Book Read Free

Rogue Code

Page 5

by Mark Russinovich


  This was the first time Jeff and Frank had worked on-site together, and it was going well so far. Persuading Frank to join him at Red Zoya after Daryl’s departure had not proved as difficult as Jeff initially feared. Though Daryl and Frank were old college friends, Jeff had known the man nearly as long. There’d been years when he had little contact with Frank, though they’d met in person to compare notes and complain from time to time when they worked with the CIA. Their work was related, often overlapping, and if colleagues didn’t go around the bureaucracy occasionally, then nothing would get done.

  For a time, the two men had been on the same Company league ball team, where Frank played a competent second base. He was of average height and a bit thin. Both on and off the field, he was even-tempered and solid. He approached everything methodically.

  Frank had a background in technology, with a degree in computer science, and he’d joined the CIA after college. But instead of moving into computers, which were then in their relative infancy and not a priority, he worked as a field agent for seven years, employing his computer knowledge as a cover. Frank never spoke of his assignment much, but Jeff surmised that he’d been the real McCoy, trained in tradecraft. He’d been stationed in the United Kingdom and Spain, neither of them hot spots, and as a consequence spoke excellent Spanish.

  But Frank gave all that up when he decided to marry Carol, and a safer and more predictable life became a priority. Theirs was a happy marriage, and the couple had three young children. One measure of Frank and Carol’s close relationship with Daryl was that they had named their third and likely final child Daryl.

  Frank had done well when assigned to Langley. He worked just two years as a cybersecurity researcher with the Company while obtaining a graduate degree before becoming a team manager and from there moved further into technical management.

  At work, Frank’s personality and appearance caused him to blend in, to be forgettable, which must have been an advantage, Jeff decided, when he’d been a case officer. For all that, he had no problem pulling his own weight or standing up to other managers in the relentless internecine struggles that marked CIA bureaucracy.

  It had been the ongoing struggles for ownership of cybersecurity charters among various government organizations that finally wore Frank down. Once he became eligible for a pension, he was open to Jeff’s offer. When he put in his papers, he’d been serving as the assistant director of Counter-Cyber Research.

  More than once over the last eight months, Frank had mentioned to Jeff how little he missed the Company. The only part of his new job he disliked was the occasional travel assignments required of him. It might be a digital age, but some things still had to take place on-site. Direct access was especially common with highly secured companies. Though Jeff worked every day since arriving, Frank had squeezed in a weekend trip to his Maryland home.

  Jeff’s decision to remain on the job had been rewarded late yesterday morning, when the pair succeeded in positioning themselves for final penetration into the NYSE Euronext core operating system.

  Frank had turned to Jeff with a profound smile and said, “That was as thrilling an achievement as I’ve ever experienced with computers. No wonder you love this job so much.”

  8

  MITRI GROWTH CAPITAL

  LINDELL BOULEVARD

  ST. LOUIS, MISSOURI

  10:54 A.M.

  Jonathan Russo started over, trying to make sense of the incomprehensible. If his first pass was correct, the company was $16 million in the hole since the opening bell. Not only was that a great deal of money for Mitri Growth, but it also wasn’t supposed to be possible. The firm had experienced temporary, unanticipated losses previously, but never anything like this.

  In 2010, the NYSE Euronext opened its new trading hub in northern New Jersey, just across the line from New York State. Located at the site were the actual computing engines that formed the heart of the Exchange. The hub had been built to increase transfer speed, as most trades were now executed by computers rather than by individuals; to give transactions a greater measure of security, both physical and digital; and to increase profits.

  Though rather ordinary looking as a building, the 400,000-square-foot data center was a contemporary fortress. There was but one way into the windowless structure, and that entrance was located not at the street address but in the rear. Surrounded by a river on one side and a moat about the rest, the trading hub was invulnerable even to a car bomb.

  The visible building was an illusion, an outer wrapper that served much like medieval armor. Within it lay the actual structure. And while the hub’s physical barriers were formidable, augmented by skilled armed guards and bomb-sniffing dogs, every electronic security measure possible was in place as well.

  From this highly favorable location, the facility had ready access to any number of cybernetworks, along with two independent power grids. It also possessed its own backup electrical generator system. In fact, the facility had two of everything. An ever-increasing percentage of equities and options trading in North America was processed within its powerful servers. It was critical that it never fail to process them.

  The facility was also designed to provide a colocation opportunity for trading firms seeking high-speed access to its engines. In an arrangement known as proximity hosting, the trader pods were each twenty thousand square feet and cost millions, not including the significant ongoing access fees. With the first pods selling out before the hub opened, construction was already under way to provide another five. These housed entire computer ecosystems used primarily by hedge funds and trading firms. The proximal location allowed clients to conduct trades in microseconds, and in this industry, being first meant everything.

  The logic was simple: For every one thousand feet a hedge fund’s servers were distant from the Exchange engines, one-millionth of a second was added to a trade, the length of time it took light to travel that distance. The NYSE servers processed more than one million orders every second. Each trade required the acquisition and processing of data, then a return of the decision. The process was accomplished in microseconds, round-trip. Colocation offered traders a highly profitable advantage, which explained why the pods leased for such exorbitant sums, a significant income stream for the Exchange.

