Emerging opportunities for market manipulation.

As you can see, the activities noted above can have an adverse impact on our financial markets. But there are other threats that may prove to be even more disruptive and abusive.

 Deliberate interference with data transmission. The network topology and transmission techniques used by the financial system today are vulnerable to intentional interference. Based on an Ethernet-like model, this communication system uses a Corruption Recognition scheme similar to the Collision Detection protocol that serves as an international standard for network management according to IEEE 802.3 and ISO 8802.3.

This widely used protocol helps networks ensure data integrity when interference (sometimes called “jitter”) causes packets of data to be corrupted. For example, corruption can occur when two devices on a network try, either deliberately or other normal circumstance, to send data over the same channel at the same time. The signals collide, and that collision causes data corruption.

Network protocol will recognize that corruption of a packet has occurred and so the network quickly recognizes the problem. After a specified amount of time, the transmitting device is instructed to re-send the data.

In normal operating environments, most data corruptions are not a cause for concern, since the incremental delay in transmission time has little or no effect on the parties involved. But in a high-speed trading environment, the increased latency of a corrupted communication could have a major impact on the ultimate failure or success of a trade. After all, corrupted market communications that necessitate re-transmission would operate at a decided disadvantage to uncorrupted trades with their lower latency.

Here’s something else to consider. Since it is technically possible to deliberately cause interference that will corrupt communications coming from another address on a shared network, it is only reasonable to assume that unethical traders have adopted—or will eventually adopt—this underhanded practice as a way to gain an unfair advantage over competitors using the same wire or optical fiber communication path.

What makes the situation even more unsettling is this: It is very difficult to prove that data corruptions are deliberately caused. It is also nearly impossible to identify the responsible party based on current IT forensic capabilities. As a result, perpetrators will run virtually no risk of detection until a solution is found.

■ The potential for “cracked trades.” Even though most current Internet activity is protected by encryption, the possibility exists that trading communications could be “hacked” and decrypted as well as delayed through intentional data packet corruption.

Certainly, the infrastructure for cracking trades exists today with the rapid proliferation of extremely fast computers and the growing number of expert hackers with the skills and tools necessary to develop sophisticated decryption algorithms.

In addition, there are a number of related activities like industrial espionage, cyber terrorism, “hacktivism,” and Internet-based crimes like “phishing,” malware insertion and “man in the middle” eavesdropping attacks that are steadily advancing the art and science of cybercrime, hacking and decryption.

In evaluating this increasing threat, it’s important to remember two additional points.
Cyber criminals do not have to crack encryption keys in real time to discover “secrets.” If a hacker can crack the key at any point during the timeframe that the key is in use, he or she will have unfettered access to encrypted trade information. As a result, the hacker will have an unfair trading advantage until the “cracked” key is changed.

● Even in cases where encryption keys cannot be cracked, the IP addresses for senders and receivers are not encrypted. This pervasive security loophole exposes some trades to potential exploitation and abuse.

The alarming vulnerability of modern trading systems.

At present, regulators may not have firm evidence of deliberate interference, cracked trades, snooping, and other forms of Internet-based market espionage. But if you examine published data on TCP/IP connectivity and transmission technology, it’s clear that the infrastructure used to support trading and other market activities is highly vulnerable to exploitation.

It’s also important to remember that leading security vendors like Verisign and Symantec have already been “hacked” by Internet intruders, proving that significant vulnerabilities exist even in best-in-class systems.

In light of all of these issues and threats, the most prudent course for both regulators and self-regulating exchanges is to assume that the possibilities outlined above will eventually turn into probabilities, given the immense rewards that can be reaped by unfair and unethical trading activities.

The increasing challenge for regulators.

In a relatively short span of time, technological developments have revolutionized trading in the world’s financial markets. In the beginning of the 21st century, most of the orders in the U.S. were still executed manually and by telephone. Today, only a dozen years later, almost all of the traffic is handled electronically.

Obviously, the marriage of computing technology and trading has brought many benefits to the markets, including increased speed and efficiency and substantially reduced trading costs. But the use of increasingly sophisticated technology has led to a number of new dangers and risks that regulators and self-regulating organizations have yet to control.

Here’s one noteworthy example. Technological advancements have made it possible for new trading venues to emerge outside of the traditional exchange infrastructure. These venues, in turn, have given rise to arcane trading practices like “dark pools” that help market participants disguise large volume trades and maintain more favorable pricing than would exist in a truly transparent market.

In addition, it is important to remember that our complex, interconnected, computer-driven global trading environment makes it very difficult for regulators to perform the forensics necessary to detect market manipulation and identify the perpetrators.

After all, regulators—who have the primary responsibility for ensuring market transparency and fairness—often operate with IT systems that are decidedly inferior to the sophisticated, state-of-the-art platforms used by High Frequency and Algorithmic Traders.

Of course, regulators also have to deal with a crushing volume of traditional crimes like insider trading and fraudulent investment schemes that tax their limited resources. And their efforts to keep pace with all of these market manipulators suffer from the same budgetary constraints that affect all governmental organizations.