High frequency Trading? Statistical Arbitrage? Barrier Options? Credit Default Swaps? What does all this mean to a penetration tester responsible for assessing the security of your “10-billion-under-management” firm’s next generation trading platform and why should you care? Why is it that Investment Banks who have by far the highest security spending budgets in the private sector, still seem to have (and badly cover-up) cases of rogue trading and financial espionage, leveraged by the misuse of technology? Ever wondered how easy it is to write an order sniffer capable of tapping live trades that can be used to mimic or 'front-run' your hedge fund's ultra secret portfolio strategy? In the new world order of computational finance, these issues are fast becoming the norm – The recent theft of proprietary algorithmic code at Goldman Sachs and the biggest case of rogue trading at Societe Generale are just few of the cases that have uncovered the rising trend of leveraging technology to mount such attacks. CISO’s of banks, hedge funds and asset management firms are keen on addressing regulatory and compliance issues, however a key area of technology risks introduced by theses systems yet remains largely unaddressed.
“Hacking the Trading Floor” is a two part presentation that covers the past-present-future of application security risks associated with most front, middle and back office trading environments, including algorithmic and high frequency trading platforms, and further demonstrates practical exploitation of the FIX (Financial Information eXchange) protocol. A FIX oriented malware and FIX sniffer to tap live trades shall be demonstrated that may further be used to front run trades or manipulate or misprice order information.