Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Hacking The Trading Floor


Published on

Hacking The Trading Floor

  1. 1. Hacking The Trading Floor<br />Gyan Chawdhary<br />Session ID: HT2-304<br />Session Classification: Intermediate <br />
  3. 3. 3<br />Brief History of Economic Hacks<br />
  4. 4. Brief History Of Security Compromises in the Banking Sector<br />4<br />
  5. 5. More Recently … (2008-2010)<br />Sergey Aleynikov, former Goldman Sachs computer programmer/prop trader indicted and prosecuted on charges of HFT algorithm theft.<br />UBS filed a lawsuit against three former quants alleging to have stolen proprietary algorithmic trading software with the intent of using it at their new employer.<br />Ukrainian hacker Oleksandr Dorozhko charged for insider trading by SEC. Mr Dorozhko traded option contracts on information gained by accessing earnings data from a staging server prior to their release date.<br />5<br />
  6. 6. Even More Recently … (Dec 2010 - Jan 2011)<br />Romanian Registry (Carbon Trading Platform)<br />1.6 million CO2 certificated from Holcim Cement account were stolen. Credits were transferred to hacker controlled accounts in EU states.<br />Czech / Austrian Registry (Carbon Trading Platform)<br />Two million credits worth 2.8 million were stolen and transferred to other registries and / or sold to other market participants.<br />6<br />
  7. 7. Even More Recently … (Dec 2010 - Jan 2011)<br />NASDAQ Director’s Desk Application<br />Currently being investigated for a potential breach, the Directors Desk application is an EMS application that allows executives to share sensitive documents including earnings data, board minutes etc.<br />7<br />
  8. 8. Common Theme / Trends <br />Attackers are still leveraging the low hanging fruit in terms of security issues used to compromise these systems.<br />As of 2011, the threats are increasing both in scale and sophistication.<br />Outsider threat is increasing<br />8<br />
  9. 9. Application Security<br />9<br />
  10. 10. Case Studies<br />Trade Optimized Strategy Engine Issues<br />OTC Trading Platforms Issues<br />Thick Client Trading Platforms Issues<br />Reconciliation Platform Issues<br />Indices Application Insecurities<br />Computational Grid Attacks<br />10<br />
  11. 11. Trade Optimized Strategy Engine<br />WHAT<br />Class of applications used for submission and analysis of investment/trading strategies.<br />WHO <br />Used mainly by Funds/Banks/Investment Management firms employing Global Macro/Event driven trading strategies <br />HOW<br />Third party Brokers, Analysts, Economists access the application to upload trading strategies/ideas.<br />The application uses both statistical and/or proprietary algorithms to index/rate submitted strategies<br />Traders trade the most optimum strategy <br />11<br />
  12. 12. Case Study - Trade Optimized Strategy Engine Issues (Weak Input Validation)<br />12<br />
  13. 13. Problems<br />Infrastructure Issues<br />Application Issues<br />Governance<br />13<br />
  14. 14. OTC Trading Platforms<br />WHAT<br />Predominantly dealer applications for trading over-the-counter derivatives. <br />WHO <br />Used by almost all banks dealing in credit derivatives markets - CDO, CDS, IRS etc <br />Mainly used for structuring instruments, based on client requirements which are then traded directly or through a dealer.<br />Mainly used by front office quants/traders<br />HOW<br />Trades are executed using commercial and/or bespoke platforms etc<br />Post Trade processing can be carried in-house or outsourced.<br />14<br />
  15. 15. Case Study – Bank OTC Trading Platform Issues (Trade Data / Client Discovery Attack)<br />15<br />
  16. 16. Problems<br />Application Issues<br />Governance<br />16<br />
  17. 17. Thick Client Trading Platforms<br />WHAT<br />Any front, middle or back office trading application.<br />Often developed for business/analyst staff and/or used to extend trading services to third-party clients.<br />17<br />
  18. 18. Case Study - Thick Client Trading Platform Issues (Forex Broker-Dealer Application)<br />18<br />
  19. 19. Problems<br />Application Issues<br />19<br />
  20. 20. Case Study - Reconciliation Platform Issues <br />
