Security → Mysterious Algorithm Was 4% of Trading Activity Last Week

A single mysterious computer program that placed orders — and then subsequently canceled them — made up 4 percent of all quote traffic in the U.S. stock market last week, according to the top tracker of high-frequency trading activity. The motive of the algorithm is still unclear.

The program placed orders in 25-millisecond bursts involving about 500 stocks, according to Nanex, a market data firm. The algorithm never executed a single trade, and it abruptly ended at about 10:30 a.m. ET Friday.

“Just goes to show you how just one person can have such an outsized impact on the market,” said Eric Hunsader, head of Nanex and the No. 1 detector of trading anomalies watching Wall Street today. “Exchanges are just not monitoring it.”

Hunsader’s sonar picked up that this was a single high-frequency trader after seeing the program’s pattern (200 fake quotes, then 400, then 1,000) repeated over and over. Also, it was being routed from the same place, the Nasdaq [COMP 3067.33 -45.02 (-1.45%) ].

The network slowdown was one of the first clues that something was amiss at GunnAllen Financial, a now defunct broker-dealer whose IT problems were only a symptom of widespread mismanagement and deeper misconduct at the firm.
It was the spring of 2005. Over a period of roughly seven business days, traffic had slowed to a crawl at the Tampa, Fla.-based firm, which had outsourced its IT department to The Revere Group. GunnAllen's acting CIO, a Revere Group partner, asked a member of the IT team to investigate.
Dan Saccavino, a former Revere Group employee who at the time served at GunnAllen as the IT manager in charge of the help desk, laptops, and desktops, says he and another network engineer eventually pinpointed the cause of the slowdown: A senior network engineer had disabled the company's WatchGuard firewalls and routed all of the broker-dealer's IP traffic--including trades and VoIP calls--through his home cable modem. As a result, none of the company's trades, emails, or phone calls were being archived, in violation of Securities and Exchange Commission regulations.
Despite the fact that at least five people at The Revere Group knew about the engineer's action, it's unclear whether it was reported at the time to GunnAllen or regulators. The SEC didn't reference the incident in a subsequent announcement about a settlement with GunnAllen for unrelated privacy and data security violations, and interviews with former Revere Group employees reveal that regulators may have known about only a fraction of the data security failures at the firm.
What follows is a chronicle of one firm's myriad IT and other missteps over a period of at least four years, as related by former employees and various official documents. It's a cautionary tale of what happens when a company tosses all IT responsibility over a wall and rarely peeks back. It also reveals what happens when an IT outsourcing vendor gets in over its head, and it points to the failures of regulators to identify and clean up a corporate mess on a grand scale.
While these missteps go back as far as seven years, they have continuing relevance today in the context of how businesses oversee outsourcing, information security, regulatory, and employee matters.
Rogue Home Router
Why would a network engineer route all of his employer's traffic through his home RoadRunner cable modem? "You can direct where your traffic is going, and we found out that he'd sent the traffic home to ensure that his routing patterns at work were correct," Saccavino told InformationWeek in a recent interview. But after a week, Saccavino said, he'd forgotten to turn it off.
During the week or so in 2005 that all brokerage traffic was being piped through the home router, the data being sent by GunnAllen's 200 or so employees included bank routing information, account balances, account and social security numbers, and customers' home addresses and driver's license numbers, says Roger Sago, a former Revere Group SQL Server database administrator who was working at the GunnAllen offices at the time. Sago was in charge of defining the data stream to and from Pershing (a unit of Bank of New York Mellon that provides prime brokerage and other services to financial services organizations), which involved thousands of transactions per day. "They transmitted it over the system, online, to the clearinghouse, and if anyone had access to that data ... the ramifications would be huge," Sago said. "There's enough data there that a person could run off and live forever off of what they found."
Sago contacted InformationWeek, saying that the SEC's 2011 settlement announcement relating to prior information security and privacy failures at GunnAllen had failed to mention additional security breaches at the firm. By way of background, Sago filed a civil action--since settled--against The Revere Group and GunnAllen in December 2008, alleging that he'd been unfairly laid off. During the course of that lawsuit, Sago says he learned about the undisclosed breaches from other former employees. Because such security breaches must be reported to the relevant authorities, Sago says he brought them to the attention of The Revere Group and GunnAllen lawyers involved in his case and asked them to respond within 30 days--and preferably, to report the incidents to the relevant authorities.
When neither responded, according to Sago, he says he then alerted the Federal Trade Commission, the Financial Industry Regulatory Authority (FINRA), the SEC, and attorneys general in the 42 states where GunnAllen had conducted business.

I like this one better...

Anatomy Of A Brokerage IT Meltdown