This guest article was written by Albert Goldson who is the Managing Director of Indo-Brazilian Associates LLC.
Global finance’s exclusive reliance on electronic communication, together with the billions of dollars traded daily, present lucrative opportunities for cyber-terrorists and criminals from both within and outside of the finance industry. Some breach the system while others ‘game’ or ‘spoof’ the system, misleading traders and investors and opening up a window of opportunity to make quick profits.
One notable high-profile example was the Flash Crash that occurred on May 6th, 2010, when, according to authorities, trader Navinder Sarao, with only a laptop from home, contributed to the market tumbling almost 1000 points through an automated trading program. The tactic he employed is called ‘spoofing’ which artificially moves prices.
Mr. Sarao generated large sell orders without executing them. When other investors viewed large sell orders, they too decided to dump their shares. After the share price plummeted, Mr. Sarao purchased the now cheap shares and pocketed the profits when the markets recovered shortly afterwards. Additionally, he had earlier established several offshore accounts, supposedly to avoid taxes.
This case has itself spawned conspiracy theories- could only one brilliant man acting alone trigger such a trading hysteria, or was he a front or the fall guy for either a large corporation, a government or a professional high-tech criminal gang? Regardless of the identities of the actual perpetrators, it highlighted the vulnerability of the global financial market, particularly with the increase in numbers of high-frequency traders, whose programs can move share prices in milliseconds.
The more troublesome question is whether this was a one-off affair or a test run for something far more ominous.
Axia Extends Market Footprint in GCC RegionGo to article >>
Computer viruses can be easily hidden and embedded within the natural anomalies of a complex system
In today’s market, where extreme volatility is the norm and the nature of global finance is ever-changing, computer viruses can be easily hidden and embedded within the natural anomalies of a complex system. Detecting such anomalies is exceptionally challenging. An example is the success of the Stuxnet virus program which compromised Iran’s nuclear program, befuddling the Iranian scientists who initially thought that their equipment’s sub-par performance was a quality issue. Additionally, other problems in the development process were assumed to be normal occurrences during the course of high-precision production because they were so subtle.
An equally powerful program unleashed in the global financial world can target a specific stock exchange or country, and can compromise not only the target’s ability to conduct critical transactions, but can also undermine the credibility of the market’s security systems.
Often it’s not the breach itself or even the disruption of trading that unnerves traders and investors, but rather the subsequent psychological impact of database credibility; whether what everyone sees on the computer screen is indeed an accurate and verifiable value that can be safely traded.
Ironically, in a complex world of grays, the choice of cyber-terrorists is black or white: make a statement or make money. Do they choose to provoke a spectacular crash or engage in a surreptitious parasitic economic blood-letting?
With respect to the former, the placement of shorts prior to a cyber-attack may likely trigger alarms before the event ever happens. If they succeed, then they become the targets of governments and will always be on the run.
With respect to the latter, such a virus is far more difficult to detect and interpret, thus in the long-term it is significantly more lucrative. Pulling off such a long-term, ongoing robbery without being detected is more challenging in the internet era because of security systems that monitor unusual patterns. However, a clever individual can convince the security systems that its manipulations are part of the normal operations.