market data and trade execution networks (see relevant quote in red).  While there are financial risk controls in place, there are no published systems for due diligence towards the individuals or companies applying their algorithms into the markets.  So while the EU and USA spends much of its political airtime viciously debating immigration, nobody is looking at who is migrating into the financial markets to make use of new tactics and vulnerabilities.

Written by Roderick Jones

September 27, 2010 at 12:40 pm

Posted in Flash-Crash Specific, Quote Stuffing/Spoofing

Nanex: ‘CancelBot’ removed after Due Diligence

BATS Improvement: CancelBot is Dead (or in hiding).
Publication Date: 09/15/2010

Back to Table Of Contents

In our Initial Flash Crash Analysis and in our continued Crop Circle Of The Day page, we have shown an algorithm originating from the BATS exchange, which we deemed “CancelBot”.

As of 09/15/2010 it has been two complete weeks that we have not seen a single occurrence of CancelBot. This is unusual in that CancelBot was an algo easy to find and ran on every trading day. It appears the BATS exchange has done due diligence, ferreted out this algo and put a stop to it. We will continue to monitor for signs of a CancelBot reappearance but as of this writing we are happy to report CancelBot is no more.

Below is a small description of CancelBot and a few images demonstrating it’s behavior:

CancelBot
CancelBot is unique to the BATS exchange. CancelBot can effect the ask side and the bid side simultaneously or independently. On the bid side it will start near the BBO, cancel the order, drop the order by a penny, cancel the order, drop the order by another penny and again cancel the order, until the price reaches 0.01 and the sequence starts back near the BBO. Conversely the ask side of the algorithm raises the price by a penny until a level is hit when it reverts back to near the BBO. CancelBot generally runs from 100 quotes to 1,000 quotes a second.

Written by Roderick Jones

September 20, 2010 at 4:43 pm

Posted in Due Diligence

« Older Entries