  21. 21. Indices Applications<br />Definition<br />Index - A basket/collection/group of securities to track the performance of a market/sector/asset.<br />Can be traded as Futures/Options contracts or used as the underlying for other products.<br />WHO<br />Mostly developed and managed by Exchanges, Rating agencies and Banks.<br />HOW<br />A committee or bespoke methods / benchmarks are used to rebalance indices. <br />21<br />
  22. 22. Case Study - Index Rebalancing/Turnover Attacks<br />22<br />
  23. 23. Computational Grids<br />WHAT <br />High performance computing grids used for running solvers, simulations and analysis of financial time series data. (Monitcarlo, Volatility, OP etc)<br />WHO <br />Mostly institutions and departments involved with financial modeling. Users tend to be quants, traders and analysts. <br />HOW<br />Models are submitted to the grid environment using Web services, custom APIs and/or remote access.<br />23<br />
  24. 24. Case Study - Computational Grid Attacks<br />
  25. 25. Problems<br />Infrastructure Issues<br />Application Issues<br />.<br />Governance<br />25<br />
  26. 26. FIX Protocol Weaknesses<br />26<br />
  27. 27. What is FIX Protocol ?<br />The Financial Information eXchange (FIX) protocol is an electronic communications protocol initiated in 1992 for international real-time exchange of information related to the securities transactions and markets – Wikipeda<br />In other words, the protocol facilitates the buying and selling of securities electronically.<br />27<br />
  28. 28. Who Uses FIX<br />FIX is widely used by both the buy side (institutions) as well as the sell side (brokers/dealers) in the financial markets. <br />Amongst its users are hedge funds, mutual funds, investment banks, brokers and stock exchanges<br />Transaction types supported: Pretty much all asset classes i.e Equities, Bond, Derivatives and Forex.<br />28<br />
  29. 29. Who Uses FIX<br />29<br />
  30. 30. Why Investigate FIX ?<br />FIX security is often overlooked in favor of Operating System and Host Security<br />To demonstrate that FIX based front running is possible and not difficult to exploit <br />To identify mitigating factors and strategies for some of the existing issues within FIX protocol<br />30<br />
  31. 31. Algorithmic Trading Architecture<br />31<br />
  32. 32. High Frequency Trading Architecture<br />32<br />
  33. 33. Order Front Running (Demo)<br />Demo Environment:<br />Algorithmic Trading Environment – A simulated algorithmic/high frequency trading environment <br />Brokerage Account – Hacker Controlled brokerage account to reply orders.<br />Order Sniffer - <br />Note<br />The following examples used during this demonstration are not intended to suggest any insecurities or weaknesses in the third party applications and are only to be seen as a case study to demonstrate FIX protocol insecurities. <br />33<br />
  34. 34. Algorithmic Trading Environment<br />34<br />
  35. 35. Brokerage Account<br />35<br />
  36. 36. Order Front Running<br />1<br />2<br />3<br />36<br />
  37. 37. LibPcap FIX Sniffing (Slow)<br />symbol = re.compile('55=[A-Z]*') # Symbol (APPL, GOOG .. )<br />buy = re.compile('54=1') # BUY Order<br />sell = re.compile('54=2') # SELL Order<br />order_qty = re.compile('38=[0-9]*') # Order quantity<br />price = re.compile('44=[0-9]*') # Equity Price <br />37<br />
  38. 38. Fix Virus<br />38<br />
  39. 39. Cont<br />39<br />
  40. 40. Binary Tree _<br />40<br />
  41. 41. Fast FIX walker (C++)<br />41<br />
  42. 42. Order Builder<br />42<br />
  43. 43. Hedgefund Example - Weak Wifi + FIX sniffer <br />43<br />
  44. 44. IbPy Server Side Code - Contract Builder<br />def build_stock_contract(symbol, quantity, oid):<br /> stock.m_symbol = symbol<br /> stock.m_secType = 'STK'<br /> stock.m_exchange = 'SMART'<br /> stock.m_currency = 'USD'<br /> Order.m_orderId = oid<br /> Order.m_clientId = 0<br /> Order.m_permid = 0<br /> Order.m_action = 'BUY'<br /> Order.m_lmtPrice = 0<br /> Order.m_auxPrice = 0<br /> Order.m_tif = 'DAY'<br /> Order.m_transmit = False<br /> Order.m_orderType = 'MKT'<br /> Order.m_totalQuantity = quantit<br />44<br />
  45. 45. Order Sniffer (Excel plugin) – order encoding <br />45<br />