Hacking The Trading Floor


Published on

  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Hacking The Trading Floor

  1. 1. Hacking The Trading Floor<br />Gyan Chawdhary<br />Session ID: HT2-304<br />Session Classification: Intermediate <br />
  3. 3. 3<br />Brief History of Economic Hacks<br />
  4. 4. Brief History Of Security Compromises in the Banking Sector<br />4<br />
  5. 5. More Recently … (2008-2010)<br />Sergey Aleynikov, former Goldman Sachs computer programmer/prop trader indicted and prosecuted on charges of HFT algorithm theft.<br />UBS filed a lawsuit against three former quants alleging to have stolen proprietary algorithmic trading software with the intent of using it at their new employer.<br />Ukrainian hacker Oleksandr Dorozhko charged for insider trading by SEC. Mr Dorozhko traded option contracts on information gained by accessing earnings data from a staging server prior to their release date.<br />5<br />
  6. 6. Even More Recently … (Dec 2010 - Jan 2011)<br />Romanian Registry (Carbon Trading Platform)<br />1.6 million CO2 certificated from Holcim Cement account were stolen. Credits were transferred to hacker controlled accounts in EU states.<br />Czech / Austrian Registry (Carbon Trading Platform)<br />Two million credits worth 2.8 million were stolen and transferred to other registries and / or sold to other market participants.<br />6<br />
  7. 7. Even More Recently … (Dec 2010 - Jan 2011)<br />NASDAQ Director’s Desk Application<br />Currently being investigated for a potential breach, the Directors Desk application is an EMS application that allows executives to share sensitive documents including earnings data, board minutes etc.<br />7<br />
  8. 8. Common Theme / Trends <br />Attackers are still leveraging the low hanging fruit in terms of security issues used to compromise these systems.<br />As of 2011, the threats are increasing both in scale and sophistication.<br />Outsider threat is increasing<br />8<br />
  9. 9. Application Security<br />9<br />
  10. 10. Case Studies<br />Trade Optimized Strategy Engine Issues<br />OTC Trading Platforms Issues<br />Thick Client Trading Platforms Issues<br />Reconciliation Platform Issues<br />Indices Application Insecurities<br />Computational Grid Attacks<br />10<br />
  11. 11. Trade Optimized Strategy Engine<br />WHAT<br />Class of applications used for submission and analysis of investment/trading strategies.<br />WHO <br />Used mainly by Funds/Banks/Investment Management firms employing Global Macro/Event driven trading strategies <br />HOW<br />Third party Brokers, Analysts, Economists access the application to upload trading strategies/ideas.<br />The application uses both statistical and/or proprietary algorithms to index/rate submitted strategies<br />Traders trade the most optimum strategy <br />11<br />
  12. 12. Case Study - Trade Optimized Strategy Engine Issues (Weak Input Validation)<br />12<br />
  13. 13. Problems<br />Infrastructure Issues<br />Application Issues<br />Governance<br />13<br />
  14. 14. OTC Trading Platforms<br />WHAT<br />Predominantly dealer applications for trading over-the-counter derivatives. <br />WHO <br />Used by almost all banks dealing in credit derivatives markets - CDO, CDS, IRS etc <br />Mainly used for structuring instruments, based on client requirements which are then traded directly or through a dealer.<br />Mainly used by front office quants/traders<br />HOW<br />Trades are executed using commercial and/or bespoke platforms etc<br />Post Trade processing can be carried in-house or outsourced.<br />14<br />
  15. 15. Case Study – Bank OTC Trading Platform Issues (Trade Data / Client Discovery Attack)<br />15<br />
  16. 16. Problems<br />Application Issues<br />Governance<br />16<br />
  17. 17. Thick Client Trading Platforms<br />WHAT<br />Any front, middle or back office trading application.<br />Often developed for business/analyst staff and/or used to extend trading services to third-party clients.<br />17<br />
  18. 18. Case Study - Thick Client Trading Platform Issues (Forex Broker-Dealer Application)<br />18<br />
  19. 19. Problems<br />Application Issues<br />19<br />
  20. 20. Case Study - Reconciliation Platform Issues <br />
