The 10 Ways Hackers Will Bring Wall Street To Its Knees

computer nerd hacker hack cyber crime teenager internet web geek

Right now, nothing scares Wall Street more than looming regulation and taxation from Washington.

But politicians aren’t the only threat. There are also numerous technical threats, like trading algorithms gone haywire, traders making billions of dollars in rogue transactions, or Russian cyber-gangs hacking into bank servers.

Even a “fat finger” human error can send a stock tumbling.

See 10 Threats To Financial Markets >

Those are just some of the ways someone could disrupt financial markets and undermine consumer confidence, separate from more traditional hacking attacks on personal information, like credit card numbers.

To be fair, a systemic attack would be tricky to pull off. “Nothing’s impossible, but it’s very difficult,” says Bill Nelson, President and CEO of the Financial Services Information Sharing and Analysis centre, noting that generally networks are not on the Internet, the gateway for hacking. “We haven’t seen many threats to it — it’s like a big moat around the castle you can’t get over.”

Still, the financial industry knows about the problem. “To maintain that confidence, the sector works aggressively to protect itself from cyber crimes,” says Doug Johnson, VP of Risk Management Policy for the American Bankers Association. ABA, however, declined to give specific threats because “we don’t want to put ideas in criminals’ minds.”

So what are the threats? We’ve found financial market risks include complex schemes like trading using multiple online identities, but more often involve plain vanilla techniques, like issuing a fake press release on company earnings or spreading stock rumours on instant messenger.

“The hacking is harder than you think,” says Ben Bittrolff, CFO of high-frequency Cyborg Trading Systems. “It’s easier to attack the soft under-belly by spreading vicious rumours or false data.”

See 10 Big Threats To Financial Markets >

[slideshow]
[slide
permalink=”send-a-fake-press-release-1″
title=”Send a fake press release”
content=”Fake press releases are a relatively simple way to violently move a stock and undermine confidence in the markets.

The 2000 example of Emulex proves the point. Mark Jakob, a former employee of Internet Wire wanting to make money by shorting the company’s stock, sent out a fake press release from Emulex, falsely stating there was an SEC investigation, the CEO had resigned, and that the company was revising and lowering its earnings.

Several news organisations republished the press release, and in a 16-minute period following the republication of the fake, 2.3 million shares of Emulex stock were traded and the price plummeted almost $61, from $103.94 to $43.00, resulting in Emulex losing $2.2 billion in market capitalisation.

Besides Emulex, other examples of stock-moving press releases include fakes of information from Lucent and PairGain.”
image=”http://static.businessinsider.com/image/4b62feb1000000000083e411/image.jpg”
caption=””
credit=””
credit_href=””
]
[slide
permalink=”spread-market-rumors-on-im-2″
title=”Spread market rumours on IM”
content=”Likely the most common way to manipulate financial markets is the spreading of false rumours.

Instant messenger on platforms like AIM and Bloomberg can be used to cause selling or buying, which can then be exaggerated by computer algorithms at hedge funds and banks that automatically trade on pre-set market movements.

One recent example of instant messaging trouble comes from the Galleon Group insider trading investigation. One firm linked to the web of advance information was trading company Schottenfeld Group, which, as Reuters reported, has a history with illegal market whisperings.

In 2007, trader Paul Berliner used instant messenger to spread a false rumour to other brokers and hedge funds that Alliance Data’s takeover by the Blackstone Group was being changed to $70 a share from $81.75 a share. He then shorted the stock for a profit, according to the SEC. Without admitting or denying the allegations of securities fraud and market manipulation, Berliner settled with the SEC, paying back the $26,129 in profits; a maximum $130,000 penalty; and barring him from association with any broker or dealer.”
image=”http://static.businessinsider.com/image/4b6355d5000000000094b1c9/image.jpg”
caption=””
credit=””
credit_href=””
]
[slide
permalink=”cause-an-algo-to-go-wild-3″
title=”Cause an “algo” to go wild”
content=”The increases in automated trading based on algorithms, or ‘algos,’ raises fears that one could be manipulated, setting off a market-moving chain reaction to other computers.

An intentional attack is unlikely because it would need to come from someone with inside access, as opposed to an Internet-based hack. Still, a recent unintentional error shows how quickly misbehaving ‘algos’ can affect the market.

Ars Technica has this helpful summary of a recent melt-down at Credit Suisse:

‘On November 14, 2007 at 3:20pm one of Credit Suisse’s trading algorithms suddenly went haywire, and, in a few moments, sent hundreds of thousands of bogus requests to the exchange. This sudden surge of requests, which were cancellations for a large batch of orders that the machine had never actually sent out, acted like a denial-of-service attack on some parts of the New York Stock Exchange. The messages clogged the tubes and caused parts of the exchange to freeze up, affecting trading in 975 stocks.’

NYSE fined Credit Suisse $150,000 for ‘failing to adequately supervise the development, deployment and operation of a proprietary algorithm, including a failure to implement procedures to monitor certain modifications made to the algorithm.’

What’s scary is what set off the problem: a trader’s double click — instead of a single one.”
image=”http://static.businessinsider.com/image/4af855df0000000000beeb23/image.jpg”
caption=””
credit=””
credit_href=””
]
[slide
permalink=”release-false-economic-data-4″
title=”Release false economic data”
content=”Naturally, markets react to big government data releases, like the latest GDP or unemployment figures. What if someone got access and manipulated the numbers?

Government agencies like the Bureau of Economic Analysis makes it sound highly unlikely because of elaborate security protocols, but anything’s possible. We don’t know of a successful attack, but there have already been some real-life goofs, as Zero Hedge pointed out about this Federal Reserve data.

