[ISN] Hackers find new way to cheat on Wall Street -- to everyone's peril

From: InfoSec News <alerts_at_private>
Date: Fri, 7 Jan 2011 05:13:03 -0600 (CST)
http://www.infoworld.com/d/the-industry-standard/hackers-find-new-way-cheat-wall-street-everyones-peril-699

By Bill Snyder
Tech's Bottom Line
January 06, 2011

High-frequency trading networks, which complete stock market 
transactions in microseconds, are vulnerable to manipulation by hackers 
who can inject tiny amounts of latency into them. By doing so, they can 
subtly change the course of trading and pocket profits of millions of 
dollars in just a few seconds, says Rony Kay, a former IBM research 
fellow and founder of cPacket Networks, a Silicon Valley firm that 
develops chips and technologies for network monitoring and traffic 
analysis.

Kay, an Israeli-born computer scientist and one-time Intel engineering 
manager, says the root of the problem is the increasing speed of 
networks; as they get faster and faster, our ability to actually 
understand events taking place within them isn't keeping up. Network 
monitoring technology can detect perturbations in network traffic 
happening in milliseconds, but when changes occur in microseconds, 
they're not visible, he says.

cPacket has developed a proof of concept showing that these side-channel 
[4] attacks can be used to create tiny delays in the transmission of 
market data and trades. By manipulating specific trading activities by 
several microseconds, an attacker could gain unfair trading advantage. 
And because the operation occurs outside the range of monitoring 
technology, it would remain invisible. "We believe that such techniques 
pose a substantial risk of creating unfair trading, if used by the wrong 
people," Kay says.

(A side-channel attacker looks at indirect information related to the 
computer -- the electromagnetic emanations from screens or keyboards, 
for example -- to determine what is going on in the machine. )

[...]


___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/
Received on Fri Jan 07 2011 - 03:13:03 PST

This archive was generated by hypermail 2.2.0 : Fri Jan 07 2011 - 03:19:45 PST