According to CNBC, cybercriminals managed to install a malicious computer program on the servers of a well-known hedge fund, interrupting high-speed trading and sending information about its trades to unknown parties late last year.
The attack on the hedge fund, which according to knowledgeable sources was discovered and neutralized by technicians at BAE Systems Applied Intelligence, has not been previously disclosed. BAE Systems would not give the name of the hedge fund, as they are a client of BAE.
Hedge fund hit by a complex hack
In the recent attack on the hedge fund, attackers focused on the hedge fund’s trade order entry system, seeking to disrupt the fund’s trading strategy and to send details of the trades to unknown external parties.
Paul Henninger, global product director at BAE Systems Applied Intelligence, said the hack was the most complex and sophisticated he’s seen in a new wave of attacks designed to business information from firms in may sectors.
The new attacks include other hacks on hedge funds apparently designed to find information on their trading strategies. This means that we’re now seeing a new generation of hackers with the technical savvy and moxy to go after highly secure computer networks and with the financial and market savvy to emulate intricate high-speed trading strategies.
“It’s pretty amazing,” Henninger said in an interview yesterday. “The level of business sophistication involved as opposed to technical sophistication involved was something we had not seen before.”
Hackers inserted slight lag
The hedge fund attack began with a “spear phishing” email—a seemingly innocuous email message that inserted the malware onto the fund’s servers when it was opened. The spear phishing emails appeared to be about the capital markets, which made it more likely that one or more hedge fund employees would open the message.
Some months later, financial analysts and IT staff at the firm noticed unusual problems. First, the firm noticed that its algorithmic trading strategy (a computer-based trading system) was suddenly no longer profitable. After looking into the situation, the firm discovered a lag between when they were issuing trade orders and when those orders were executed.
It turned out the attackers had added delays to the trading software ranging from hundreds of microseconds to the low-single-digit milliseconds. This meant the hackers could “front run” the hedge fund on their own trades, undermining the effectiveness of the trading strategy.
Henninger said the hack certainly ended up costing the hedge fund millions of dollars. “This was not something that was a minor issue for them,” he said. “This was something that was getting reviewed at the board level of this hedge fund precisely because it was having a material impact on performance across the portfolio.”