High-Frequency Stock Trading Networks Vulnerable

Friday, January 07, 2011



Rony Kay, a former IBM research fellow, has identified vulnerabilities in high-frequency stock trading networks that could allow hackers to manipulate trades with side-channel attacks.

Side-channel attacks utilize indirect measures to determine system operations, such as the electromagnetic signals from hardware like keyboards and monitors.

The networks perform transaction measured in microseconds, and hackers could inflect minute latencies that could result in significant aberrations to real-time stock prices, netting millions of dollars in mere seconds.

Kay indicates the problem arises from rapid rate in which the transactions occur, making it difficult for network monitoring software that works on a scale of milliseconds to detect manipulations.

cPacket Networks, a company which Kay founded, has issued a proof of concept that demonstrates how hackers could use side-channel attacks to create brief delays in trading which would create an exploitable trading advantage.

The attackers could then execute trades with foreknowledge of changing stock prices, and the manipulation would likely remain undetectable.

Kay stated, "we believe that such techniques pose a substantial risk of creating unfair trading, if used by the wrong people... It's difficult to take corrective actions when you can't really see what's taking place... If you cannot measure network latency, you cannot control it and cannot improve it."

cPacket Networks' research indicates that latency vulnerabilities are present in other high-speed networks, including Cloud-based services, VOIP communications, and other high-speed computing operations.

Source:  http://www.infoworld.com/d/the-industry-standard/hackers-find-new-way-cheat-wall-street-everyones-peril-699

Possibly Related Articles:
fraud Vulnerabilities Networks Headlines hackers Stock Trading Side-Channel Attacks High-speed Computing Latency
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.