Large hedge fund fleeced, after crooks derail high-speed trading and exfiltrate trade data

Financial Services

The assault began when hackers sent a "spearphishing" email—a seemingly innocuous message that, when opened, inserted malicious software onto the financial entity’s servers. The bogus emails looked like they were about the capital markets industry, to make it more likely that the hedge fund employees would click on them. 

The malware crippled the fund’s high-speed trading strategy and sent information about its trades to unknown remote computers, according to security firm BAE systems.

Technicians at BAE Systems stopped the intrusion and declined to name the customer.

“At first, the firm noticed that its algorithmic trading strategy—a computer-based trading system that depended on high-speed trades—had suddenly become ineffective,” CNBC reports. “The traders discovered an unexpected lag time between when they were issuing trade orders and when those orders were executed. The delays the attackers added to the trading software ranged from hundreds of microseconds to the low-single-digit milliseconds. BAE's analysts concluded the attackers were trying to create tiny delays in the hundreds of microsecond range.”

Simultaneously, the firm's IT staff observed abnormalities on their computer network—files being moved on the system in ways that couldn't be explained.

That’s when the fund hired BAE Systems to troubleshoot.

It was discovered the malware had been programmed to insert a random lag into the firm's trade order entry system of a few milliseconds. The malware also recorded the details of those orders.

Paul Henninger, global product director at BAE Systems Applied Intelligence, told CNBC, in an interview from London, that his company “does not know what happened to the trading data after it left the hedge fund's computers, but that the most likely explanation is that the intruders were able to reap significant profits from trades of their own in financial markets.”