Protect the algorithm: What interests hackers attacking the stock market
In the past few years, reports of hacker attacks on financial companies or even the exchanges themselves have been appearing with enviable regularity. In the fall of 2015, hackers (presumably from Russia) attacked the Dow Jones , before which the Nasdaq and NYSE stock exchanges became a victim of the attack .
The threat of large-scale exchange hacks suddenly became a reality. According to the International Organization of Securities Commissions and the World Federation of Stock Exchanges, in 2012, more than half of the 46 stock exchanges were subjected to cyber attacks. Two-thirds of them are located in the United States.
Experts are increasingly saying that cybercrime is becoming one of the main threats to the financial sector. A report by the Securities Commission in February last year said that 88% of brokers, one way or another, encounter hacker attacks in their work. According to statistics, attempts to penetrate the network of the largest banks in America occur every 34 seconds.
A bit of history
For the first time, the issue of information security in relation to stock markets was discussed 25 years ago. Back in 1991, the supervisory board of the US Audit Chamber conducted an audit, during which it turned out that the vast majority of exchanges had about 68 vulnerabilities in their information system. As financial companies became increasingly “bogged down” in modern technology, security threats only grew.
In the future, hackers continued to periodically attack US exchanges. In 2013, the Nasdaq parent company complained that the criminals had uncovered a service through which management was communicating.
The Securities and Financial Markets Association (SIFMA) has, for some time now, been regularly reviewing financial institutions for resistance to hacker attacks. In the summer of 2014, the Pentagon and the NSA even held a joint exercise to test the ability of banks and private companies to counter cyber threats.
Christopher Finance, once a Pentagon employee and now President Obama’s adviser on cyber security issues in a conversation with Market Watch, said that the root of all troubles is that financial companies usually use "a jumble of poorly compatible protection tools."
Financial institutions try to secure, first of all, their public services, often forgetting that all links should be protected. Therefore, it is not difficult for hackers to penetrate the system. In turn, exchanges are more concerned about the safety and integrity of data and do not, according to the expert, pay due attention to transaction protection.
What else interests hackers
At the same time, hackers are interested not only in access to financial data of exchanges and financial companies. Specialized publications report that over the past couple of years there have also been cases of theft of algorithms that HFT firms and hedge funds use for high-frequency trading.
Information security company Kroll in 2015 reported several cases of attempts to steal trading algorithms - in two cases, the attacks were prevented, said company spokesman Ernest Gilbert. In the third, presumably, the criminals worked more cleanly.
Greg Day, the technical director of another security vendor, FireEye, also talks about his experience in resisting such hacker attacks. According to him, incident investigators had to deal with a specific hack aimed at stealing systems for automatic trading.
What gives the theft of algorithms
Experts say that stealing secret algorithms can have several goals. Hackers may offer to return them for a fee, threatening to publish attack data and thereby provoke a panic among the clients of the financial company. In another case, unfair competitors may be behind this. “Data has long been an important subject of trade, a key resource that you can buy, sell, or simply steal. When it comes to hacking for profit, we are talking about a highly profitable and very organized criminal business. These are no longer teenagers trying to steal anything from Amazon, ”Gilbert explains.
As John Miller, head of the cybercrime investigation department of iSight Partners, admits, such attacks themselves are quite laborious and rare. According to him, if they happen, then for the sake of banal extortion, because using the program code and exchange data for its intended purpose is difficult.
“But even if an unscrupulous competitor decided to take such a step, such an operation will require exceptional skills and efforts. The benefit of using the opponent’s technique is offset by the threat of possible exposure. Although, of course, the victim of the attack may be frightened to take the dirty linen out of the hut, even if such a case is discovered, fearing for its reputation, ”explains Miller.
At the same time, Greg Day says that he is not aware of specific cases of extortion, so he is more inclined to a spy version of such hacks aimed at direct profit generation through stolen developments.
Dig deeper
Despite the debate about why hackers might need to steal algorithms for online trading, security experts agree on one thing - in the end, they are interested in everything that can be profitably sold.
“It's not just trading algorithms at risk,” said Ken Westin, senior security analyst at Tripwire. - The criminals are interested in everything: insider information, patent status, information about the organization of production. Even if initially it may seem useless. In the right hands, this data can give a strong advantage to a competitor or other trader. There is always a buyer. ”
He adds that the danger increases with the modern development of black markets and cryptocurrencies for settlements. White-collar workers dissatisfied with earnings in the company, and criminals can easily find each other here and crank up serious frauds.
As a result, companies are forced to take additional measures to protect their intellectual property.
“In the end, everyone has their own secrets, which he is not ready to share with anyone. And the deeper this data is buried, the better, ”Ernest Gilbert summarizes.
The problems associated with hacker attacks arise not only in the foreign financial market. So recently, information security researchers from Group-IB published information that cybercriminals who attacked one of the Russian banks managed to provoke a jump in the ruble exchange rate on the Moscow Exchange.
As a result of the attack, the bank placed orders in February 2015 of more than $ 500 million at a non-market rate. The actions of the attackers caused very great volatility within six minutes - fluctuations in the exchange rate reached 15%. This made it possible to complete a deal to buy dollars at the rate of 59.0560 and after 51 seconds to sell at the rate of 62.3490.
Such technical problems can lead to a halt in trading or even incorrect display of trade data or incorrect calculation of guarantee security to hold a position (an error can even lead to premature closing of a transaction)
In order to minimize possible damage, brokerage companies are developing various client protection systems. You can read about how such protection is implemented in the ITinvest MatriX trading system at the link .