If a TBTF Bank Lost Its Quant Code to Chinese Hackers and No One Knew, Would We Still Have a Functioning Market?
Bloomberg has an excellent catch from the HB Gary emails, revealing that Morgan Stanley was one of the 20-200 companies targeted by the Chinese-based Aurora hack in 2009.
Morgan Stanley experienced a “very sensitive” break-in to its network by the same China-based hackers who attacked Google Inc.’s computers more than a year ago, according to e-mails stolen from a cyber-security company working for the bank.
The e-mails from the Sacramento, California-based computer security firm HBGary Inc., which identify the first financial institution targeted in the series of attacks, said the bank considered details of the intrusion a closely guarded secret.
“They were hit hard by the real Aurora attacks (not the crap in the news),” wrote Phil Wallisch, a senior security engineer at HBGary, who said he read an internal Morgan Stanley report detailing the so-called Operation Aurora attacks.
As McAfee made clear when it first announced the hack, the hackers were after the targets’ intellectual property (though note the understanding of the timing of the hack has changed).
Similar to the ATM heist of 2009, Operation Aurora looks to be a coordinated attack on many high profile companies targeting their intellectual property. Like an army of mules withdrawing funds from an ATM, this malware enabled the attackers to quietly suck the crown jewels out of many companies while people were off enjoying their December holidays.
Now, Bloomberg–with backing from an FBI officer and a reminder that Morgan Stanley is the world’s larger mergers and acquisitions adviser–seems to be most concerned about what the hackers learned about impending M&A.
FBI Deputy Assistant Director Steven Chabinsky said that hackers have increasingly targeted information related to mergers and acquisitions, data that can give companies involved an advantage in negotiations.
But the description of the targeted information as IP immediately made me think about quant code, the algorithms that banks use to conduct high frequency trading. When Sergey Aleynikov attempted to sell Goldman Sachs’ high frequency trading code, the Goldman and the government treated it like a capital offense. For good reason, because if another firm got that code, it would be able to game out Goldman’s moves. So how do we know that these hackers didn’t steal MS’ quant code?
In any case, the hack seems to raise real questions about disclosure. Should Morgan Stanley have had to reveal this to its stockholders and potential M&A clients (remember that MS led GM’s IPO last year, though hopefully long enough after this hack for the merger not to be exposed by it). Should MS have had to reveal this–with the potential implications for markets–to Congress? Did it?
I just can’t help but think that the Aurora hackers may well have gotten the same kind of information that Congressional oversight committees have requested from the Fed, but were refused.
Yes. China is too far away to use high freq trading effectively. OTOH, it would suck for MorganStanley.
How so? Just computer speeds? Why couldn’t they deploy here?
And wouldn’t MS have code specific to the Nikkei?
High frequency trading works best when your network is very close to the exchanges. It depends literally on milliseconds of advantage. The big investment banks have effectively locked out any competitors by monopolizing the close network connections. I’m talking about close both in terms of physical distance and router hops which are the two big delays involved. To be really effective at high freq trading, you need massive computer power (easy for anyone to obtain), the clever code (harder, but not impossible), and a direct network connection into the exchange (which is how the insiders keep others out).
And Shanghai doesn’t matter bc it’s a crap market?
Precisely, and Hong Kong, Tokyo, Singapore….
Surely, Shirley, physical distance is irrelevant and China has the resources to mobilize programs from anywhere in the world under any variety of assumed identities.
I now see your point about milliseconds and attributes of distance, but I think my second point stands.
My first thought when I began reading your post was about Sergey Aleynikov(although I could not remember his name).
I have always wondered if there was any nexus between his activities and those of the ten Russians that were arrested last summer.
The Chinese hacking (Night Dragon, Aurora, etc.) reminds me of Samuel Slater (you can google him).
Don’t worry so much about what they got, worry about what they’re getting. If they have M&A data, it’s old and they apparently didn’t act on it enough to attract attention. And you can bet MS was looking.
But if they were in far enough to get that sort of stuff, they were in far enough to make themselves a key to the backdoor.
And you may be looking at it from the wrong direction. Yes, an American with the Quant code would be looking to use it to make money. A Chinese government hacker would be looking to use the code to crash the market. All they need to know is the When To Sell algolrithm. They don’t even need to hack the code, just use their stock, bonds, and cash to create a computerized sell off.
Boxturtle (Another reason to ban program trading)
Yeah, the HB Gary emails make it pretty clear that MS continued to get persistently hacked all the time, though there’s nothing to suggest it was getting that deep into their networks.
