Rogue Code Read online

  The author and publisher have provided this e-book to you for your personal use only. You may not make this e-book publicly available in any way. Copyright infringement is against the law. If you believe the copy of this e-book you are reading infringes on the author’s copyright, please notify the publisher at: us.macmillanusa.com/piracy.

  CONTENTS

  Title Page

  Copyright Notice

  Acknowledgments

  Foreword

  Memorandum

  I. Day One

  News Article

  Chapter 1

  Chapter 2

  Chapter 3

  Chapter 4

  Chapter 5

  II. Day Two

  News Article

  Chapter 6

  Chapter 7

  Chapter 8

  Chapter 9

  Chapter 10

  Chapter 11

  Chapter 12

  III. Day Three

  News Article

  Chapter 13

  Chapter 14

  Chapter 15

  Chapter 16

  Chapter 17

  Chapter 18

  Chapter 19

  Chapter 20

  Chapter 21

  IV. Day Four

  News Article

  Chapter 22

  Chapter 23

  Chapter 24

  Chapter 25

  V. Day Five

  News Article

  Chapter 26

  Chapter 27

  Chapter 28

  Chapter 29

  Chapter 30

  Chapter 31

  VI. Day Six

  News Article

  Chapter 32

  Chapter 33

  Chapter 34

  Chapter 35

  Chapter 36

  Chapter 37

  Chapter 38

  Chapter 39

  Chapter 40

  VII. Day Seven

  News Article

  Chapter 41

  Chapter 42

  Chapter 43

  Chapter 44

  Chapter 45

  Chapter 46

  Chapter 47

  Chapter 48

  VIII. Day Eight

  News Article

  Chapter 49

  Chapter 50

  Chapter 51

  Chapter 52

  Chapter 53

  Chapter 54

  Chapter 55

  Chapter 56

  Chapter 57

  Chapter 58

  Chapter 59

  Chapter 60

  Chapter 61

  Chapter 62

  IX. Day Nine

  News Article

  Chapter 63

  Chapter 64

  Chapter 65

  Chapter 66

  Chapter 67

  Chapter 68

  Chapter 69

  Chapter 70

  Chapter 71

  Chapter 72

  Chapter 73

  Chapter 74

  X. Final Day

  News Article

  Chapter 75

  Chapter 76

  Chapter 77

  Chapter 78

  Chapter 79

  Chapter 80

  Chapter 81

  Chapter 82

  Chapter 83

  Chapter 84

  Memorandum

  Bibliography: Additional Information on High-Frequency Trading

  Also by Mark Russinovich

  About the Author

  Copyright

  ACKNOWLEDGMENTS

  This book was made better by the discussions and invaluable feedback I received from readers of early drafts. I’d like to thank John Walton, David Cross, Chris Jackson, John Lambert, Scott Field, and Matt Thomlinson, colleagues of mine at Microsoft, who shared their real-world experience fighting cybercrime and improving cybersecurity in their detailed and thoughtful reviews and discussions. Thanks also to Jeff Prosise and Ron Watkins, friends of mine outside of Microsoft, who gave me their perspectives as fans of the techno-thriller genre.

  Haim Bodek deserves a special thanks for the information he shared with me, initially and unknowingly via his Web site, book, and participation in documentaries on HFT that I researched, and then later after I contacted him, in our long conversations over Skype and in the comments he gave me on book drafts. I’m grateful for his foreword, which sets the tone perfectly for the book. His position as an industry insider and pioneer of market microstructures makes his warning that HFT poses risks to our economy when looked at as not just low-latency algorithmic trading that can spiral out of control in algo-vs-algo trading, but as including the secretive-order types that give insiders unfair advantages, something that we should all heed.

  I also want to thank my agent, David Fugate of Launch Books, for his staunch support of the Jeff Aiken books series, and also for helping me secure the sale of its movie option. Peter Joseph, my editor at St. Martin’s Press, did a fantastic job of guiding the book through to publication, even somehow compressing rigid publishing schedules to hit target dates when my day job got in the way and slowed my delivery. Thanks to Melanie Fried and to the editorial production staff at St. Martin’s Press for their painstaking passes over multiple drafts of the manuscript, somehow finding typos and grammar mistakes in passages that I read dozens of times.

  Finally, I want to again thank the real-life Daryl, my wife, for indulging me in my many hobbies, of which novelist is just one. Her patience and support for my crazy schedule and her smiling face, which greets me when I get home from work or finish a multi-hour writing session, provides the emotional foundation for my creative endeavors.

  FOREWORD

  When I first read Rogue Code, I thought, “Here is a thriller that is really tuned into the dangerous potential of electronic trading.” Mark Russinovich paints a picture of what most would consider the nightmare scenario of what could go terribly wrong in the U.S. stock market. It is a dystopian view of where electronic capitalism might lead us.

  And yet, Rogue Code shows us a Wall Street which is all too familiar—think it a synthesis of age-old business practices that thrive on exploiting the grey areas of financial regulation and modern electronic trading systems whose opacity is the only thing keeping computerized criminals at bay. The end result is a fictional portrayal of a global-market system that is hauntingly familiar in both its vulnerability and its propensity for financial crisis.

