For the third time in twelve months there is some public evidence of reliability issues on major exchanges.
Last May it was the Flash Crash, which I need to point out - did not get ascribed to malice. However, it did point out the overall fragility of the system.
People in general and security people in particular overfocus on threats. From an engineering standpoint it does not matter if its mailicious or accidental. The catalyst could be the mafia or it could be Homer Simpson falling asleep on his keyboard. If rm -r makes your data go bye-bye, then its not a matter of intent, its a matter of how resilient your system is.
Then in October we had the Nasdaq attack. And now we have another public report
Data Guru Battles BotTraders:
Hunsader theorizes that one new algorithm appears to be trading E-mini S&P 500 Futures (they're a fraction the size of standard S&P futures contracts) at the Chicago Mercantile Exchange. The algo alters the prices of related instruments, like index-based the SPDR S&P 500 (SPY) exchange-traded fund and underlying Standard & Poor's 500 stocks and options -- creating arbitrage opportunities; when it's active, the bid-ask spread on SPY as traded on Nasdaq's Philadelphia exchange sometimes widens from a penny to a dollar. The spreads on the SPY stay within a penny on other exchanges.
And, says Hunsader, the algorithm instantly buys or sells enough E-mini contracts to trade through the top three levels of the electronically displayed order book in about 50 milliseconds. He detected the trading pattern on 18 days in March. The CME had no comment.
Another algorithm, says Hunsader, changes order sizes at the top of the order book in about 20 to 40 stocks on Nasdaq for a few milliseconds several times a day. Each stock is traded anywhere from 2,000 to 4,000 times a second, double to quadruple the norm. The activity floods the quote system with trade data, but so far seems to cause no harm. On March 16, the CQS saw peak-volume traffic hit warp speed: a record 390,000 messages per second for all stock symbols between 11:01 a.m. and 11:02 a.m. (A year ago, such volume would have swamped the CQS, as peak capacity was 200,000 messages a second.) At 11:01:48 a.m. -- the peak of the weird trading -- 10.5% of the quotes on CQS were locked or crossed, meaning that the bid exceeded the offer. The next second, it was 13%. Usually, about 3% of trades are crossed.
These trading systems has particularly nice features for the attacker - ability to automate bots and to monetize. With the markets moving to high frequency trading it gives plenty of room for malicious actors to operate in.
Comments