Pentagon Turns to High-Speed Traders to Fortify Markets Against Cyberattack
Experts attend brainstorming sessions to identify how hackers might wreak havoc
By Alexander Osipovich
Oct. 15, 2017 7:00 a.m. ET
Dozens of high-speed traders and others from Wall Street are helping the Pentagon study how hackers could unleash chaos in the U.S. financial system.
The Department of Defense’s research arm over the past year and a half has consulted executives at high-frequency trading firms and quantitative hedge funds, and people from exchanges and other financial companies, participants in the discussions said. Officials described the effort as an early-stage pilot project aimed at identifying market vulnerabilities.
The Defense Advanced Research Projects Agency, or Darpa, began the initiative before the revelations of attacks on Equifax Inc. and the Securities and Exchange Commission brought public scrutiny of risks to U.S. market infrastructure.
Participants described meetings as informal sessions in which attendees brainstorm about how hackers might try to bring down U.S. markets, then rank the ideas by feasibility.
Among the potential scenarios: Hackers could cripple a widely used payroll system; they could inject false information into stock-data feeds, sending trading algorithms out of whack; or they could flood the stock market with fake sell orders and trigger a market crash.
High-speed traders and quant-fund managers, who use sophisticated computer programs to buy and sell stocks, sometimes in fractions of a second, form the core of the group. Such traders tend to have deep expertise in the inner workings of financial markets and the automated systems that account for huge swaths of trading activity today.
Darpa officials confirmed the effort, which is unclassified but hasn’t been previously reported. The Wall Street Journal spoke with several traders who participated in the initiative, called the Financial Markets Vulnerabilities Project.
“We started thinking a couple years ago what it would be like if a malicious actor wanted to cause havoc on our financial markets,” said Wade Shen, who researched artificial intelligence at the Massachusetts Institute of Technology before joining Darpa as a program manager in 2014.
Darpa famously developed the technology behind the internet and stealth bombers. It recruits experts from academia and industry in a bid to keep its thinking fresh. The agency declined to release a list of its financial-industry advisers for the project.
There have been three meetings for the project since last year, with another one expected later this year, an agency spokeswoman said. The last meeting took place in a conference room at New York University this spring over pizza, participants said.
High-frequency traders have been vilified by critics such as author Michael Lewis, who accused them in his book “Flash Boys” of exploiting slower-moving investors by “front-running” their orders, though these traders deny doing this and say it isn’t even possible.
Some of the biggest names in the high-speed trading business have advised Darpa. They include Jamil Nazarali, senior adviser to the chief executive officer of Citadel Securities, a trading giant responsible for around 20% of daily volume in U.S. stock markets. Misha Malyshev, CEO of trading firm Teza Technologies, has “advised Darpa on vulnerabilities within the U.S. financial markets,” Teza’s website said. Manoj Narang, CEO of quant hedge fund Mana Partners, said he had advised Darpa, too.
Among potential targets that participants have worried could appeal to hackers given their broad reach are credit-card companies, payment processors and payroll companies such as Automatic Data Processing , Inc., or ADP, which handles the paychecks for one in six U.S. workers, participants said.
An ADP spokesman said, “We work diligently to protect our clients’ data, which includes efforts to prevent, detect and respond to attempted cybersecurity incidents.”
The Mana Partners CEO said he began taking part in the Darpa meetings as a skeptic, thinking the U.S. stock market was resilient and it was unlikely for attackers to cause anything more than temporary damage. But since then, he has gotten more worried.
One scenario he fears: a hack of a U.S. exchange in which the attacker sends a wave of fake sell orders to every firm offering to buy shares. That could potentially erase hundreds of billions of dollars of market value as prices drop and firms try to cover losses by selling on other exchanges, Mr. Narang said.
Project participants have also debated the impact of attackers transmitting false data via the electronic feeds that traders use to monitor stock prices, or publishing “fake news” to shake investor confidence.
The goal of Darpa’s project is to develop a simulation of U.S. markets, which could be used to test scenarios, Mr. Shen said.
Such software would need to model complex, interrelated markets—not just stocks but also markets such as futures—as well as the behavior of automated trading systems operating within them.
Many quantitative trading firms already do something similar, Mr. Narang said. His company won a small contract from Darpa this year to test whether its simulation tool could be used by the agency, according to Mr. Narang and a Darpa spokeswoman.
The project isn’t the first time the Pentagon has studied such risks.
In 2009, military experts took part in a two-day war game exploring a “global financial war” involving China and Russia, according to “Currency Wars: The Making of the Next Global Crisis,” a 2011 book by James Rickards. The Applied Physics Laboratory at Johns Hopkins University hosted the event, a spokesman there confirmed.
Such scenarios might seem far-fetched, but Mr. Shen said it is Darpa’s job to think about futuristic attacks that haven’t happened yet.
“Our charge at Darpa is to think far out,” he said. “It’s not ‘What is the attack today?’ but ‘What are the vectors of attack 20 years from now?’”
wsj.com
---------------------------------------
Sundar Nilavar3 minutes ago
The SEC, Federal Govt' OPM, Equifax, , SONY ++ have already been hacked. Many 500 S&P are already hacked but DON"t KNOW yet!
