Software dev cuffed for 'nicking proprietary financial trading code' FBI agents have collared a devops engineer accused of stealing rifling through colleagues' user accounts and stealing proprietary stock trading software. Since 2010, Zhengquan Zhang was employed by New York finance house KCG that makes billions of dollars in trades a day via sophisticated algorithmic trading models and trading …
I wonder how much of that code ended up in the hands of foreign nationals?
Foreign to whom? Your foreign national to be feared and shunned may be my compatriot to be feted, not fettered.
Or in fact she may be both, if you just happen to be a right kind of a dual national ... nationality is very poor base to prop your loyalties upon these days.
"Zhengquan Zhang. Devops Engineer ... Current. KCG Holdings, Inc" ref
"a New York finance house that makes billions of dollars in trades a day via sophisticated algorithmic trading models and trading platforms"
A cobbled together smorgasbord of code borrowed from Open Source ..
Bishop..
My thoughts exactly,it's a bloody simple little operation that the software has to do,any half competent coder could do it,possibly not as efficiently but I bet if we ever got a good look at their so called propriety code it's as you say,open source or simple stuff dressed up with loads of crap to look impressive for the bosses and to confuse folk..
It doesn't have to be good or fast,if it's a major trader then they used their bribe money years ago to buy direct access to the tradeing system,the only thing that gives them an edge over everybody trying to do the same thing...
Why would you the millions of liners of code to do a clue of simple,repetitive jobs ?
The real working code will be a few thousand lines,the rest is plumping out crap..
If their I.t boys are anything p ke the ones I have met,they probably can't tell the difference even if they had the code to examine,I have found them to be pig ignorant entitled time fillers,who get upset when you ask them to explain,even roughly what all the code does,seeing as how simple a task it's doing...
tedleaf: "If their I.t boys are anything p ke the ones I have met,they probably can't tell the difference even if they had the code to examine,I have found them to be pig ignorant entitled time fillers,who get upset when you ask them to explain,even roughly what all the code does,seeing as how simple a task it's doing..."
- Maybe, but I'll bet they could write English properly.
"You must be right. I'm sure that it's child play to make millions by placing automated trades on the stock market."
Technically it is very easy. The barrier to entry is the astronomical cost of data feed access and ludicrously low latency connectivity to said feed.
Actually performing the maths and logic is simple. Theres even a PHP module for it (PECL Trader) that covers pretty much all of the widely used indicators. Basically if you can chart it, you can turn it into an algo.
I suspect the guy was after the "herbs and spices" not the "meat" here.
Trading algos can be extremely simple or extremely complex. The hardest part is determining your entry point.
Most trading algos ive come across always fuck the opening trade. Mastering that is very hard indeed.
Incidentally short term high frequency trading is a lot easier than standard day trading too since you're less exposed to the possibility of news / events screwing your trades.
The simplicity of automated trading / technical analysis is one of the dirtiest secrets of the trading industry protected by massive financial walls and misinformation.
Incidentally short term high frequency trading is a lot easier than standard day trading too since you're less exposed to the possibility of news / events screwing your trades.
It is only easier if you can get your trade off before the next guy steals the opportunity. HFT operates on extremely tight pricing whereby the fastest operator picks up virtually all the pennies and the rest feed off the scraps. So whilst it may seem easy the difficulty is outside the classroom where the rubber meets the road.
I say automated man-in-the-middle attacks.
Actually the code is likely to be very complex because what hedge funds do is not simple (otherwise people would spot what was happening).
The myriad of different trades hedge funds make on basically every stock on the exchange (all of which seem to be able to be cancelled without executing and therefor having to pay any money) act as a test language on the state of the market moment by moment.
And by that I mean what they swoop in, buy enough of at a slightly better price then sell on to the actual customers.
So the algorithm is roughly
1) Generate trades
2) Build map of what's being bought
3) Buy what's being bought by offering a slightly higher price
4) Sell on to the actual buyer.
Obviously this only works "in the moment" hence the obscene amounts of money they will spend to put their servers as close as possible to the servers of the stock exchange they are using to rip real traders off from and their fondness for proper compiled languages running close to the metal with minimal cruft. Running a language parser that sophisticated (and keeping it running as they come up with new trades to probe the market) is indeed a skilled job.
It's interesting how quickly one of these giant-to-big-to-fail "institutions" goes down the pan when they actually have to honor their trades (as happened a few years back).
Most of the "as close to the exchange" stuff is gone since the advent of co-lo which earns the exchanges big $$$$. There can still be shenanigans around "where in the room" your servers end up but the distance part is mostly solved. The main areas seem to be getting your indicators faster (various methods depending on market - layering, public vs private feeds etc) and making your quoting and execution as sharp as possible (hit "bad" quotes without getting picked off yourself).
If you're referring to Knight Capital with that last statement they failed because they fucked up royally with a system release.
"makes billions of dollars in trades a day via sophisticated algorithmic trading models"
Whats the point of this again?
Does the entire finance industry do anything to benefit the "general effort" ?
people say "ooh yes they look after our pensions , help our savings grow" . well thats pretty short sighted . that is not seeing the big picture , thats only necessary because of the finance industry / system.
They dont CREATE anything , just tweak the system to wring money out . nothing useful is produced.
Therefore WE are doing their share of the actual work, and they are living like rock stars .
'oh we "stimulate" the economy and create jobs..' bullshit
People look at money as the be all and end all ,and lose sight of the fact that everything we have has to be built, worked for and created by people. Money is just a way of measuring that -therefore getting money for free is cheating. Its giving the finger to everyone else and saying "fuck you , i'm going to sit here in the sun, whilst the rest of you do the work".
