Regarding this article I am not posting it as a security incident or news at all. It contains wealth of information about bandwidth and throughput and how we perceive them. It also illustrates how network monitoring and measurement should take place.
Side-channel attack on high-frequency trading networks could net a hacker millions of dollars in seconds -- and leave everyone else much poorer
High-frequency trading networks, which complete stock market transactions in microseconds, are vulnerable to manipulation by hackers who can inject tiny amounts of latency into them. By doing so, they can subtly change the course of trading and pocket profits of millions of dollars in just a few seconds, says Rony Kay, a former IBM research fellow and founder of cPacket Networks, a Silicon Valley firm that develops chips and technologies for network monitoring and traffic analysis.
Kay, an Israeli-born computer scientist and one-time Intel engineering manager, says the root of the problem is the increasing speed of networks; as they get faster and faster, our ability to actually understand events taking place within them isn't keeping up. Network monitoring technology can detect perturbations in network traffic happening in milliseconds, but when changes occur in microseconds, they're not visible, he says.
[ For the key tech news of the day, sign up for InfoWorld's Tech Headlines Wrap-Up newsletter. | Learn how to greatly reduce the threat of malicious attacks with InfoWorld's Insider Threat Deep Dive PDF special report. ]
cPacket has developed a proof of concept showing that these side-channel attacks can be used to create tiny delays in the transmission of market data and trades. By manipulating specific trading activities by several microseconds, an attacker could gain unfair trading advantage. And because the operation occurs outside the range of monitoring technology, it would remain invisible. "We believe that such techniques pose a substantial risk of creating unfair trading, if used by the wrong people," Kay says.
(A side-channel attacker looks at indirect information related to the computer -- the electromagnetic emanations from screens or keyboards, for example -- to determine what is going on in the machine. )
Latency threatens other applications as well
The lack of visibility into high-speed networks is of concern to more than the financial community. Managing traffic on today's 10Gbps and faster networks is becoming difficult, resulting in degradations of performance, particularly to virtualized systems. "It's difficult to take corrective actions when you can't really see what's taking place," Kay says. "If you cannot measure network latency, you cannot control it and cannot improve it."
In a PDF whitepaper on latency, Kay wrote, "Traditionally, applications that have latency requirements include: VoIP and interactive video conferencing, network gaming, high-performance computing, cloud computing, and automatic algorithmic trading. For example, one-way latency for VoIP telephony should generally not exceed 150 milliseconds (0.15 seconds) to enable good conversation quality, while interactive games typically require latencies between 100 and 1,000 milliseconds. However, the requirements for automated algorithmic trading are much more strict. A few extra milliseconds, or even a few extra microseconds, can enable trades to execute ahead of the competition, thereby increasing profits."
Indeed, latency, even at the very highest speeds, is so concerning that researchers at MIT recommended any organization dealing in complicated time-sensitive global interactions should take a hard look at where they locate their data centers.
The MIT researchers even suggested that financial firms could gain some advantage by taking advantage of limitations posed by the speed of light. For example, it typically takes about 50 milliseconds to send a message from New York to London. Placing a server between the two could cut the speed of communication in half, they said, which may be enough time to take advantage of some momentary pricing discrepancy. Trading on that discrepancy is known as arbitrage, and it's becoming increasingly common.
Lessons of the "flash crash"
The vulnerability of markets in which high-frequency trading is common became all too evident last May, when exchanges experienced a "flash crash" that drove the Dow Jones down about 600 points in just five minutes. The incident was not the result of deliberate manipulation, but it shows just how dependant the financial world is on technology it doesn't really understand.
"Financial institutions and exchanges with [high-frequency trading] are spending millions to improve latency by microseconds and at the same time can't measure the data at that resolution in real time. It's disturbing," Kay says.
A side-channel attack on a high-frequency trading network is analogous to a denial-of-service attack. In a typical DoS attack, bots flood a target website with enormous numbers of hits, often causing a crash. A side-channel attack would be infinitely more subtle, but it would still function by adding extraneous packets to a legitimate data stream. Those extra packets slow the data just enough to give someone else a chance to move first in the market.
Kay says he does not know if anyone has yet launched a side-channel attack against a high-frequency trading network -- but it worries him. And it worries me. Financial markets are supposed to be a level playing field. They're not, of course. Small players, like the millions of us who invest for our 401(k)s and other retirement accounts, are at an immense disadvantage even when everything is kosher. But the proliferation of high-frequency trading widens the gap even more. If someone can really take advantage of a weakness in those networks, we're all really in trouble. And that's just another reason why more -- not less -- regulation is required in the financial markets.
I welcome your comments, tips, and suggestions. Post them here so that all our readers can share them, or reach me at firstname.lastname@example.org. Follow me on Twitter at BSnyderSF.
This article, "Hackers find a new way to cheat on Wall Street -- to everyone's peril," was originally published by InfoWorld.com. Read more of Bill Snyder's Tech's Bottom Line blog and follow the latest technology business developments at InfoWorld.com.