  Mark is impressive, detail-oriented, hands-on. He aims to introduce you to the technical mechanisms, hacks, and exploits that are longstanding practices in the field of cybersecurity that he rightfully associates with critical vulnerabilities in our national market system. More importantly, Mark has tied together two disciplines that must cross-pollinate: cybersecurity and computerized trading. After you have read Rogue Code, you will believe these two fields are on a collision course.

  Still, I confess that as I read Rogue Code I couldn’t help but smirk inappropriately at times. If he only knew, I thought. As the financial crisis proves, often Wall Street itself can be its biggest threat.

  Rogue Code is a work of fiction. The bad guys don’t run multibillion-dollar hedge funds that have institutionalized illegal insider trading into a business model. They don’t run massive Ponzi schemes affiliated with unusually successful trading companies. They don’t publicly brag about their multi-year zero-loss trading days fueled by “secret sauce” that only recently has caught the attention of regulators.

  In my experience, the current threat to Wall Street isn’t going to come from abroad … it has already firmly embedded itself into the fabric of our marketplace.

  We don’t need foreign agents to compromise our markets. We are quite adept at causing the flash crash and more than twenty-five thousand “mini flash crashes” all b
y ourselves.

  We don’t need a foreign agent to rig an exchange to provide a benefit to an affiliated trader—we are quite adept at creating conflicts of interest, self-regulation of for-profit entities, and regulatory loopholes that naturally evolve into collusive arrangements.

  We don’t need super-hackers planted where they can exploit the order matching code for their own benefit, as the most lucrative career path for a developer is to cycle from exchange to trading company, back to the exchange space, and then onward to the most elite trading firm having attained the “goods.”

  And I should know. Over a decade ago, I was awarded my first major promotion at a major investment bank for exploiting a back door in a European electronic exchange to get prices faster. Back then, we discovered holes. At some point, the game changed, and the industry started creating holes.

  The search for what we in the industry call an “edge” led exchanges to manufacture artificial advantages in order to satisfy their most-favored clients. What else differentiates an exchange, when the primary service that traders want is to extract a profit in what nearly always is a zero-sum game for short-term traders? The money has to come from somewhere, doesn’t it?

  And so many years later, I decided to blow the whistle on high-frequency trading to regulators, citing numerous undocumented features designed by exchanges to accommodate high-frequency trading strategies at the expense of the public customer. It was the road not traveled for one of my background.

  Mark is an outsider to high-frequency trading, but that is what makes his contribution all the more sobering. What if Wall Street lost its stranglehold on a system where complexity and volatility equate to trading edge? What if outsiders indeed targeted the very systems which regulators readily admit they cannot monitor or control in any meaningful manner?

  And that is probably the most terrifying conclusion one can draw from Rogue Code. Wall Street, having grown so accustomed to exploiting and circumventing its own system, is dramatically unprepared for real enemies, those who have no stake in the bedrock of our capitalist system.

  —HAIM BODEK

  MANAGING PRINCIPAL

  DECIMUS CAPITAL MARKETS, LLC

  WHITE HOUSE DISTRIBUTION ONLY

  DO NOT DUPLICATE

  MOST SECRET

  MEMORANDUM

  DATE:

  October 13

  FROM:

  Walter D. Winterhalter

  Inspector General

  Office of the Inspector General

  U.S. Securities and Exchange Commission

  TO:

  Eleanor Kaschnitz

  National Security Advisor

  RE:

  Concern

  I wish to personally express my deepest concern about the possible intentional or inadvertent disclosure of the actual events that occurred last month, regarding the New York Stock Exchange Euronext. The potential for incalculable harm to our financial institutions and the world financial system is extreme. While speculation is rampant in the media, both traditional and electronic, the diverse nature of the speculation tends to cancel out fears, though the attention has had a dampening effect on the trading public. Only the passage of time will inform as to what extent. For now, I must urge in the strongest possible terms that no official account of events be made public and that every step possible be taken to prevent a credible source from leaking what we know and are learning.

  I cannot emphasize this more forcefully.

  cc: POTUS

  DAY ONE

  MONDAY, SEPTEMBER 10

  NYSE EURONEXT SECURITY REACHES NEW LEVEL

  By Arnie Willoughby

  September 10

  Bill Stenton, director of NYSE IT Trading Platform Security, has confirmed a rollout of new security measures designed to make trades within the Exchange the most secure transactions in the world. In public comments Saturday, Stenton said, “There are two realities in security trades in the 21st century. The first is they must take place with great rapidity, as this is a digital world and traders will settle for nothing less. The second is that trades must occur within a system that is completely secure. We believe the NYSE Euronext system provides both of these [requirements].”

  He went on to describe in general terms the scale of the measures now routine within the trading platform’s software. Special software continuously seeks out anomalies as well as attempts at penetration. “The software is continuously updated to keep it current and to provide the best trading platform possible. To assure its near seamless operation, we are constantly searching for what we call hiccups in the system. These [hiccups] appear most often when we are merging new subsystems with existing ones.”

