Difference between revisions of "Team 12 Trading Computer Attack"
Chris DuPuis (talk | contribs) |
Chris DuPuis (talk | contribs) |
||
| Line 7: | Line 7: | ||
--[[User:Cmckenzie|Cmckenzie]] 11:39, 21 October 2005 (PDT)[Maybe interesting to think about, but disregard this comment to some extent - reread the question and it is specifically about computer used to trade stocks on NYSE] The cost of this is going to depend on what can be traded. For example, making inappropriate futures contracts would probably allow an incredibly large loss to be made, though there would be a strong argument that such contracts wouldn't be legally binding, meaning the outcome was only a small loss of efficiency within the market. If contracts can be made and (4) is done too, then, maybe, bigger trouble. That said, trades happen at two endpoints and are centrally recorded on exchanges, so it may be difficult to kill off the records. Also, if the attacker can cover their steps sufficiently well, the institution may be unable to prove that the trades were executed without authorisation. | --[[User:Cmckenzie|Cmckenzie]] 11:39, 21 October 2005 (PDT)[Maybe interesting to think about, but disregard this comment to some extent - reread the question and it is specifically about computer used to trade stocks on NYSE] The cost of this is going to depend on what can be traded. For example, making inappropriate futures contracts would probably allow an incredibly large loss to be made, though there would be a strong argument that such contracts wouldn't be legally binding, meaning the outcome was only a small loss of efficiency within the market. If contracts can be made and (4) is done too, then, maybe, bigger trouble. That said, trades happen at two endpoints and are centrally recorded on exchanges, so it may be difficult to kill off the records. Also, if the attacker can cover their steps sufficiently well, the institution may be unable to prove that the trades were executed without authorisation. | ||
| + | |||
| + | --[[User:Chris DuPuis|Chris DuPuis]] 23:34, 23 October 2005 (PDT) Divide this into buying stock and selling stock. | ||
| + | |||
| + | Any of these attacks could be used to reduce public confidence in the trader, and ultimately in the stock trading system, if used in enough high-profile cases. | ||
| + | |||
| + | '''Buying stock''' | ||
| + | Could be an attack on the finances of the investor or the trader. It could also be a means to funnel money to other parties (including terrorists), either directly to the seller of the stock (maybe an IPO company), or indirectly by temporarily raising the price of the stock. | ||
| + | |||
| + | '''Selling stock''' | ||
| + | Could be used to decrease price of a target stock (make unsuspecting shareholders sell off their shares). | ||
| + | |||
| + | |||
2. Failing to make trades when requested | 2. Failing to make trades when requested | ||
Revision as of 06:34, 24 October 2005
Back to parent: Team 12 Main
C. Trading computer
1. Making trades inappropriately.
--Cmckenzie 11:39, 21 October 2005 (PDT)[Maybe interesting to think about, but disregard this comment to some extent - reread the question and it is specifically about computer used to trade stocks on NYSE] The cost of this is going to depend on what can be traded. For example, making inappropriate futures contracts would probably allow an incredibly large loss to be made, though there would be a strong argument that such contracts wouldn't be legally binding, meaning the outcome was only a small loss of efficiency within the market. If contracts can be made and (4) is done too, then, maybe, bigger trouble. That said, trades happen at two endpoints and are centrally recorded on exchanges, so it may be difficult to kill off the records. Also, if the attacker can cover their steps sufficiently well, the institution may be unable to prove that the trades were executed without authorisation.
--Chris DuPuis 23:34, 23 October 2005 (PDT) Divide this into buying stock and selling stock.
Any of these attacks could be used to reduce public confidence in the trader, and ultimately in the stock trading system, if used in enough high-profile cases.
Buying stock Could be an attack on the finances of the investor or the trader. It could also be a means to funnel money to other parties (including terrorists), either directly to the seller of the stock (maybe an IPO company), or indirectly by temporarily raising the price of the stock.
Selling stock Could be used to decrease price of a target stock (make unsuspecting shareholders sell off their shares).
2. Failing to make trades when requested
--Chris DuPuis 21:32, 21 October 2005 (PDT) One possible motivation for failing to make trades would be to undermine investors' confidence in the trading house. If the Schwab computers reported errors whenever a particular large customer tried to make large trades, that customer would be unlikely to remain with Schwab for long.
Also, a program that introduces delays into transactions (which would be easily hidden in the background of unpredictable delays inherent in Internet processing) could be written. Such a program could delay particularly significant transactions for a few seconds, and signal a remote program that the transaction was about to take place. With the knowledge thata major trade was immanent, this remote program could buy (or sell) stock to profit from the inside information. (The signal could be something as untraceable as buying an unusual number of shares of some unpopular stock.)
3. Reporting incorrect information.
4. Failing to store records of trades
--Cmckenzie 11:39, 21 October 2005 (PDT)This is an interesting idea. Managing to undermine property rights within a trading system would be potentially very destructive. Interestingly, I have a contact with a risk management guy at a large scale funds management and consulting group, who told me that they keep more paper records than you would guess despite automatization, to fight this very problem.