Plus, if Iraqi insurgents can hack U.S. drone video feeds with $26 off-the-shelf software, as they did in December, who knows.”
image=”http://static.businessinsider.com/image/4b63688b0000000000832484/image.jpg”
caption=””
credit=””
credit_href=””
]
[slide
permalink=”trade-as-multiple-people-5″
title=”Trade as multiple people”
content=”Another threat is making big trades using multiple online trading systems.

A small scale examples shows how, if multiplied, there could be real problems. In September 2009, 25-year-old Van Dinh (pictured) confessed to hacking into a New York-based currency exchange service and gifting himself more than $100,000.

According to the FBI (via Wired) Dinh ‘set up a legitimate account with an online currency exchange service based in New York. Two weeks later, he logged in using an administrative password and added $55,000 to his account. The bureau says he added another $55,000 two days after that. At the same time, Dinh used his access to make currency trades on two other customer accounts, and then gave one of them $140,326.75.'”
image=”http://static.businessinsider.com/image/4b636b130000000000f35826/image.jpg”
caption=””
credit=””
credit_href=””
]
[slide
permalink=”steal-code-6″
title=”Steal code”
content=”This technique hasn’t been used maliciously yet, but it has the potential to temporarily damage U.S. financial markets.

Sergey Aleynikov, a former Goldman Sachs computer programmer, allegedly stole proprietary source code for software used to make high-frequency trades at the bank.

Aleynikov claims he inadvertently downloaded only a snippet of code, which he never used. Goldman says the code he downloaded could undermine the company’s entire investment in high frequency trades, which is estimated to be a $8 billion to $20 billion a year business.

Image: About-Knowledge
image=”http://static.businessinsider.com/image/4b4f490c0000000000ad488e/image.jpg”
caption=””
credit=””
credit_href=””
]
[slide
permalink=”make-rogue-trades-7″
title=”Make rogue trades”
content=”Sometimes, the biggest threat to banks and financial data doesn’t come from hackers, but from rogue insiders who use company software for unauthorised financial plays.

Jérôme Kerviel, a Société Générale trader, falsified trades to conceal $73 billion in bets he made on risky futures markets, as Forbes summarizes. When the French bank, whose own market value isn’t worth $73 billion, discovered the rogue trader’s excessive positions in January 2008, the bank reportedly lost $7.36 billion. Kerviel’s trial is pending for one of the decade’s worst financial crimes.”
image=”http://static.businessinsider.com/image/49b9b91490ad9a4981726f00/image.jpg”
caption=””
credit=””
credit_href=””
]
[slide
permalink=”get-into-bank-accounts-8″
title=”Get into bank accounts”
content=”Sometimes, the exact method isn’t known, but a Russian hacking group known as the ‘Russian Business Network’ may have struck at least one large international bank.

In December, the Wall Street Journal reported that the FBI was probing a computer-security breach, likely by Russian hackers, targeting Citibank that resulted in a theft of tens of millions of dollars. Citigroup was forceful in denying the report.

If the breach was real and similar threats remains, ‘security officials worry that, beyond stealing money, hackers could try to manipulate or destroy data, wreaking havoc on the banking system. When intruders get into one bank, officials say, they may be able to blaze a trail into others,’ notes the WSJ‘s report.”
image=”http://static.businessinsider.com/image/fc37544b831aa8492162b200/image.jpg”
caption=””
credit=””
credit_href=””
]
[slide
permalink=”make-a-fat-finger-mistake-9″
title=”Make a “fat finger” mistake”
content=”

Sometimes, simple human error can cause as much panic as a malicious attack.

A recent ‘fat finger’ market swing happened recently with Rambus’ stock. RMBS fell 35% in minutes (and immediately bounced back) possibly after a trader messed up and sold too much stock accidentally, causing a swift and violent sell-off.

As Dennis Dick of Bright Trading explained on Zero Hedge, the Rambus case exposed a cause for concern: ‘But what if the real cause wasn’t just a trader with a “fat finger”, accidentally selling too much stock? What if it was something more serious? I believe it is. I believe the real cause for this move is a major concern for our markets. The real cause may have been high frequency market making gone bad.'”
image=”http://static.businessinsider.com/image/4b3b83ce0000000000743817/image.jpg”
caption=””
credit=””
credit_href=””
]
[slide
permalink=”hacking-into-bank-payrolls-10″
title=”Hacking Into Bank Payrolls”
content=”In November, a ring of Estonia, Russian and Moldovan hackers were indicted by the Dept. of Justice in Atlanta on charges of hacking into a computer network operated by credit card processing company RBS WorldPay, a Royal Bank of Scotland division.

Authorities called it ‘perhaps the most sophisticated and organised computer fraud attack ever conducted.’

According to prosecutors, the group allegedly used ‘sophisticated hacking techniques to compromise the data encryption that was used by RBS WorldPay to protect customer data on payroll debit cards…Once the encryption on the card processing system was compromised, the hacking ring allegedly raised the account limits on compromised accounts, and then provided a network of ‘cashers’ with 44 counterfeit payroll debit cards, which were used to withdraw more than $9 million from more than 2,100 ATMs in at least 280 cities worldwide, including cities in the United States, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan and Canada.’

The $9 million loss occurred within a span of less than 12 hours.

Image via Wired
image=”http://static.businessinsider.com/image/4b4f55f300000000006fe23e/image.jpg”
caption=””
credit=””
credit_href=””
]
[slide
permalink=”dont-miss-11″
title=”Don’t miss”
content=”The Decade’s 10 Biggest Financial Crimes >
image=”http://static.businessinsider.com/image/4b2fa47e0000000000010eae/image.jpg”
caption=””
credit=””
credit_href=””
]
[/slideshow]

NOW WATCH: Money & Markets videos

Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.