Hackers Steal Trading Algorithms From Hedge Funds

And It’s Not The First Time

Hackers have been stealing the secret algorithms and tactics used by hedge funds and high-frequency trading firms, according to two security companies.

Such algorithms, frequently referred to as “the secret sauce”, can be the lifeblood of a financial firm, and are designed to take advantage – often automatically – of infinitesimal price discrepanciesin the stock market that may only last for milliseconds.

The security vendor Kroll reports that it has recently investigated three incidents involving hackers stealing such algorithms. “In two of the cases we were able to find the bad guy and stop him before he could share it on the Web,” Ernest Hilbert, Kroll’s head of cyber investigations for Europe, the Middle East and Africa, tells the Financial Times.

Greg Day, chief technology officer at information security firm FireEye, likewise describes another algorithm-targeting hack attack that his firm’s digital forensics investigators recently found. “It was a very targeted attack looking at gaining access to automated trading models,” he tells theFinancial Times, noting that this is part of a pattern of hackers increasingly executing “targeted attacks going after a high-value return.”

By stealing firms’ secret algorithms, digital forensics experts say, attackers could attempt to extort the firms into buying them back again, or else risk news of the theft becoming public, which might cause customers to panic. Alternately, in a “hack for hire” situation, an unscrupulous rival might attempt to make use of its competitor’s algorithms. “Data is a commodity to be bought, sold, stolen and traded. Financially motivated hackers are always looking to make money and build on the fortunes they have stolen,” Hilbert tells Information Security Media Group. “Hacking-for-profit is organized and lucrative. It’s not some kid in their mom’s basement looking to ‘card’ something off Amazon. This is organized fraud and financial manipulation.”

This isn’t the first time that warnings have been sounded over the theft of funds’ secret trading algorithms. On Feb. 24, Chinese national Kang Gao pleaded guilty to stealing documents from his former employer, the Manhattan-based international hedge fund firm Two Sigma. According to court documents, Gao’s employment contract prohibited him from attempting to access the quantitative trading strategies, trading models and related scientific and marketing materials that he admitted e-mailing to himself. He’s due to be sentenced in April.

“Computer source codes and proprietary trading methods are often the lifeblood of a company’s business model, and stealing them is a crime,” says Manhattan District Attorney Cyrus R. Vance, Jr. “Gao admitted to copying highly confidential material from his employer before heading to China to meet with investors in the company he hoped to launch.” But Vance says Gao was stopped “before he was able to do any serious harm.”

Are Targeted Algorithm Attacks Increasing?

Despite the incidents cited by Kroll and FireEye, however, it’s not clear if there’s been a surge in algorithm-targeting hacks. “It would not be unrealistic to expect to see an uptick, as we are seeing more attacks focusing on bigger returns, rather than the en-masse crimes,” FireEye’s Day tells ISMG. But it’s also unclear whether attacks have been launched by hackers that want to extort targeted firms, or whether these attacks have been commissioned by firms’ rivals.

Either type of attack “is likely to be difficult and rare,” John Miller, manager of cybercrime intelligence at threat-intelligence firm iSight Partners, tells ISMG. “The extortion scenario, though, is somewhat more plausible: extortion would probably be much easier than actually using the stolen data for trading.”

If an unscrupulous competitor did fund such an attack, however, it would likely be a sophisticated operation, Miller says, and benefit from the hacked firm being unlikely to reveal the intrusion – if discovered – for fear of spooking investors. “That victim – even if it could identify the attack – may not want to reveal the incident externally, to protect the victim’s reputation and credibility,” he says.

Read the full story on bankinfosecurity.com

Previous ArticlePassword Sharing And Reuse Prevalent In Enterprise: STUDY Next ArticleNew Cybersecurity Exam Process For New York Banks