U.S. Financial Market Vulnerability Goes On

By Rachel Ehrenfeld
Sunday, August 25th, 2013 @ 2:17PM

Print Friendly, PDF & Email

Al Qaeda’s attack on the New York’s World Trade Center was preceded by Osama bin Laden’s repeated calls to destroy the U.S. economy and its financial infrastructure by all means.

While the U.S. seemed unfazed by Bin Laden’s calls, the Chinese paid attention. In 1999, Colonel Qiao Liang and Colonel Wang Xiangsui (both from the PLA), published their book Unrestricted Warfare (“warfare without bounds”). In this guide for the 21st Century’s financial warfare, Liang and Xiangsui explained: “Financial War is a form of non-military warfare which is just as terribly destructive as a bloody war…[though] no blood is actually shed. Financial warfare has now officially come to war’s center stage.”

As we are witnessing today, the U.S. vulnerability to financial warfare and threat finance seems to be growing. The ramifications and potential consequences of corrupting Direct Market Access (DMA) is of special concern.  DMA or electronic trading occurs globally over a multitude of asset classes 24/7. As electronic markets have evolved, the vulnerabilities of the financial system and national security have increased exponentially.

Additionally, this new “interconnected” system also allows for a new relatively unmonitored global communications network via financial asset “limit order books” that can be accessed from virtually anywhere on the globe.

Last week’s events highlighted the ongoing vulnerability of the U.S. financial markets. Goldman Sachs’s 17-minute snafu on Tuesday morning flooded the market with at least 800,000 options trades (hundreds of times the usual volume). Most of those trades were canceled and luckily dislocations were modest.

On Wednesday, GoDaddy’s ShareThis, a mechanism that allows web-users to share content that interacts with “more than 94% of U.S. Internet users across more than 2 million publisher sites and 120+ social media channels,” was hacked by the Syrian Electronic Army. On the evening of August 21, 2013, ShareThis reported that their website was experiencing “technical difficulties.” They posted a follow-up tweet the morning of August 22 declaring that the service was functioning properly. What ShareThis did not disclose however, was that their GoDaddy domain account was compromised by the Syrian Electronic Army.” While GoDaddy service is back, the company’s clients–again, more than 94% of U.S. Internet users–were unaware that their data has been compromised, and maybe facing dire financial loss and other damages.

Then on Thursday, the NASDAQ trading was shutdown for three hours, apparently because the market data processor (SIP) failed.

Normally, when an exchange has a problem, self-help is declared and the other exchanges route around the “broken” exchange.  But this time, it was an industry-approved shutdown. They halted the trading in NASDAQ stocks in the spirit of fairness.  Pros have other data feeds that can reconstruct order books and trade.  If trading were allowed without the NASDAQ SIP feed, the pros could have raped and pillaged.

USA Today raised the possibilty that Iranian “Cyber Fighters of Izz ad-Din al-Qassam” were “responsible for what happened to the Nasdaq,” but no one seems to know the real cause of the SIP shutdown. Was it another bad “basket,” a short circuit, a denial of service attack, a test run for a terrorist attack?  We are not likely to learn an answer to these questions. And the SEC has no way to find out due to the way it has chosen to implement Rule 613, the Consolidated Audit Trail (CAT).

CAT was adopted in July 2012 after it became clear that the complexity and speed of trades at the exchanges required real-time transaction monitoring. More than a year later, CAT has a long way to go to become operational. Even then, it will audit the trading a day AFTER.

There are “day after” pills to prevent unwanted pregency. However, real time monitoring is necessary to prevent financial disasters.

Before and especially after the 9/11 attacks, ACD has voiced its concern of the growing financial warfare against the U.S. An example is the September 10, 2012, post:

 Will Financial Markets Suffer Next Attack? 


Successive U.S. administrations’ failure to stop al-Qaida helped facilitate the 9/11 attacks. Targeting the World Trade Center, the symbol of U.S. financial might, bin Laden intended to destroy the U.S. financial markets and its economy. He failed. The markets survived.

However, bin Laden’s and other Islamists’ calls to destroy the U.S. economy, along with rapidly evolving technology, left the financial markets vulnerable. Over the past 11 years, the U.S. failed to prepare for another major war – one that is already under way, yet rarely recognized: financial and economic warfare.

