Financial Industry To Spend $90 Billion on New Technology

Between 2001 and 2005 the financial industry spent billions on developing new derivatives and other complex financial instruments. Nobody really understood what was going on until it all came tumbling down in 2007/2008. Now, something similar is happening; the financial engineering is swapped with pure engineering. The industry is expected to spend $90 billion on new superfast computer systems equipped with artificial intelligence and advanced algorithms that no one – except for the engineers who made them – really knows how works.

“Investors seeking the high returns it can once again provide have come back, and IT investment is slowly growing as a result. By 2012, we expect the market to reach pre-recession levels.”

Daniel Mayo

The financials markets industry’s spending on information technology will hit almost $90 billion by 2015, driven by strong growth in the Asia-Pacific region, and a bounce-back in the hedge funds sector, according to an analysis by the independent technology analysis firm, Ovum.

The analysts find that the Asia-Pacific region will see some of the strongest growth in financial markets IT spend, as global companies continue to transfer power to the region due to its growing economic strength, advancedtrading.com reports.

In China, IT spending will grow by a compound annual growth rate (CAGR), of 8.8 per cent from 2011 to 2015. Meanwhile, Hong Kong will experience a CAGR of 8.1 per cent for the same period and Singapore 7.1 per cent.

Although the amounts invested will be lower, growth in all three will outstrip the US and the UK and Ireland, which will hit CAGRs of 6 per cent and 5.8 per cent respectively.

Daniel Mayo, financial markets technology analyst at Ovum, comments:

“While there will be growth in nearly every major market, the Asia-Pacific countries will be at the forefront. This is mainly due to global companies shifting their decision-making power from New York and London to cities such as Beijing, because of their growing economic influence.”

Meanwhile, global spending on IT in the hedge funds sector will grow a CAGR of 11.1 per cent from 2011 to 2015.

This is the strongest growth of all the lines of business and is being driven by a resurgence in the hedge funds market as investors seeking high returns forgive the woes of 2008/09.

Mayo adds: “The hedge funds market was badly affected by the financial crash, with investors staying away due to its disastrous performance. As a result, investment in IT fell significantly in 2008 and 2009. However, investors seeking the high returns it can once again provide have come back, and IT investment is slowly growing as a result. By 2012, we expect the market to reach pre-recession levels.”

According to Mayo, much of the investment in all regions and lines of business will be made in risk management systems, as well as reporting systems that allow financial markets companies to provide greater transparency and comply with new industry regulations such as Basel III.

Let’s see how long it takes for the law makers and regulators to catch on this time…

More from advancedtrading.com:

• Deutsche Bank Expands Market Access Platform to U.S. Exchanges
• Man Group On Share-Buying Spree
• Investors Back Hedges to Navigate Crisis
• Defining the Future of Prop Trading
• Hedge Funds Reel in Market Dive
• BlackRock Spends Gold, Bond Profits to Buy Cheaper Equities 

Meanwhile, the extreme volatility we’ve experienced over the last few days, are still puzzling many experts.

There’s an interesting article at NorthJersy.com well worth reading.

Here’s some of it:

Wall Street’s wild ride Tuesday may be due less to rational decisions and more to computers automatically trading stocks at lightning speeds.

Large institutional investors like mutual funds often employ strategies to buy and sell stocks or funds at certain pre-programmed prices.

Other traders, meanwhile, employ high-frequency strategies and offload or buy huge blocks of shares in minutes or seconds, depending on how markets move.

“Volatility begets volatility,” says John Longo, a professor at Rutgers Business School.

“No doubt about it, whenever you have these dramatic moves in a short period of time, programmed trading is largely behind it.”

Much of that trading takes place not on trading floors but within vast rows of computer services inside North Jersey data centers.

Years ago, when humans conducted the vast majority of trades on Wall Street, Monday’s roughly 6 percent market plunge and Tuesday’s roller-coaster ride that ended with major indexes recouping much of their Monday losses might have been less dramatic, experts said.

