Protect Algorithm: What Hackers Attacking the Stock Market Are Interested in

In the past few years, reports of hacker attacks on financial companies or even the exchanges themselves have appeared with enviable regularity. In the fall of 2015, hackers (presumably from Russia) attacked Dow Jones , before that the Nasdaq and NYSE stock exchanges had fallen victim to the attack.

The threat of large scale hacking has suddenly become a reality. According to the International Organization of Securities Commissions and the World Federation of Stock Exchanges, in 2012 more than half of the 46 stock exchanges underwent cyber attacks. Two thirds of them are located in the United States.
')
Experts are increasingly saying that cybercrime is becoming one of the main threats to the financial sector. The report of the Securities Commission, published in February last year, reported that 88% of brokers, in one way or another, face hacker attacks in their work. According to statistics, attempts to penetrate the network of America's largest banks occur every 34 seconds.

A bit of history

For the first time, the issue of information security in relation to stock markets was started 25 years ago. Back in 1991, the supervisory board of the United States Audit Office conducted an audit, during which it became clear that the vast majority of exchanges have about 68 vulnerabilities in their information system. As financial companies became increasingly “tied up” in modern technologies, the security threats only grew.

In the future, hackers continued to periodically attack the American stock exchanges. In 2013, the parent company Nasdaq complained that the criminals had opened the service through which management had been communicating.

The Association of the Securities Industry and Financial Markets (SIFMA) has for some time been practicing regular checks of financial institutions for resistance to hacker attacks. In the summer of 2014, the Pentagon and the NSA even held joint exercises, which tested the ability of banks and private companies to counter cyber threats.

Christopher Finan, once a Pentagon official and now an adviser to President Obama on cybersecurity problems in a conversation with Market Watch, stated that the root of all misfortune is that financial companies usually use the “jumble of poorly compatible protection tools”.

Financial organizations are trying to protect, first of all, their public services, often forgetting that all links must be protected. Therefore, hackers is not difficult to penetrate the system. In turn, the exchanges are more concerned about the safety and integrity of the data and do not pay, according to the expert, due attention to the protection of transactions.

What else are hackers interested in?

At the same time, hackers are interested not only in access to financial data of exchanges and financial companies. Profile publications have reported that in the past couple of years, cases of theft of algorithms that use HFT firms and hedge funds for high-frequency trading have also become more frequent.

The Kroll security company in 2015 reported several instances of attempting to steal trading algorithms — in two cases, the attacks were prevented, said company spokesman Ernest Gilbert. In the third, presumably, the criminals worked more cleanly.

Greg Day, Technical Director of another security vendor, FireEye, also talks about his experience in resisting such hacker attacks. According to him, the incident investigators had to deal with a specific burglary aimed at stealing automated trading systems.

What gives the theft of algorithms

Experts argue that the theft of secret algorithms can pursue several goals. Hackers can offer to return them for a fee, threatening to publish data about the attack and thereby provoke panic among the clients of the financial company. In another case, unscrupulous competitors may be behind this. “Data has long been an important item of trade, a key resource that can be bought, sold, or simply stolen. When it comes to hacking for profit, we are talking about a highly profitable and highly organized criminal business. These are not teenagers trying to steal anything from Amazon, ”explains Gilbert.

As the head of the cybercrime investigation division of iSight Partners, John Miller, admits, such attacks themselves are quite laborious and rare. According to him, if they happen, then for the sake of banal extortion, because using the program code and stock data for its intended purpose is difficult.

“But even if an unscrupulous competitor decided on such a step, such an operation would require exceptional skills and effort. The benefit of using the opponent’s technique is leveled by the threat of possible exposure. Although, of course, the victim of an attack may be afraid to wash dirty linen in public, even if such a case is discovered, fearing for his reputation, ”Miller explains.

At the same time, Greg Day says that he doesn’t know about specific cases of extortion, so he is more inclined to the spy version of such hacks, aimed at direct profit taking through stolen developments.

Dig deeper

Despite the controversy about why hackers may need to steal algorithms for online trading, security experts agree on one thing - in the end, they are interested in everything that can be profitably sold.

“Not only trading algorithms are at risk,” admits Ken Westin, senior security analyst at Tripwire. - Criminals are interested in everything: insider information, patent status, information about the organization of production. Even if initially it may seem useless. In the right hands, this data can give a strong advantage to a competitor or another trader. The buyer is always there. "

He adds that the danger increases with the modern development of “black markets” and cryptocurrency for settlements. White-collar workers, dissatisfied with their earnings in the company, and criminals can easily find each other here and turn serious frauds.

As a result, companies are forced to take additional measures to protect their intellectual property.

“In the end, everyone has his own secrets that he is not ready to share with anyone. And the deeper these data are buried, the better, ”summarizes Ernest Gilbert.

Problems associated with hacker attacks arise not only in the foreign financial market. So recently, information security researchers from Group-IB have published information that cybercriminals who attacked one of the Russian banks managed to provoke a jump in the exchange rate of the ruble on the Moscow Stock Exchange.

As a result of the attack, the bank placed orders for more than $ 500 million at a non-market rate in February 2015. The actions of the attackers caused a very large volatility within six minutes - the rate fluctuations reached 15%. This allowed to make a deal to buy dollars at the rate of 59.0560 and in 51 seconds to sell at the rate of 62.3490.

Such technical problems can lead to a halt in trading or even to incorrect display of trade data or incorrect calculation of collateral to hold a position (an error can even lead to premature closing of the transaction)

In order to minimize possible damage, brokerage companies are developing various systems to protect customers. How this protection is implemented in the ITinvest MatriX trading system can be found here .