High Frequency Trading hacking

I read an article in Infoworld by Bill Snyder Hackers find new way to cheat on Wall Street — to everyone’s peril which reports on some work done at MIT. The gist of the hack is that by packet insertion in your competitor’s transaction stream you can slow down their trades by a few microseconds. In the HFT world this may mean that there is a theoretical ability to front run. (To truly front run you need to know which trade the competitor is making.) The fact that the exploit is possible does not mean that it is being used yet, but probably means that it will be. A packet injection exploit could also just destablize HFT.

The Infoworld report on the MIT paper noted that the speed of light is now a significant factor in trading strategies. But I did not note in it or a persual of the original MIT paper (pdf)  the potential hack postulated by Bill Snyder.

While today’s fiber optics-based networks can shuttle data around the world at the speed of light — momentarily slowed only by routing and switching — the vast geographic distances data has to travel can be a factor of delay, especially when the information itself is generated so quickly by computers and is useful only within a very short time period. At least one industry, finance, is starting to chafe at this limit.

“For high-frequency trading, light propagation delays are in many cases are the single largest limiting factor to taking advantage of arbitrage opportunities quickly,” said study co-author Alexander Wissner-Gross, who a research affiliate of the MIT Media Laboratory and the founder of the Enernetics research consultancy.

As a result, the researchers recommend high frequency trading firms, as well as any organization that deals in complicated time-sensitive global interactions, take a hard look at where they locate their data centers. In other words, location really does matter.

On the colocation of trading platforms the New York Times ran an article The New Speed of Money, Reshaping Markets that profiled some of the new HFT trading platforms:

A substantial  part of all stock trading in the United States takes place in a warehouse in a nondescript business park just off the New Jersey Turnpike.

Few humans are present in this vast technological sanctum, known as New York Four. Instead, the building, nearly the size of three football fields, is filled with long avenues of computer servers illuminated by energy-efficient blue phosphorescent light.

Countless metal cages contain racks of computers that perform all kinds of trades for Wall Street banks, hedge funds, brokerage firms and other institutions. And within just one of these cages — a tight space measuring 40 feet by 45 feet and festooned with blue and white wires — is an array of servers that together form the mechanized heart of one of the top four stock exchanges in the United States.

The fact that trade latency is now measured in microseconds, and the co-location of the of the trading platforms does make it look like the side-channel exploit is feasible. We have no direct sign yet however that the sky is falling. Washington’s blog contends that high frequency traders might be manipulating not just stocks, but futures options, bond, currencies and commodities. I note that he said “might be” and not that they are, however that is a rhetorical tactic. Snyder mentions the flash crash of May 2009. Masaccio on FDL reported on it August 15, and the twice on October 6, here and here.

Fundamental questions about HFT still abound. Is there potential for more flash crash events (my take is yes). Are the ‘safeguards’ put in place by the regulators sufficient to control these events (I would guess not fully, since future events will be different and unexpected, perforce). Are there potentials for front running, side-channel exploits in HFT? (I would guess yes). Are markets now being manipulated unfairly by HFT? (Hmm… I’ll just stay silent on that one.)

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>