The markets would not have gyrated so quickly, and the ups and downs might have taken place over days, not minutes and hours, experts says.

Some electronic trading strategies involve chasing momentum — automatically buying stocks on their way up or selling as they lose value. And swings in the marketplace will always be driven by economic events — such as Standard & Poor’s downgrade of United States bonds, Europe’s debt crisis and the Federal Reserve’s announcement Tuesday that it would keep interest rates low through 2013.

“Definitely, there will be some events that move markets,” says Frank Zhang, a professor at Yale University’s School of Management who has studied computerized trading, which he estimated accounted for 80 percent of trading volumes (other estimates have pegged it closer to 50 percent.)

Adding: “But I think computer trading exaggerates such events.”

Adam Sussman, a partner at The TABB Group LLC, a Wall Street research and advisory firm, says the high-frequency trading firms feed off Wall Street volatility, which is often fueled by investors’ fear.

“When humans are panicking, the computers do better,” Sussman said.

He didn’t see high-frequency trading as necessarily being responsibility for recent volatility.

“They’re not really causing it, because they’re responding to market conditions,” he says.

I assume some might argue with that statement.

Related by the EconoTwist’s:

• Hey, You HFT Bashers! Are You Ready For This?
• “Artificial Intelligence” To Be Implemented In HFT
• The Ultimate Trading Weapon
• Hackers: Wall Street Is An Easy Target
• And Here We Go: Nasdaq Stock Exchange Hacked!
• The Cyber War (Complete Coverage) Part 2: A New Battlefield
• The REAL Weapon of Mass Destruction
• Derivative Trading Just Keeps Getting Bigger
• HFT Turns To Low Liquidity Stocks
• High Frequency Confusion at London Stock Exchange
• UK And France Want Ban On High Frequency Trading
• Regulations May Increase Risk of Flash Crash, Traders Says
• Will Supervising Hedge Funds Put An End To Systemic Risk?
• Here’s The Best Place For High Frequency Trading
• Survey; High Frequency Trading Makes Markets More Efficient
• Understanding High Frequency Trading
• Here’s The Official Flash Crash Report; Scapegoat Found

Hackers: Wall Street Is An Easy Target

This weekend the grand finale of the annual Black Hat hackers convention is being rolled out in Las Vegas. On the agenda is a lecture on how easy it would be to hack the high frequency trading operations on Wall Street.

“Easy peasy.”

James Arlene

An annual hacker convention, known as Black Hat, is now in full swing in Las Vegas. Marketplace’s Steve Henn reports that one researcher plans to give a speach today, outlining how easy it would be to hack high frequency trading operations on Wall Street.

Every year, thousands of hackers, security professionals, and researchers descend on the desert mecca, to show off their latest exploits.

Marketplace’s Steve Henn reports that one researcher plans to give a speech this weekend, outlining how easy it would be to hack high frequency trading operations on Wall Street.

High frequency traders buy stocks at a lower price in one market and sell them a split second later, for a fraction of a penny more, in another.

The speed that we are talking about is insanely fast.

“You start thinking about fast things in the world, and you think about things like blinking your eyes. But these trades are ten times faster than that,” says James Arlen at Push the Stack Consulting.

In fact, it is a lot faster than that.

It takes barely a millisecond to execute a trade between New York and Chicago.

Now blink your eye:

That was about 400 milliseconds….

Computers automatically makes all the HFT transactions, based on their complex and rapidly developed algorithms.

Micro- and milliseconds are the difference between making a profit and getting hosed.

Over the last few years traders have put their servers in the same secret building as the New York Stock Exchange computers, and they’ve invested big time in building the fastest computers possible.

But that also means they have stripped their trading software and hardware down to the bare bones.

If these computers were cars there would be no seat belts, no airbags, no roll bars.

And the consequence is minimal security.