  The NYSE wasn’t stopping with hub expansion. It was also feverishly constructing a series of microwave towers from Manhattan to its operation in Chicago, more than seven hundred miles distant. Microwave technology allowed the transmission of data in 4.13 milliseconds, 95 percent of the theoretical speed of light. The chain of towers would replace the existing fiber-optic cables, which transferred data at just 65 percent light speed. NASDAQ already had similar towers in place. NYSE’s structures reduced latency by three milliseconds at a cost of $300 million, and were expected to be highly profitable.

  Mitri Growth had acquired a proximity pod in New Jersey, though its trading code was written at the office here in St. Louis. One of the beauties of high-frequency trading was that it could be managed from anywhere on earth.

  Russo glanced up at his team. They were feverishly at work to remedy the disaster still unfolding. Did he dare pull the plug? He was reluctant to do so before he knew what was taking place. But Mitri Growth couldn’t sustain a loss like this for long. The hedge fund catered to high-end investors. In fact, much of its $250 million came from the personal portfolio of the company’s Lebanese founder.

  But if Russo’s people could get this fixed before close of trading, there’d still be time to undo some or much of the loss. If the losses were real, that is. What he suspected, and what had thus far prevented him from acting, was the possibility of an aberration created by the new algo the team launched. The computers stated that Mitri Growth was losing money, but they might mistakenly be reporting a freakish reaction to the new software, not actual trades involving real money.

  His chief assistant, Alexander Baker, had first proposed the possibility to Russo earlier in the day, when they discovere
d that the trouble came from the test code of the new program. His team was acting on the assumption that the test code had somehow activated in the production system, where it discerned the actual trades, but was reporting back to them using one of the fictitious scenarios embedded within it. The team was testing each of those in an attempt to confirm their hypothesis.

  In the meanwhile, Russo’s computer continued to claim that Mitri Growth was hemorrhaging capital. He looked at the wall clock with a sinking heart. If they were wrong, if this loss was real, they were running out of time to recover.

  After eight years with Jump Trading in Chicago, Russo had joined Mitri Growth the previous year and assumed supervision of its ten-person programming team. He arrived right after the founder had taken the step of acquiring a proximity hosting pod at the NYSE Euronext hub.

  Jump Trading was one of the earliest companies to migrate to electronic trading on the old New York Stock Exchange. Known for its cutting-edge algorithmic trading, the company had established itself as one of the founders of the new digital trading world.

  With a Ph.D. in computational mathematics, Russo had worked in creating the algos, as they were commonly known, that generated the company’s profits. He’d enjoyed the work, but in his view, too much of what he devised had been vetoed as too risky. Jump, he’d discovered, was too conservative for his taste. He couldn’t understand the persistent aversion to a higher level of risk, which made possible far greater profits. He should have been a very wealthy man by now, rather than one with just a few million. The challenge, and profit sharing, Mitri Growth offered had been the career change he was searching for.

  The founder of Mitri Growth wanted cutting-edge code to exploit the company’s recent, expensively acquired proximity advantage, but more than that, he’d challenged Russo to discover new ways to leverage capital out of the Exchange. The assignment was entirely possible, and Russo was eager to discover the next clever means to achieve his mission. The best part had been the founder’s willingness to run with Russo’s instincts in crafting algos.

  Traditionally, stock trading took place in a pit. Sellers stood there, offering stock at a certain price using hand gestures; buyers either bought or didn’t. The price was constantly fluctuating in the pit, in sight of everyone. With the introduction of computers, all that had changed. Stocks were no longer bought and sold at a public location by traders. Now the work was done by machines. As late as 2005, 80 percent of all stock and equity trades were still executed at the New York Stock Exchange, but computers allowed those trades to complete not just more quickly but also remotely. The pit could be anywhere. The consequence was that by 2009, just 25 percent of all trades originated at the Exchange; the rest occurred within alternative trading systems known as ATSes.

  That was the primary reason for creating the New Jersey hub, and for giving key traders such as Mitri Growth favored access. The Exchange needed this not just to stay profitable, but remain relevant as well. Already, similar Exchange hubs were opening or under construction around the world. Forty global “liquidity hubs,” as the Exchange preferred to call them, were planned. A major hub in Basildon, east of London, was already operational and linked.

  Despite public statements to the contrary, the key to all the NYSE expansion was the high-frequency trader, or HFT. Initially, computers had introduced greater efficiency into an aging system, but it wasn’t long before the bright code writers known in the industry as “quants” began figuring out ways to take advantage of a computer’s ability to process enormous amounts of information at inhuman speeds. Once they inserted the code authorizing a machine to buy and sell when specific conditions existed, without human interaction, it functioned like a moneymaking robot. High-frequency traders now accounted for most of the action reported on the Exchange.