  Regarding attempts at penetration, Stenton admitted that the problem is ongoing. “We have the most sophisticated security system in the world. I cannot recall a single instance in which anyone penetrated our first wall, let alone the subsequent security measures. You can trade with absolute confidence.”

  Asked about the recent appearance of a common malware bot on one of its Web servers, Stenton dismissed the incident as insignificant. “The security of the system was never in doubt.” Despite Stenton’s assurances, knowledgeable sources expressed reservations. “The presence of a bot on a public site of this significance should be a wake-up call, but I fear it is not,” said one informed source who asked to remain anonymous.

  Henry Stolther, a frequent NYSE critic and publisher of the Stolther Report, responded to Stenton’s comments, focusing on the speed of trades within the system. “The NYSE has moved too rapidly into accelerated trading,” he said. “The Exchange is competing in a highly competitive industry and wants to make its system as user-friendly as possible. As a consequence, certain abuses now possible with current computing power have gone largely unregulated.”

  Asked if he was referring to high-frequency traders, Stolther said, “Absolutely.”

  READ MORE: STOCK EXCHANGE, NYSE, TRADING PLATFORM, SECURITY

  US Computer News, Inc.

  1

  WATERFALL GLEN FOREST PRESERVE

  DARIEN, ILLINOIS

  8:13 A.M.

  Vincenzia Piscopia, known as Vince to his American colleagues, sat on the cool gray boulder, feeling more than a little strange. He’d never done this before and was now having second thoughts. He glanced about the small clearing. He was alone. Maybe I should just go back home, he thought, pretend this never happened.

  Vince was thirty-four years old and had spent his entire life in the digital age. Though he hiked as often as possible, he was a trifle overweight and soft. Computers and the Internet had always formed an integral part of his life. He even made his comfortable living as an IT operations manager for the New York Stock Exchange, working out of the Chicago IT office. Originally from Milan, Italy, where he’d been employed by Siemens, he found he enjoyed America more than he’d expected. His only real complaint was of his own doing—he just didn’t get out very often.

  Vince had always been a nerd, and social media formed the greatest part of what passed for his social life. He tweeted, maintained two blogs—one on life in Chicago for an Italian expat, the other about computer security, a particular obsession of his—and he’d been one of the first 100,000 to have a Facebook account. He’d seen the value of Facebook from the beginning and had opened his account almost from the day the company launched. Between his iPad, iPhone, and home computer, it seemed to him that when he wasn’t sleeping or working, he was social networking.

  Even on his long solitary hikes, he brought along his iPhone and had a connection nearly everywhere. He wasn’t alone in that regard. Just the week before, he’d hiked some six miles on this very trail, found a lovely spot to take a meal, and while sitting there had checked for messages. Just then, he’d heard a chirp. Not twenty feet away, he spotted a woman of middle years answering her cell phone. He’d just shook his head at the incongruity of it all—then texted a few replies of his own.

  But today was different. Vince was her
e to meet someone. It was all very twenty-first century, he’d told a colleague at work. And while for others this sort of thing happened from time to time, for Vince it was a first. As a result, he found himself fretting about his appearance. He’d been honest with the photographs he posted on Facebook, and Sheila had assured him that she was as well.

  He wasn’t concerned, though he knew that Facebook friends were often disingenuous in that regard. He’d know soon enough if Sheila was the stunner her photos showed, or a fake. If the latter, they’d hike a bit, and then, once he returned to his apartment he’d unfriend her. That would be that.

  And he’d never do this again.

  It was a bit cool for September, but Vince liked the typically brisk Illinois autumn. He found it invigorating and at moments like this, on a remote trail far from the popular routes, he could imagine himself back home. He was getting cold and zipped his Windbreaker up higher. From nearby came the gentle murmur of a stream.

  It was Sheila who’d suggested they meet on a Monday when there’d be few hikers and that they take this moderate hike in the DuPage County forest preserve. He’d been pleased that it was one she knew about, since it was already his favorite. The nine-mile trail snaked around the Argonne National Laboratory, the loop passing through rolling woodlands and savannas, the contrasting scenery adding to the charm. Though all but within the Chicago suburbs, the preserve had a very rural feel.

  The main trail was layered with crushed gravel, and it crested a few difficult hills. There were usually hikers such as himself, joggers, and those training for marathons. The only negative was that horses were permitted on the wide pathway, and they brought with them their unique problems; which was why Vince preferred the smaller side trails where the horses didn’t go.

  He heard movement and turned with anticipation. But instead of Sheila, there was a man, another hiker. Vince smiled and nodded a distant greeting. The man nodded back and continued toward him.

  Their exchanges had started just the week before. Sheila was the friend of a friend on Facebook. She lived in Chicago and also worked in IT. A few messages established how much they had in common, so they’d switched to e-mail. Sheila had spent a summer in Europe after university, backpacking locally in some of the same places Vince knew. She took her work in software security seriously, and from the first complimented his blog. She’d never been married and had no children. In fact, she’d never even lived with a man, she told him. Like Vince, she worked long hours, and at twenty-nine had decided it was time to get out more.