Rob Daly: Securing the Markets
As the financial markets continue to globalize and interlink, protecting individual markets becomes more difficult—especially in these days of sub-millisecond executions.
A prime example of this is the Flash Crash that began in the futures market, but led to an intraday rollercoaster ride for the US equities market. There is still a debate in some quarters about the exact cause of the event, which the US Securities and Exchange Commission (SEC) attributes to a poorly chosen trading algorithm by one market participant. As a result, the Commission has implemented market-wide circuit breakers that would halt trading if something similar happened again.
This protects the markets from internal threats. But how about the markets protecting themselves from outside attacks? Since the start of the year, unknown individuals or organizations have managed to hack into the national registries of Austria, the Czech Republic, Germany and Romania and made off with 2 million European Union Allowances (EUAs) for carbon emissions trading. To put this in perspective, the theft represents a mere 0.02 percent of all EUAs traded on the carbon spot market, according to Commission officials.
To prevent the theft of additional permits, the Commission has exercised its right to prevent the internal or external transfers of permits until the various national registries bring their security up to snuff. In short, the Commission shut down the European carbon spot market. According to officials, the spot market is only 20 percent of the entire carbon trading market, so trading in futures contracts, where the deliverables do not need to be immediately transferred between counterparties, remains unaffected.
As soon as each national registry deploys an improved security infrastructure that meets the requirements that are being hammered out between the Commission and the various registries presently, each market can resume trading. This puts a lot of pressure on the Commission and the registries to make the right security decisions in a short timeframe, since every day the spot market is closed investors are losing money.
One Phish Story
The theft of the EUAs is most likely a crime of opportunity rather than a premeditated one. Some officials suspect that the thieves gained access to the various national registries through data acquired through the infostealer.Nimkey Trojan virus that popped onto the cyber scene last September. Apparently, the virus targets US users by directing them to tax publications hosted on an imitation web page for the US Internal Revenue Service in order to distract them from noticing that the virus is downloading additional malware from servers hosted in Poland, Moldova and Bosnia.
Once all of the malware is in place on the infected system, it gathers all of the digital certificates stored on it as well as their respective passwords via a key-logger component.
The virus most likely hit only a small number of PCs used by carbon traders and then sent the account information back to the virus writers, who then used it to break into the repositories posing as the actual traders.
As long as the market security is based strictly on passwords and digital certificates, this sort of exploitation can happen again. If the carbon spot market wants to be more secure, it must ramp up security by adopting a token-based protocol, for example, which requires a physical key along with a password and digital certificate, and is harder to crack since a hacker would need to duplicate the token as well.
It is a more expensive proposition and in all likelihood would take longer to roll out than a non-token-based security system, but this seems a small price to pay to secure a market and all those linked to it.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@waterstechnology.com or view our subscription options here: http://subscriptions.waterstechnology.com/subscribe
You are currently unable to print this content. Please contact info@waterstechnology.com to find out more.
You are currently unable to copy this content. Please contact info@waterstechnology.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@waterstechnology.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@waterstechnology.com
More on Trading Tech
Getting aggressive: Overbond uses AI to assess dealer axes
The fixed-income analytics specialist has developed a new tool to help buy-side firms decide if they’re getting a good price from their dealers.
TS Imagine integrates LTX’s pre-trade analytics tool
Users of the fixed-income EMS will now have access to LTX’s Liquidity Cloud tool, which provides a pre-trade score for the likelihood of trading success.
European exchanges turn to dark trading in battle for flow
The EU’s two biggest exchanges are launching dark pools this year. The apparent change in their stances on dark trading reflects a profound shift in equities markets.
After contentious Opra upgrades, vendors brace for a faster future
Upgrades to the datafeed widely used to gauge the current market price for options contracts went into effect in February after three separate delays, which market participants say were caused by persistent bandwidth issues at some important recipients.
The IMD Wrap: No more turf wars, or why CDOs should heed the Voice of the CTO
Max reviews how our recent Voice of the CTO series has implications for those beyond a firm’s technology function, and how communication and collaboration between tech, data, and leadership will deliver better results.
Dark horse: Deutsche Börse building dark pool
New functionality allowing exchange members to execute sweep trades comes hot on the heels of European rival Euronext launching its own dark pool.
Waters Wrap: The tough climb for startups
Anthony speaks with two seasoned technologists to better understand why startups have such a tough time getting banks and asset managers to sign on the dotted line.
European firms prime for lopsided settlement in North America and at home
With T+1 imminent in North America and increasingly likely to traverse the Atlantic, operations and trading professionals in Europe are fighting on two fronts.
Most read
- Women in Technology & Data Awards 2024: All the winners and why they won
- Witad Awards 2024: Above and beyond award (vendor)—Susan Bennett, Tradeweb
- Fighting FAIRR: Inside the bill aiming to keep AI and algos honest