To Catch an Algo Thief

Catching a cyber-thief who steals high frequency trading strategies takes cunning and technology, not another thief.

The 1955 film To Catch a Thief was based on an old saying: "It takes a thief to catch a thief." The saying meant that only a dishonest person knows what lies in the mind of another dishonest person.

Today's thieves are more sophisticated than the film's cat burglar portrayed by Cary Grant; they are more interested in stealing money-spinning high frequency algorithms rather than diamonds and pearls.

High-speed trading algorithms are an alluring target for cyber thieves; if they filch the right algo it can mean untold riches from the marketplace. Apparently, these algos are so appealing that there has been a spate of targeted attacks lately -- aimed at stealing the code that underlies their trading strategies, according to the FT.

Luckily two out of three of these did not make it to the Internet before the cyber-perp was caught. Lucky indeed; a lot of havoc can be raised very quickly by high frequency trading gone bad. In the case of HFT algo thieves, it does not take other thieves to catch the cyber-perpetrators. More sophisticated methods are needed to try and grab them sooner than can currently be done.

According to the FT, it takes on average 229 days for targeted breaches of security to be discovered. In HFT, 229 days is a lifetime -- around 150 trading days. A high frequency trading firm can trade billions of shares per day and HFT makes up more than 50 percent of the U.S. stock market, which trades around 7 billion shares per day currently.

Knight Capital, the poster child of algos-gone-wrong, was trading as much as 3.97 billion shares per day in 2008, which equated to nearly a quarter of all daily U.S. trading (12 billion or so at the time). If we multiply Knight's daily figure times 150 trading days, an HFT firm could trade almost 600 billion shares.

That means that a major player's HFT strategy, if cleverly changed by a hacker, could subtly redirect the market -- either up or down. Now imagine if the hacker was a terrorist. I have said it before: I believe that algorithmic terrorism in financial markets is a real possibility. A well-funded criminal or terrorist organization could find a way to cause a major market crisis. This type of scenario could cause chaos for civilization and profit for the bad guys and would constitute a matter of national security.

So much of our economy is underpinned by electronic trading that protecting the markets is paramount. Exchanges, ECNs, clearing houses and financial messaging networks all need to add more stringent real-time monitoring and surveillance capabilities.

Cyberterrorism is on the upswing and algorithmic terrorism is the next iteration. Markets should be monitored in real-time for patterns indicating fraudulent behavior; like hackers taking part in trading activities. For instance, trading firms should monitor for their algorithms moving outside of normal behavior and regulators should monitor for trading firms moving outside of their normal behavior patterns. Only by keeping a close watch on the markets and the participants involved can financial terrorism be nipped in the bud.