All the more reason to slap a per-share tax on high-frequency trading.
Or, to make it simple, all trading. The true “investor”, i.e., Mr. or Mrs. Buy-and-hold, wil hardly notice payng a penny or a nickel or dime per share, when they buy them once and hold the stock for months or years. The knuckleheads who do the high-freq will have to pay the freight for the damage their habits do.
And, no, I suppose this whole episode does not make Jamie Dimon any less of a savvy businessman.
I totally agree on the tax. Also, I’m trying to decide if negative savviness is a viable conceptual model…
I think this is exactly where the long-standing capital gains pushback comes from.
Pardon the interruption: USSC has ruled “that corporations have no right of personal privacy to prevent the disclosure of documents under the federal Freedom of Information Act.” LINK.
As I understand it, that was the only known instance of a corporation asserting 7C on FOIA. It’s application is VERY limited.
Thanks for the explanation.
I think the point about disclosure to stockholders some depiction of the extent of the incidents an interesting question. Also, on the tech side, what*s the fastest fiber bandwidth from Chicago to nyse now? I think Schapiro*s government commission has enunciated some policy of vigilance fairly recently, in the introspective aftermath of the microcrash quite a few months back. Without knowing the technology to much extent, the current controls look, to me, like some kind of quantum physics array of mandated suspensions, if I recall the policies I read in the newspapers last year following that insta-microcrash incident. Maybe the way SEC could approach getting the key exchanges to regulate nanosecond trades would be invoking the tax or surcharge when instatrades begin to generate fluctuations approaching each quantum boundary. In a way, it is kind of humorous, that the old paper copy 10K, and 10Q, themselves are rendered fairly moot by the sheer rapidity of the insta-trading. It*s always fun to watch the stock around the time of the investor conference calls six weeks following the close of a company*s quarter. Then again, there are the prospecti, which are elevating reading if one has studied the more staid 10K and 10Q sequences. I do not see SEC and the exchanges developing robo-interpreters of what*s in those key documents as part of a watchdog algorithm for particularizing an instantaneous invocation of the *tax or surcharge* per nanosecond trade, but I imagine lots of Excel tabbed documents laying the foundation for many of those algorithms, constantly tweaked by market specialists. I can see the incentive, as well, for foreign nations with liquidity to peer thru the public reported statements into the actual valuations m+a attempt to develop as an insider way to grasp trends and anticipate advantageous positions. Let*s see, what*s a nanosecond instatrade decoy sting gonna look like. If Einstein were still around in person, he probably would be working on the math for the next system, one which could exclude the pesky speed of light. Fiber is so interminably slow.
related-ish: Former Goldman Sachs board member Rajat Gupta is being accused by regulators of passing along inside information about the bank to a prominent hedge fund manager.
If I was an elite super-genius TBTF bank executive (except, you know, smarter) I might lose a bit of sleep worrying about the Chinese, but I’d have to seriously be sweating the fact that the proximate source for this leak now being splashed across Bloomberg’s RSS was the confidential personal email dump of the “experts” they apparently rely on for security. At least the Chinese would presumably keep anything they uncovered nonpublic for their own private exploitation…
Who names these things? I was stuck on Anaconda before, now I’m thinking — “Aurora”? Imagine Charlie Chan saying that. So I went to wikipedia:
There’s also Aurora Plaza (a skyscraper in Shanghai), Aurora Technology (a subsidiary of Shanda, a major Chinese operator of online games…publishes (MOTU alert)the MMORPG King of the World), and (ahoy!) the HMS Aurora, a British light cruiser sold to the Nationalist Chinese in 1948, renamed the Chung King, whose crew defected to Mao’s People’s Liberation Army in 1949, renamed Tchoung King, then sunk by the Nationalist Chinese, then raised by the Russians… etc. Wait, a second (or first) HMS Aurora, took part in the Boxer Rebellion in 1901, aka “The Righteous Fists of Harmony,” opposing Western imperialism with grievances like opium trading, missionary evangelism and unequal treaties. Wow, the more things change… Boxers = English translation for fists — ! I did not know that! Ok, I’ll stop.
So, is there a British connection to the Chinese hackers?
TVT,just for fun, google up Aurora..lots of interesting info regarding northern latitudes.
Even more synchronistic is the introduction of the terminology themis in the entry. Now where did I hear that word before..wasn’t it in relation to HB Gary…or am I mistaken?
Even Jung would be impressed with the synchronicity,imho.
And for an encore, Giggle up…oops… I mean Google up Themis…
A Titan Goddess of law and order…WTF??
