Hackers disrupted high-speed trading at a large hedge fund and rerouted data that might be used to make money in rogue stock-market transactions, a security official with BAE Systems Plc (BA/) said.
The attack was going on for eight weeks and BAE was called in by the fund at the end of 2013, said Paul Henninger, global product director for BAE Systems Applied Intelligence. He said it had “all the signatures of an organized crime attack.”
“This is the first time we’ve seen criminals actively go after a business system and effectively take over that system and create sabotage,” Henninger said in a phone interview. “The assumption is that this was a for-profit attack.”
The hackers inserted malicious software that delayed by several hundred microseconds the ability to trade, said Henninger, who declined to identify the hedge fund or its location. The target was the fund’s order entry system, he said.
“The difference in a few microseconds can mean a significant difference in the profitability of that trade,” Henninger said.
CNBC reported about the hacking earlier today.
High-speed or high-frequency trading firms typically use super-fast computers to post and cancel orders at rates measured in thousandths or even millionths of a second to capture price discrepancies. Firms using the tactics account for about half of share volume in the U.S., which has raised questions about market manipulation by either the funds themselves or cybercriminals.
Hedge funds “really have inadequate cybersecurity as a whole” and the attacks threaten to undermine the systems used globally for high-speed trading, said Tom Kellerman, chief cybersecurity officer for Trend Micro Inc. (4704) in the U.S.
Cybercrime accounts for $445 billion a year in trade theft and is worsening, according to former U.S. intelligence officials who published a report this month. They warned that financial companies, retailers and energy companies are at risk from thieves who are becoming more sophisticated at pilfering data from their servers.
The hedge fund that was breached is located in the U.S. and joins a list of more than a dozen that have been targeted by hackers from Eastern European crime groups for at least two years, Kellerman said.
“This is an ongoing campaign against multiple hedge funds by very organized and sophisticated hackers,” Kellerman said in a phone interview. “Most pieces of malware have been developed in the Eastern European arms bazaar.”
Along with trying to disrupt hedge fund operations, hackers are stealing inside information on strategies they can use to make money off stock market trading, he said. Another goal is to steal money directly through illicit wire transfers, he said.
The fastest traders now have the ability to buy and sell in times measured in nanoseconds, or billionths of a second. The slightest delay can put them behind their competitors amid an arms race for speed, which is why high-frequency traders spend top dollar to get the fastest network connections and best computer technology.
The trading practices are facing unprecedented scrutiny, with U.S. markets regulators and the New York attorney general this year announcing investigations or evaluations of potential curbs. The 2010 flash crash that shook U.S. equities, a series of technological failures and the recent publication of the Michael Lewis book “Flash Boys” have fed some of the scrutiny.
Defenders of high-frequency trading argue that they provide a valuable service to markets, serving as a lower-cost alternative to the human market makers that once facilitated buying and selling.
U.S. Representative Mike Rogers, a Michigan Republican and chairman of the House intelligence committee, said he is “very worried” about hackers stealing inside information that could be used to manipulate market trading.
“We have seen nation states on our trading networks and we haven’t fully answered the question what were they going to do,” Rogers said in an interview.
Hackers would have “an unfair competitive position” by being able “to understand the value of trades and the value of mergers and acquisitions before they would happen,” Rogers said.
Exchange operators have faced their own computer intrusions. CME Group Inc. (CME) in November revealed that its ClearPort clearing system had been breached and some customer information was compromised. In 2011, Nasdaq OMX Group Inc. said it found suspicious files on a website it runs that lets corporate board members communicate with each other.
Cybersecurity has been flagged as one of the biggest threats to markets and governments by industry groups and regulators. A World Federation of Exchanges study in July found that computers at about 53 percent of exchanges around the world were attacked during the previous year.
In April, the Securities and Exchange Commission published a risk alert and started soliciting information from some of the biggest broker-dealers on their efforts to protect their technology from hackers.
Firms that use quantitative models and algorithms to trade “are much more secure and better prepared for potential attacks than the average fund because they have invested more time and money in infrastructure and next-generation technologies,” said Sylvain Ardiet, a managing partner at Alphaserve Technologies, which advises hedge funds, private equity funds and other financial firms on technology. “I don’t think they are more prone to attack than other large financial firms.”
To contact the reporter on this story: Chris Strohm in Washington at firstname.lastname@example.org
To contact the editors responsible for this story: Romaine Bostick at email@example.com Elizabeth Wasserman, Joshua Gallu