Hackers find new way to cheat on Wall Street -- to everyone's peril

Side-channel attack on high-frequency trading networks could net a hacker millions of dollars in seconds -- and leave everyone else much poorer

Page 2 of 2

Indeed, latency, even at the very highest speeds, is so concerning that researchers at MIT recommended any organization dealing in complicated time-sensitive global interactions should take a hard look at where they locate their data centers.

The MIT researchers even suggested that financial firms could gain some advantage by taking advantage of limitations posed by the speed of light. For example, it typically takes about 50 milliseconds to send a message from New York to London. Placing a server between the two could cut the speed of communication in half, they said, which may be enough time to take advantage of some momentary pricing discrepancy. Trading on that discrepancy is known as arbitrage, and it's becoming increasingly common.

Lessons of the "flash crash"
The vulnerability of markets in which high-frequency trading is common became all too evident last May, when exchanges experienced a "flash crash" that drove the Dow Jones down about 600 points in just five minutes. The incident was not the result of deliberate manipulation, but it shows just how dependant the financial world is on technology it doesn't really understand.

"Financial institutions and exchanges with [high-frequency trading] are spending millions to improve latency by microseconds and at the same time can't measure the data at that resolution in real time. It's disturbing," Kay says.

A side-channel attack on a high-frequency trading network is analogous to a denial-of-service attack. In a typical DoS attack, bots flood a target website with enormous numbers of hits, often causing a crash. A side-channel attack would be infinitely more subtle, but it would still function by adding extraneous packets to a legitimate data stream. Those extra packets slow the data just enough to give someone else a chance to move first in the market.

Kay says he does not know if anyone has yet launched a side-channel attack against a high-frequency trading network -- but it worries him. And it worries me. Financial markets are supposed to be a level playing field. They're not, of course. Small players, like the millions of us who invest for our 401(k)s and other retirement accounts, are at an immense disadvantage even when everything is kosher. But the proliferation of high-frequency trading widens the gap even more. If someone can really take advantage of a weakness in those networks, we're all really in trouble. And that's just another reason why more -- not less -- regulation is required in the financial markets.

I welcome your comments, tips, and suggestions. Post them here so that all our readers can share them, or reach me at bill.snyder@sbcglobal.net. Follow me on Twitter at BSnyderSF.

This article, "Hackers find a new way to cheat on Wall Street -- to everyone's peril," was originally published by InfoWorld.com. Read more of Bill Snyder's Tech's Bottom Line blog and follow the latest technology business developments at InfoWorld.com.

| 1 2 Page 2