  As in sports competitions, when it came to high-frequency trading, speed made up for shortcomings. If one performed enough transactions fast enough, one didn’t necessarily require the best code. Volume and speed compensated for minor missteps. Still, those with superior code, preferred access, and the most powerful engines made the most money.

  At heart, HFTs were profitable because the computers knew the trading price of a stock anyplace in the world at the same instant and simultaneously compared it to the options price. Then, with lightning speed, they bought and sold on any detected difference before the Exchange’s trading computers could adjust for price fluctuations. One of Russo’s young designers had crafted an elegant bit of code that gave Mitri Growth the ability to predict the options price just ahead of its competitors, based on dozens of inputs and trends from across securities and exchanges. That was the algo they’d launched just after midnight with such high expectations.

  The unspoken truth about HFTs was that they worked very much like a Las Vegas or Atlantic City casino, which takes a piece of all the action. It didn’t matter to Mitri Growth if the market went up or down. It could ride a stock up, or short it on the way down. What counted was the action, because Mitri Growth’s algos were structured to make money either way. It was not unusual for an HFT company with as few as thirty employees to earn a net profit of $1 billion. That was Mitri Growth’s target with Russo’s new algo program. But, as in a poker game that required a high stake to compete, money could be lost as quickly as it was won.

  And that’s what Russo was seeing—if the downturn was really happening.

  Just then, Baker walked up. Tall and prematurely balding, his chief assistant had elected to trim his hair and grow a goatee to compensate. “Well?” Russo asked.

  “We’ve ruled out the test code.”

  “So the new algo isn’t performing in production the way it did in simulation.”

  “It doesn’t seem to be.” Before launching a new algorithm, Mitri Growth fed it current market data to see how it would have reacted in the past. Though not a perfect predictor of future success, it was the best validation the team could perform before letting a new version out to compete with everyone in the real world. Still, a slight unanticipated pattern and coded protections could cause the algo to become unstable in practice.

  “So what’s different now?” Russo asked.

  The senior programmer shook his head. “We have no idea.”

  “So you’re telling me these trades are real?”

  “I’m afraid so.” Baker cleared his throat. “We have to shut down, Jon. Then regroup. It’s going to take days to figure this out and fix it.”

  “All right!” Russo snapped. “Take us off.” He buried his face into his hands and slowly exhaled. He had to tell the founder. “How much?” he asked without looking at the screen, struggling to control himself.

  “Twenty-three million. Hey, it could have been a lot worse.”

  9

  TRADING PLATFORMS IT SECURITY

  WALL STREET

  NEW YORK CITY

  11:13 A.M.

  From the day they started with this project, Jeff and Frank had enjoyed playing hacker. It was one of the more satisfying aspects of their job, especially when they succeeded. “This is the New York Stock Exchange,” Frank had said when Jeff told him about the engagement in their D.C. office. “Do you think we can do it?”

  “My bet is that we can. No matter how much a company depends on computers, no matter how big it is or how solid its reputation, its software and network are so complicated, the demands to make the process responsive to the market so great, that there are cracks everywhere. If we probe long enough, we’ll get in.”

  “That’s a little unsettling. This is a major cog in the world financial system we’re talking about.”

  “Yes, it is.”

  They launched the pentest by casing the network from their low-privileged workstation. Jeff ran his own tools to develop a map of the systems in the network, looking to obtain as much information as possible from his position as an outsider. Once that step was completed, he ran other tools, attempting to connect to the systems at the ports used by standard system softw
are and applications. He observed and carefully examined the responses he received. Even error codes returned when his attempts were refused revealed information, if nothing other than what software version was running, along with a few configuration details.

  While Jeff was doing that, Frank trawled the Exchange’s intranet directory, following links to the connected Web sites and scanning documents for tidbits of useful intelligence relating to the jump servers. He located a year-old document for the Universal Trading Platform, or UTP, which contained lists of names and user accounts for the team that deployed trading software to the New Jersey engines.

  The UTP was designed to support all trading scenarios with submillisecond response time known as latency. The platform was integral to the Exchange’s functionality and capable of being expanded as necessary. It also allowed outside parties “easy integration” within the NYSE Euronext global marketplace, which meant traders could pursue an endless variety of strategic initiatives of every type.

  Frank was amazed at the lax approach to a system so essential to the world’s financial security. He had anticipated that the system would be accessible only to NYSE Euronext’s most trusted software engineers. Instead, many of the major traders had all but unfettered access. It was like a bank allowing its biggest customers to play around with its software to make things easy on themselves.

  The consequence was that high-frequency traders typically tested new algos, live, on the Exchange, in secret. More than once, they were believed to have nearly caused a catastrophe. For one week, a mysterious computer program had placed orders, then canceled them before they were executed. Those algos made orders in twenty-five-millisecond bursts involving some five hundred stocks. In so doing, the program occupied 10 percent of the bandwidth allocated for the Exchange, certainly shutting out legitimate traders, just to test software in real time. That seemed to Jeff and Frank an unacceptable risk, but it was routinely permitted.

 

‹ Prev