Cyber attacks have been the focus for some time. Between October 2011 and February 2012, more than 500,000 cyber attacks on U.S. government and private industry, including 86 attacks on “critical infrastructure networks,” were detected. However, a July 2012 report by the Bi-Partisan Task Force, headed by Gen. Michael Hayden, concluded that these represented “a small fraction of ‘virtual, network type’ attacks against the U.S.”

The U.S. financial industry, supposedly one of the most closely monitored sectors of our economy, remains susceptible to serious threats. Not all from the outside, either. While the streets will not be littered with bodies, when elements of our financial infrastructure – the monetary system, various exchanges – come under attack, the U.S. economy – and the world’s economy-could be severely damaged and millions of people devastated. Smaller attacks are already being carried out incrementally, yet rarely detected, periodically bleeding the market. The reaction, or lack thereof, leaves the stock market open to an overwhelming attack that is likely to leave the U.S. economy in dire straits for years.

Contributing factors to such threats include the opacity of the market, which is exacerbated by greed and rapidly evolving technologies. For example, Knight Capital’s software glitch last August has eroded confidence in the U.S equity market, according to a survey released by the TABB Group. However, there is much more at stake.

Consider May 6, 2010, when the U.S. stock market plunged about 1,000 points (9 percent). Although the market recovered most of those losses in minutes, the U.S. economy is still feeling the aftereffects. Two years later, while worried about a similar crash, the entire financial industry has yet to receive a cogent explanation of why and how this event occurred. A joint report by the Securities and Exchange Commission and the Commodity Futures Trading Commission did not rule out “terrorism” as a possible cause for the 2010 “flash crash.”

An exceedingly electronic-driven market system facilitates high frequency trading (HFT), which, by its very nature, is opaque, unregulated and misunderstood. Moreover, the current market structure’s deficient security leaves it vulnerable to attacks.    Compounding these threats is the Direct Market Access (DMA) – electronic trading facilities that allow investors to interact with the order book of an exchange – as it often is combined with proprietary algorithmic trading strategies.

Adding to market vulnerability are the large number of leading high-frequency programmers, who reside in such countries as Ukraine, Romania, India and the Philippines, and are not subject to proper background checks.

This opens the door for cyber threats from DMA clients and by potential “sleepers” residing at member or brokerage firms.    The idea of a new rule to limit one aspect of “dark pools” has been kicked around for the last two years. It would require dark pool participants to place real displayed orders into the pool before they trade, providing more transparency to the market. But this attempt to prevent dark pool operators from picking their prey – like a sniper – milliseconds before the trading closes, risks objections from the HFT crowd.

This foot-dragging has resulted in investors’ loss of confidence, hurting capital formation and job creation, the very foundation of capitalism.

Recognizing the need to better monitor the markets, the Securities and Exchange Commission recently issued Rule 613 – Consolidated Audit Trail (CAT) – an audit system that will apply to mostly secondary market transactions in the NASDAQ National Market. CAT will capture all orders and cover stocks on that exchange – but excludes over-the-counter options, futures, bonds, foreign exchange or other derivatives trades.

However, the CAT audit will occur a day after trading takes place, not in real time, because the cost of auditing the whole market in real time – more than $4 billion – is considered excessive. While CAT is a positive beginning, it’s too limited, too little and too late to be a major deterrent against crippling economic warfare attacks.

Our financial markets’ vulnerabilities are well known to those intent on sabotage. Despite an awareness of such threats, the nation’s tools for early identification of financial threats remain limited, as the latest survey of IT security executives concluded. These represented 100 companies and organizations with more than $100 million in annual revenue. Moreover, even when detected, financial-industry cyber attacks go underreported, or unreported, because officials are reluctant to divulge information that could prevent further losses.

The threat of a mega attack on the financial markets, a major factor in America’s economic stability, is very real. Crash attacks via high frequency trading would further cripple investors’ confidence in U.S. financial markets and destroy America’s economy for many years. The present stagnant economy and the uncertainties associated with this year’s presidential elections could be a tempting opportunity to create an economic “perfect storm” that the U.S. is currently incapable of preventing.

Further Reading

FT: Nasdaq glitch underscores push for harmonised rules. Markets deal well with outages but unified response is needed. It has not been a good week to be a computer.

Categories: ACD/EWI Blog, Cyber, Latest News, U.S. Policy

On The Campaign Trail

Check the dates and see when we're in your town!