Authors: Mark Russinovich
Rogue Code
The author and publisher have provided this e-book to you for your personal use only. You may not make this e-book publicly available in any way.
Copyright infringement is against the law. If you believe the copy of this e-book you are reading infringes on the author’s copyright, please notify the publisher at:
us.macmillanusa.com/piracy
.
C
ONTENTS
Bibliography: Additional Information on High-Frequency Trading
A
CKNOWLEDGMENTS
This book was made better by the discussions and invaluable feedback I received from readers of early drafts. I’d like to thank John Walton, David Cross, Chris Jackson, John Lambert, Scott Field, and Matt Thomlinson, colleagues of mine at Microsoft, who shared their real-world experience fighting cybercrime and improving cybersecurity in their detailed and thoughtful reviews and discussions. Thanks also to Jeff Prosise and Ron Watkins, friends of mine outside of Microsoft, who gave me their perspectives as fans of the techno-thriller genre.
Haim Bodek deserves a special thanks for the information he shared with me, initially and unknowingly via his Web site, book, and participation in documentaries on HFT that I researched, and then later after I contacted him, in our long conversations over Skype and in the comments he gave me on book drafts. I’m grateful for his foreword, which sets the tone perfectly for the book. His position as an industry insider and pioneer of market microstructures makes his warning that HFT poses risks to our economy when looked at as not just low-latency algorithmic trading that can spiral out of control in algo-vs-algo trading, but as including the secretive-order types that give insiders unfair advantages, something that we should all heed.
I also want to thank my agent, David Fugate of Launch Books, for his staunch support of the Jeff Aiken books series, and also for helping me secure the sale of its movie option. Peter Joseph, my editor at St. Martin’s Press, did a fantastic job of guiding the book through to publication, even somehow compressing rigid publishing schedules to hit target dates when my day job got in the way and slowed my delivery. Thanks to Melanie Fried and to the editorial production staff at St. Martin’s Press for their painstaking passes over multiple drafts of the manuscript, somehow finding typos and grammar mistakes in passages that I read dozens of times.
Finally, I want to again thank the real-life Daryl, my wife, for indulging me in my many hobbies, of which novelist is just one. Her patience and support for my crazy schedule and her smiling face, which greets me when I get home from work or finish a multi-hour writing session, provides the emotional foundation for my creative endeavors.
F
OREWORD
When I first read
Rogue Code
, I thought, “Here is a thriller that is really tuned into the dangerous potential of electronic trading.” Mark Russinovich paints a picture of what most would consider the nightmare scenario of what could go terribly wrong in the U.S. stock market. It is a dystopian view of where electronic capitalism might lead us.
And yet,
Rogue Code
shows us a Wall Street which is all too familiar—think it a synthesis of age-old business practices that thrive on exploiting the grey areas of financial regulation
and
modern electronic trading systems whose
opacity
is the only thing keeping computerized criminals at bay. The end result is a fictional portrayal of a global-market system that is hauntingly familiar in both its vulnerability and its propensity for financial crisis.
Mark is impressive, detail-oriented, hands-on. He aims to introduce you to the technical mechanisms, hacks, and exploits that are longstanding practices in the field of cybersecurity that he rightfully associates with critical vulnerabilities in our national market system. More importantly, Mark has tied together two disciplines that must cross-pollinate: cybersecurity and computerized trading. After you have read
Rogue Code
, you will believe these two fields are on a collision course.
Still, I confess that as I read
Rogue Code
I couldn’t help but smirk inappropriately at times.
If he only knew
, I thought. As the financial crisis proves, often Wall Street itself can be its biggest threat.
Rogue Code
is a work of fiction. The bad guys don’t run multibillion-dollar hedge funds that have institutionalized illegal insider trading into a business model. They don’t run massive Ponzi schemes affiliated with unusually successful trading companies. They don’t publicly brag about their multi-year zero-loss trading days fueled by “secret sauce” that only recently has caught the attention of regulators.
In my experience, the current threat to Wall Street isn’t going to come from abroad … it has already firmly embedded itself into the fabric of our marketplace.
We don’t need foreign agents to compromise our markets. We are quite adept at causing the flash crash and more than
twenty-five thousand
“mini flash crashes” all by ourselves.
We don’t need a foreign agent to rig an exchange to provide a benefit to an affiliated trader—we are quite adept at creating conflicts of interest, self-regulation of for-profit entities, and regulatory loopholes that naturally evolve into collusive arrangements.
We don’t need super-hackers planted where they can exploit the order matching code for their own benefit, as the most lucrative career path for a developer is to cycle from exchange to trading company, back to the exchange space, and then onward to the most elite trading firm having attained the “goods.”
And I should know. Over a decade ago, I was awarded my first major promotion at a major investment bank for exploiting a back door in a European electronic exchange to get prices faster. Back then, we discovered holes. At some point, the game changed, and the industry started creating holes.
The search for what we in the industry call an “edge” led exchanges to manufacture artificial advantages in order to satisfy their most-favored clients. What else differentiates an exchange, when the primary service that traders want is to extract a profit in what nearly always is a zero-sum game for short-term traders? The money has to come from somewhere, doesn’t it?
And so many years later, I decided to blow the whistle on high-frequency trading to regulators, citing numerous undocumented features designed by exchanges to accommodate high-frequency trading strategies at the expense of the public customer. It was the road not traveled for one of my background.
Mark is an outsider to high-frequency trading, but that is what makes his contribution all the more sobering. What if Wall Street lost its stranglehold on a system where complexity and volatility equate to trading edge? What if outsiders indeed targeted the very systems which regulators readily admit they cannot monitor or control in any meaningful manner?
And that is probably the most terrifying conclusion one can draw from
Rogue Code.
Wall Street, having grown so accustomed to exploiting and circumventing its own system, is dramatically unprepared for real enemies, those who have no stake in the bedrock of our capitalist system.
—H
AIM
B
ODEK
M
ANAGING
P
RINCIPAL
D
ECIMUS
C
APITAL
M
ARKETS,
LLC
WHITE HOUSE DISTRIBUTION ONLY
DO NOT DUPLICATE
MOST SECRET
MEMORANDUM
DATE: | October 13 |
FROM: | Walter D. Winterhalter |
| Inspector General |
| Office of the Inspector General |
| U.S. Securities and Exchange Commission |
TO: | Eleanor Kaschnitz |
| National Security Advisor |
RE: | Concern |
I wish to personally express my deepest concern about the possible intentional or inadvertent disclosure of the actual events that occurred last month, regarding the New York Stock Exchange Euronext. The potential for incalculable harm to our financial institutions and the world financial system is extreme. While speculation is rampant in the media, both traditional and electronic, the diverse nature of the speculation tends to cancel out fears, though the attention has had a dampening effect on the trading public. Only the passage of time will inform as to what extent. For now, I must urge in the strongest possible terms that no official account of events be made public and that every step possible be taken to prevent a credible source from leaking what we know and are learning.