  21. 21. Indices Applications<br />Definition<br />Index - A basket/collection/group of securities to track the performance of a market/sector/asset.<br />Can be traded as Futures/Options contracts or used as the underlying for other products.<br />WHO<br />Mostly developed and managed by Exchanges, Rating agencies and Banks.<br />HOW<br />A committee or bespoke methods / benchmarks are used to rebalance indices. <br />21<br />
  22. 22. Case Study - Index Rebalancing/Turnover Attacks<br />22<br />
  23. 23. Computational Grids<br />WHAT <br />High performance computing grids used for running solvers, simulations and analysis of financial time series data. (Monitcarlo, Volatility, OP etc)<br />WHO <br />Mostly institutions and departments involved with financial modeling. Users tend to be quants, traders and analysts. <br />HOW<br />Models are submitted to the grid environment using Web services, custom APIs and/or remote access.<br />23<br />
  24. 24. Case Study - Computational Grid Attacks<br />
  25. 25. Problems<br />Infrastructure Issues<br />Application Issues<br />.<br />Governance<br />25<br />
  26. 26. FIX Protocol Weaknesses<br />26<br />
  27. 27. What is FIX Protocol ?<br />The Financial Information eXchange (FIX) protocol is an electronic communications protocol initiated in 1992 for international real-time exchange of information related to the securities transactions and markets – Wikipeda<br />In other words, the protocol facilitates the buying and selling of securities electronically.<br />27<br />
  28. 28. Who Uses FIX<br />FIX is widely used by both the buy side (institutions) as well as the sell side (brokers/dealers) in the financial markets. <br />Amongst its users are hedge funds, mutual funds, investment banks, brokers and stock exchanges<br />Transaction types supported: Pretty much all asset classes i.e Equities, Bond, Derivatives and Forex.<br />28<br />
  29. 29. Who Uses FIX<br />29<br />
  30. 30. Why Investigate FIX ?<br />FIX security is often overlooked in favor of Operating System and Host Security<br />To demonstrate that FIX based front running is possible and not difficult to exploit <br />To identify mitigating factors and strategies for some of the existing issues within FIX protocol<br />30<br />
  31. 31. Algorithmic Trading Architecture<br />31<br />
  32. 32. High Frequency Trading Architecture<br />32<br />
  33. 33. Order Front Running (Demo)<br />Demo Environment:<br />Algorithmic Trading Environment – A simulated algorithmic/high frequency trading environment <br />Brokerage Account – Hacker Controlled brokerage account to reply orders.<br />Order Sniffer - <br />Note<br />The following examples used during this demonstration are not intended to suggest any insecurities or weaknesses in the third party applications and are only to be seen as a case study to demonstrate FIX protocol insecurities. <br />33<br />
  34. 34. Algorithmic Trading Environment<br />34<br />
  35. 35. Brokerage Account<br />35<br />
  36. 36. Order Front Running<br />1<br />2<br />3<br />36<br />
  37. 37. LibPcap FIX Sniffing (Slow)<br />symbol = re.compile('55=[A-Z]*') # Symbol (APPL, GOOG .. )<br />buy = re.compile('54=1') # BUY Order<br />sell = re.compile('54=2') # SELL Order<br />order_qty = re.compile('38=[0-9]*') # Order quantity<br />price = re.compile('44=[0-9]*') # Equity Price <br />37<br />
  38. 38. Fix Virus<br />38<br />
  39. 39. Cont<br />39<br />
  40. 40. Binary Tree _<br />40<br />
  41. 41. Fast FIX walker (C++)<br />41<br />
  42. 42. Order Builder<br />42<br />
  43. 43. Hedgefund Example - Weak Wifi + FIX sniffer <br />43<br />
  44. 44. IbPy Server Side Code - Contract Builder<br />def build_stock_contract(symbol, quantity, oid):<br /> stock.m_symbol = symbol<br /> stock.m_secType = 'STK'<br /> stock.m_exchange = 'SMART'<br /> stock.m_currency = 'USD'<br /> Order.m_orderId = oid<br /> Order.m_clientId = 0<br /> Order.m_permid = 0<br /> Order.m_action = 'BUY'<br /> Order.m_lmtPrice = 0<br /> Order.m_auxPrice = 0<br /> Order.m_tif = 'DAY'<br /> Order.m_transmit = False<br /> Order.m_orderType = 'MKT'<br /> Order.m_totalQuantity = quantit<br />44<br />
  45. 45. Order Sniffer (Excel plugin) – order encoding <br />45<br />