Hackers find new way to cheat on Wall Street

High-frequency trading networks, which complete stock market transactions in microseconds, are vulnerable to manipulation by hackers who can inject tiny amounts of latency into them. By doing so, they can subtly change the course of trading and pocket profits of millions of dollars in just a few seconds, says Rony Kay, a former IBM technology fellow and founder of cPacket Networks, a Silicon Valley firm that develops chips and technologies for network monitoring and traffic analysis.

Kay, an Israeli-born computer scientist and one-time Intel engineering manager, says the root of the problem is the increasing speed of networks; as they get faster and faster, our ability to to tell the truth understand events taking place within them isn't keeping up. Network monitoring research can detect perturbations in network traffic happening in milliseconds, however when changes occur in microseconds, they're not visible, he says.

cPacket has developed a proof of concept showing that these side-channel attacks can be used to create tiny delays in the transmission of market data and trades. By manipulating specific trading activities by several microseconds, an attacker could gain unfair trading advantage. And because the operation occurs outside the range of monitoring innovation, it would remain invisible. "We believe that such techniques pose a substantial risk of creating unfair trading, if used by the wrong people," Kay says.

The financial community

Latency threatens other applications as wellThe lack of visibility into high-speed networks is of concern to more than the financial community. Managing traffic on today's 10Gbps and faster networks is becoming difficult, resulting in degradations of performance, particularly to virtualized systems. "It's difficult to take corrective actions when you can't in effect see what's taking place," Kay says. "If you cannot measure network latency, you cannot control it and cannot improve it."

In a PDF whitepaper on latency, Kay wrote, "Traditionally, applications that have latency requirements include: VoIP (Voice over Internet Protocol) and interactive video conferencing, network gaming, high-performance computing, cloud computing, and automatic algorithmic trading. For instance, one-way latency for VoIP (Voice over Internet Protocol) telephony should as a rule not exceed 150 milliseconds to enable good conversation quality, during interactive games typically require latencies between 100 and 1,000 milliseconds. Nevertheless, the requirements for automated algorithmic trading are much more strict. A few extra milliseconds, or even a few extra microseconds, can enable trades to execute ahead of the competition, thereby increasing profits."

Today's smart CIOs are assessing their workloads against business needs and analyzing where each should run?locally or in the public cloud. Read on to learn about the benefits of cloud computing, and why its success or failure is often dependent on WAN optimization.

See why Nemertes awarded their PilotHouse award to Google Postini messaging security service. Their decisive win over AT&T, Cisco, Symantec and others for superior innovation, customer service and value are worth noting.