The Hacking of NASDAQ

puddingebola (2036796) writes Businessweek has an account of the 2010 hacking of the NASDAQ exchange. From the article, "Intelligence and law enforcement agencies, under pressure to decipher a complex hack, struggled to provide an even moderately clear picture to policymakers. After months of work, there were still basic disagreements in different parts of government over who was behind the incident and why. 'We've seen a nation-state gain access to at least one of our stock exchanges, I'll put it that way, and it's not crystal clear what their final objective is,' says House Intelligence Committee Chairman Mike Rogers, a Republican from Michigan, who agreed to talk about the incident only in general terms because the details remain classified. 'The bad news of that equation is, I'm not sure you will really know until that final trigger is pulled. And you never want to get to that.'"

The market is rigged already

Would we even notice if it was hacked?

Re:The market is rigged already

[GameboyRMH]

Exactly. Do your worst, black hats. The system's already rooted by Wall Street bankers.

Re:The market is rigged already

[GameboyRMH]

That's not a perfect analogy, but it's not too far off.

It's more like this. There's a classifieds forum which regular users can refresh once every 10 minutes. Special users with a paid subscription can refresh once per second.

You post "Bicycle wanted, will pay up to $500" and someone else posts "Bicycle for sale, $400" then the speedy special user buys the bicycle for $400 and puts it up for sale for $500 before you or the seller can refresh (at best, when they're not doing even shadier things like spamming the forum with fake Wanted posts etc).

Somehow this is supposed to produce value. I think it has a similar effect on the economy to either robbery or counterfeiting currency. I can see no way this produces any value.

Re:The market is rigged already

[lgw]

You've got it completely backwards, is the thing. Don't worry, most people get this backwards, because they reason from "these guys must be evil" to "ahh, so it must work like this".

It works like this. You want a bike, you don't have time to research the right price, you just hope the market price is OK:
* Mr B posts "Bicycle wanted, will pay up to $500"
* Mr S posts "Bicycle for sale, $600"
* Special user says "OK, now buying bikes for $520, selling for $580"
* You post "buying 1 bike, best price".

You get the bike $20 cheaper. The market maker takes a risk here: that he can balance buys and sells, and not get left holding the bag when the price changes.

But the story gets better:
* Special user 2 says "Oh, I see you Special 1, I'm now buying bikes for $525, selling for $575, hey, $50 a bike is better than nothing.
* Special user 1 says "Oh no you didn, Buying for $530, selling for $570"
* Very quickly it's $550/$551.

You get the bike for $551, $49 cheaper. I've seen this happen over the past 15 years, where the bid-ask gap shrank by that much on options. Competition is so fierce you see sub-cent pricing now: you'll get filled at $550.0001 or $549.9999 sometimes, because in very active markets these guys can make a killing with less then 1 cent profit.

Do you see now why it adds value?

Security

[BitcoinBenny]

The security of the stock exchanges is really pretty bad. Low latency access means no firewalls and few application level checks. For the longest time people were sending ethernet raw packets...There is a perverse incentive not to properly secure exchanges because security is slow.

Re:Security

[gstoddart]

There is a perverse incentive not to properly secure exchanges because security is slow.

When so much profits depends on fast, direct access to skim money off the top with high frequency trading, these people do not want security.

They want to be able to access the system directly, and security be damned.