B/w FLASH CRASH has happened more than once! It is just a matter of time Global Equity & BOND mkts will be hit!
It is just matter WHEN, NOT IF!
CYBER WARFARE is real and is HERE!
zerohedge.com
GOOD LUCK!
Flag ButtonShare
Richard Williams8 hours ago
It's extremely difficult to gain unauthorized access to most protected data yet people with the skill to pull it off have been very successful at it over the past few years. Considering the effort involved, the steadily growing number of mass data breaches seems to indicate a good portion of them aren't pranks but rather done with nefarious intent. The personal and financial data of hundreds of millions is already out there in the wrong hands and stored somewhere, for now. I hate to think of the consequences when the bad guys decide it's go time.
Flag ButtonShare
Richard Cohen13 hours ago
Unfortunately this is the age we live in, and good for DARPA to be trying to anticipate what might happen instead of our normal reacting only to what has already happened. I only hope that a lot of other industries are doing the same sort of anticipatory thinking.
(11)
There are 11 comments.
999
POST COMMENT
By posting a comment you are accepting our commenting rules and terms of use, and you agree to the public display of your profile, including your real name, and your commenting history.
NewestOldestReader Recommended
Sundar Nilavar4 minutes ago
The SEC, Federal Govt' OPM, Equifax, , SONY ++ have already been hacked. Many 500 S&P are already hacked but DON"t KNOW yet!
B/w FLASH CRASH has happened more than once! It is just a matter of time Global Equity & BOND mkts will be hit!
It is just matter WHEN, NOT IF!
CYBER WARFARE is real and is HERE!
zerohedge.com
GOOD LUCK!
Flag ButtonShare
Richard Williams8 hours ago
It's extremely difficult to gain unauthorized access to most protected data yet people with the skill to pull it off have been very successful at it over the past few years. Considering the effort involved, the steadily growing number of mass data breaches seems to indicate a good portion of them aren't pranks but rather done with nefarious intent. The personal and financial data of hundreds of millions is already out there in the wrong hands and stored somewhere, for now. I hate to think of the consequences when the bad guys decide it's go time.
Flag ButtonShare
Richard Cohen13 hours ago
Unfortunately this is the age we live in, and good for DARPA to be trying to anticipate what might happen instead of our normal reacting only to what has already happened. I only hope that a lot of other industries are doing the same sort of anticipatory thinking.
Flag ButtonShare
2
Nancy Ferguson14 hours ago
I thought Michael Lewis mad a great case for the fact our entire market is being front run. It's a tried and true way to cheat people which is why it is illegal. What's their evidence that this isn't happening? Agree the horse has already left the barn.
What's to keep the flash crash from happening every day? Except closing the markets? which in itself would be a victory for those trying to harm the markets.
Flag ButtonShare
1
jean paul buffon14 hours ago
high frequency traders do not worry me them and prop desks base algos on technical patterns known to any solid trader. So easy to anticipate them. Do they front run may be because they are no skilled traders just python coders. JL made most of his money on reversals this is where gold is. A skilled traders knows the reversal points or pivots.
Proof of this axiom above most trading desks last quarter following that barely made money. Sure some HFT do make some money by front running but harder and harder while too many in this game of python coding or C coding on bid ask
Flag ButtonShare
Stephen Elkins15 hours ago
Irony , idiocy and redundancy all rolled into one. Take your pick. Darpa, that fount of finance, economics and markets, seeks advice from a group that undermines price discovery for a living. Where's the SEC, FINRA, etc? Worried about bad data? How about the BLS data that moves markets and is revised quarter after quarter after quarter? Then there is "fake" news, which is interesting by itself, since the algos are stumped by it at the speed of light. Which begs the question is DARPA out to protect the project participants or the "markets"?
Flag ButtonShare
Chin Wu15 hours ago
Let me get this. The threat Pentagon is trying to prevent is the damage to the finacial system, when the high frequency traders traded on fake data from the enemy. Aren't they doing just that to their counter parties with their algorithms every minute now?
Its a risky behavior, because the behavior is a threat to our national security. It's ridiculus for DARPA to pay Wall St traders who has the power to blow us up. Just ban the greedy hi-freg traders from trading!
Instead, I would suggest spending the DARPA money on how to prevent a Pentagon general from being blown up in his car or home by a GPS enabled drone!
Flag ButtonShare
3
Richard Berlin15 hours ago
Depends upon one's goal. A solution might not involve an algorithm.
Flag ButtonShare
MARK GIBBONS16 hours ago
20 years? Try two if we're lucky. While applauding this effort it's a day late and a dollar short and the 'experts' all know it.
Flag ButtonShare
2
Marc Boswell15 hours ago
@MARK GIBBONS And as it pertains to DoD networks, the horse left the barn a long, long, long time ago.
Flag ButtonShare
Nate Smith16 hours ago
I keep hoping they will finally catch someone older then 14 hacking ,still waiting . |