I thought you were laughing at me. It’s ok, I laugh at myself all the time. But first google I clicked into:
Satellites? Rockets? Funky website, no date for the entry — wait, it’s in the URL: http://www.spacesafety.org/2010/05/07/aurora-dance/
Hey, I’m for justice, even if it has to come from NASA and the great beyond.
Wait, Aurora justice launched right after cyberattack?
Engrish?
Designated hippie?
Berkeley:
http://ds9.ssl.berkeley.edu/themis/mission_mystery.html
Five satellites launched February 2007.
http://www.windows2universe.org/earth/Magnetosphere/aurora/aurora_themis_gsfc.html
NASA’s Themis page: http://www.nasa.gov/mission_pages/themis/main/index.html
Repurposed in 2010! Now named Artemis (= Apollo’s twin, the goddess of hunting, wilderness and animals … aka Diana — I KNEW there was a British connection! :-)
I googled hbgary and themis and came up with some links, but then I resorted and lost it, but meanwhile — the House of Representatives has engineers that HBGary’s giving of an overview of Responder Pro to? “They like what they see.” (??)
http://hbgary.anonleaks.ch/aaron_hbgary_com/1130.html
HBGary/Themis — Themis is a partnership, Team Themis (Palantir-Berico-HBGary)
— Themis – corporate campaign work
http://hbgary.anonleaks.ch/aaron_hbgary_com/2000.html
— another one — union membership lists?:
http://hbgary.anonleaks.ch/aaron_hbgary_com/9228.html
Subject: Team Themis Cost Proposal – Phase I
— more Themis-HBGary e-mail links here:
http://hbgary.anonleaks.ch/aaron_hbgary_com/index_f_d_29.html
— Ha, an Aurora Report on the same page as Themis links
http://hbgary.anonleaks.ch/aaron_hbgary_com/8801.html — synchronicity
And in today’s news, on Salon — of course, I see this is EW’s next diary:
Well, considering that HBGray was marketing to the House of Representatives engineer CISO Brent Conran in @29, maybe they should look to themselves and ask some questions — e.g., link Responder Pro, link BigFix
WOW,TVT …that’s some amazing info there.
I suppose what got me was the irony of using a Greek figure that denotes justice,for the less than just intentions of Team Themis,as indicated in letter above.
Calls to mind Cerberus…but that’s a whole ‘nother kettle o’ fish for some other thread.
Thanks Gg, I was feeling pretty embarrassed at the end of my googlewander, wasting everyone’s time and ew’s good space. But, having slept on it, I’m kind of back to where I started. Why Aurora? Why Themis? Why Artemis (what a tortured acronym)? The most interesting reason given is for Aurora, that it’s in a computer file path name — makes me wonder why. Maybe that’s how McAfee knew it was Chinese, maybe it’s Aurora Technology. Or maybe it’s a way to finger somebody. I think I’ll put Cheney or Rumsfeld in all my file path names and then either they’re done for, material support, or I get a free hall pass. And goddess Themis, unprejudiced and strong — whoa, who’s going to be prejudiced about what makes an aurora work? Dancing auroras call for burning justice? NASA, what’s up with that? Is this like naming hurricanes, Greek god/goddess names all have a turn? I mean that still looks like a code name for something else to me because the reason given is so huh? Keep in mind I’m stupid and ignorant.
But you were right, HBGray does have an Aurora cyberattack link — it did a report on it.
As for choosing Themis the Goddess of Justice as their dirty tricks team name… damn. Team Themis was the subcontractor wannabe of law firm Hunton & Williams, subcontractor of Chamber of Commerce, to whom DOJ contracts out its illegal work (do I have the law begets bastardry right?). Is this like our torture ship USS Bataan, named to honor the servicemen/prisoners tortured at Bataan in WWII? Is this like subverting to torture teaching the SERE school on Coronado named after James Stockdale, our tortured Vietnamese hero? Is this like naming our war of terror “War on Terror”? And PATRIOT. Spit. It’s all Orwell. I am constantly reminded of poet Wendell Berry’s phrase about the world being babbled to pieces.
Amen.
I once read that Picasso was asked what he thought of computers(which were quite new back then).
He replied,”Not much. They can only answer questions. The genius is in asking them (questions).”
I am always amazed at your sense of wonder..even when you may think you wander.Please nurture that ..its a gift…and thank you for sharing.
This is absolutely true. I try to practice asking the right question whenever possible. Wonderful things can happen. And BTW, to ask a good question, you definitely do not need to know the answer.
Bob in AZ