Security experts have observed an increasing number of targeted attacks against the code underlying financial companies’ in-house trading algorithms.
Ernest Hilbert, head of security firm Kroll’s cyber investigations for Europe, the Middle East and Africa, has already detected and helped stop at least two such attacks.
“We have seen cases of the source code for algorithms being stolen,” Hilbert said. “In two of the cases, we were able to find the bad guy and stop him before he could share it on the web.”
Most financial companies are well aware of the threats regarding insiders stealing in-house intellectual property.
However, now external attackers are targeting trading models and other valuable company data, information which they could use to blackmail the victim company for ransom. They could also implement the algorithms in the markets or sell them to unscrupulous traders.
Ken Westin, a senior security analyst at Tripwire, feels that these types of attacks mark a growing trend in white collar hacking in which cyber criminals are targeting financial companies’ intellectual property.
“White collar hacking is becoming more common, whether it is an insider exfiltrating corporate documents or criminal syndicates targeting information that can be sold to brokers giving them an edge in the markets,” remarks Westin.
“Not only are trading algorithms at risk. In the right hands, other information, such as patent status, trade secret information, and manufacturing processes and yields, amongst other pieces of information that may not initially seem sensitive, could provide a trader or competitor with information that would give them an edge over other groups.”
Notwithstanding these threats, financial companies and fund houses have been slow to respond. Hilbert believes this is so due to a lack of security awareness on the part of asset managers.
“They do not understand what the threats are,” he said. “They think about how to get the assets in and how to maximise profits for themselves and clients — they rarely think about anything else.”
This misunderstanding may in part be informed by the assumption that external hackers would not know what to do with stolen trading models once they had acquired them.
“It would be difficult for anyone to steal anything from here of which they could make much sense,” commented David Harding, chief executive of Winton Capital. “They might try, but they probably would end up not succeeding.”
But this viewpoint underestimates the intuition of cyber criminals, as Westin rightly notes: “The important thing to realize is that if there is a buyer for this data, it has value, and as such, criminal hacker groups will target it. I therefore expect to see more of these types of thefts occur.”
No information on the attacks observed by Hilbert is available at this time due to confidentiality agreements with the affected companies.