And yet the more money you get, and therefore the more time and energy you have managed to con other people out of, the more respected you are.
If you can find the Mitchell & Webb sketch:
Job justification hearings: Currency speculator
That kinda sums it up.
It'll all change when I come to power .....
Does the entire finance industry do anything to benefit the "general effort" ?
...
They dont CREATE anything , just tweak the system to wring money out . nothing useful is produced.
It is always nice to see a consistent marxist around. While this is a sound economic and sociological position, and I do agree with a lot of what marxist economic theory has to say, my objection to marxism as the guiding principle of the social and economic practice is very simple, and very personal:
I am, and will always be, a denizen of the surperfluous and frivolous superstructure.
Moreover, nearly everybody I know and like belong to the same useless class of parasites, who contribute nothing material to the society, choosing instead to fill flimsy pieces of paper (and, increasingly, even more insubstantial magnetic domains, charge clouds trapped in tiny bits of silicon, and puffs of electrons whizzing down the wires and flashes of photons briefly illuminating whiskers of fused silica) with words and symbols meaningless to most real men working at the coal face to keep me fed, clothed, and supplied with various chemical substances used either recreationally or to prolong my miserable and pointless existence.
In fact, more than 90% of the members of industrialized societies no longer produce anything of direct material value, and live off the labours of the remaining 10%. Or, at least, this is what marxist economic theory tells us.
I therefore refrain from casting my stones at fellow parasites, however sorely tempted I may be at times.
So I think the bit your missing is understanding what it is they are trading - shares and bonds are ways of injecting cash into a company, which allow the company to invest in new projects that they otherwise wouldn't have the capital for.
The whole point of the financial markets is that they provide a way (actually a number of different ways) for companies to obtain money, which they can then invest (in things like R&D, expanding to a new office, inventing a new product).
And how much of the money obtained at the IPO actually ends up in the company issuing the shares; and how much of that ends up in actual R&D?
How much of the money generated by trading those shares after the IPO ends up in the company that originally issued the shares; etc. etc.
... and don't even get me started on derivatives.
Yes, companies need to raise money in order to grow, and one way to do so is to issue shares.
The problem is, the larger part of the financial markets has become stictly self-serving.
Rather by accident I looked into oil a couple of years ago and was quite surprised to find, that at any given time, for each barrel actually pumped from the well, transported, refined and consumed, anything between 5 to 15 barrels were traded... The principle is entirely transferrable.
A common misconception amongst people who make their money dealing these things.
The people who bought stocks or shares (depending on what side of the Atlantic you're on) from the company contributed directly to the company. If you could have bought Amazon stock from Amazon that would have gone into their corporate reserves. If you bought them from Jeff Bezos that went into the "corporate account" of J. Bezos.
Other than direct purchases from the company you just bought a share in the company that entitles you to a share in their profits, or a vote at their AGM. If you're really dumb you've bought shares that offer neither then you've bought on faith either they will never go down and so make a safe investment or plan to off load them on some other mug investor as soon as the price goes up.
This is why a company like say Inmos could be sold by its owner (the British Govt) but end up with FA, because the funds did not go to them, they went to the government of the time.
This may make people think world stock markets are basically giant casinos where "investors" bet on wheather a stock will rise or fall and that it may rise or fall based on absolutely no change in the financial well being of the company.
You'd be absolutely right. And like all forms of gambling the betting shops (nearly) always make money regardless of wheather the stock goes up or down.
Except that unlike Coral or Mecca if they f**k up they get the USG to bail them out.
The *initial sale* of stocks and bonds pumps money to the company that needs to raise capital.
The selling and re-selling at tiny margins hundreds of times a second does nothing at all for society or the original capital seekers. It's just enriching a few at the expense of the money.
Yes they do spend some of that money on Bentleys, yachts, watches, drugs, and hookers, but at the high end it's just pathological money hoarding.
Time for a transaction tax.
No this will not work as expected.
But a transaction "time filter" that means you have to hold the share (I'm talking 1 whole second here, which normal people would barely notice).
But OMG that would mean a share could only be traded 86400 times in 1 day.
Which for most people would seem to be enough.
So I think the bit your missing is understanding what it is they are trading - shares and bonds are ways of injecting cash into a company, which allow the company to invest in new projects that they otherwise wouldn't have the capital for.
That's long-term investors, and it's a good thing that we have a few of them left.
What does it benefit a company for a trader to own some stock for a fraction of a second, creaming off a profit by exploiting moment-to-moment fluctuations in the share price?
Vic.
There was a case reported in Vanity Fair some years back - the big tip for the Feds was that the program was working with a “subversion repository” ...
http://www.vanityfair.com/news/2013/09/michael-lewis-goldman-sachs-programmer
Remember that these financial analysts refer to themselves as the "Smartest People on Earth" - but they keep losing their marbles ...
> I do wonder if there is a non-draconian way to mitigate for that risk.
Code reviews.
Specifically doing code review before deployment to production. For such an attack to work, you would have to have the reviewer and the developer working together. It goes from a "lone wolf" type attack, to one where you need a conspiracy amongst multiple people in the chain for it to be possible. It increases the chances or slip ups/detection or someone pulling out and exposing the others involved.
Plus, in addition to spotting backdoors, code reviews can sometimes aid in detecting bugs the other dev didn't notice/see/test for, and can be a good idea to do anyway when doing dev work.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