In other words; hacking made easy.

“Easy peasy,” Arlen comments.

James Arlen is also convinced that someone who gains access to these trading networks is going to try.

And so is this blogger…

Here’s the full radio interview with James Arlen:

Listen to the Story.

Doing Good – Being Bad?

Las Vegas is no stranger to shady characters, but there’s a plethora in town this weekend. So shady, in fact, they call themselves “Black Hats”.

It’s a convention of hackers and cybersecurity officials and researchers who claims they are trying to do good by being bad.

Here’s a little interesting piece from Marketplace’s Steve Henn who is on an all-expenses-paid trip to Las Vegas for the conference:

“It’s kind of an interesting scene out here. You know, I was registering for this conference, and the guy behind the press desk was this bearded, tattooed dude, and I asked him if there was a wireless connection I could hook up to. And he just looked at me like I was this lost, pathetic soul, and said, “Man, don’t use the wireless.” And I was thinking, why not? So I asked, and he said, “You’re at a hacker convention.””

No, Oprah, No!

According to Marketplace, there are a lot of people at the hackers party  who are raising concerns about how interconnective many different devices are.

Don Bailey at iSEC Partners hacked into one of these devices called the Zoombak.

Here he is what he told the participants at the Black Hat convention:

“This is literally just a small consumer tracking device. Nobody knew who the heck this thing was – before Oprah went on and said, ‘Hey, you know what’s really cool? You can track your kids and make sure they’re safe. To do that, use this little small device that you can throw in their backpack and now they’re super safe, and you track them online with a web 2.0 interface. Thumbs up!’ I heard that and thought, ‘Oh dear God, no. Please Oprah no, no Oprah no!'”

So, Don Baily targeted this device. He got on the network, looked around, and was able to identify these things, and tracked them as they moved around, like you would track your kids.

Then he realized he could spoof them – send fake information about where a device was back to the Zoombak website.

Now, that is, if you’re a parent, really terrifying.

Thanks a lot Oprah!

Follow the Black Hats here.

Related by the EconoTwist’s:

• A New Battlefield
• The Cyber War: Complete Coverage (Part 1)
• Online Banking Malware Has Surfaced
• Citibank Hacked: 200.000 Credit Card Numbers Stolen, May Affect 20 Million Customers
• US Stock Markets Infected By Malicious Software?
• Hackers Threaten To Attack The US Federal Reserve
• And Here We Go: Nasdaq Stock Exchange Hacked!
• NASDAQ Hackers Aimed At Corporate Bonds
• NASDAQ Comments On Hackers, Lack of Information
• Hackers Target The New York Stock Exchange
• Cyber Attacks Force EU to Close Emission Trading System
• Europe: Cyber Criminals Attack Critical Water, Oil and Gas Systems
• Anonymous Amateurs & Script Kiddies
• The REAL Weapon of Mass Destruction

The Cyber War (Complete Coverage) Part 2: A New Battlefield

The financial industry is bracing itself for the most dangerous cyber attack ever. A few months ago the complete source code for the notorious banking crimeware – Zeus – was released online, making it possible for almost everyone to use. The so-called “Trojan” is likely to be responsible for the theft of billions of dollar since its first appearance in 2007. No one knows who is behind it. But what worries the security people most at the moment is; what are these guys doing now?

“In reality, they’re probably moving on to something bigger and nastier.”

Fraser Howard

The security industry is bracing itself for an increase in financial cyber crime after the complete source code for the Zeus crime ware kit was released online, PCPlus Magazine writes in its summer edition. Zeus is considered one of the most sophisticated banking Trojans running wild in cyber space at the moment, and have been the focus of several multi-million fraud investigations by the US FBI and the UK Metropolitan police.

The release of the Zeus source code about three months ago means that anyone now can set up their own Zeus botnet and create their own brand new financial Trojans.

“Even people with minimal technical knowledge are able to set up a fully functional botnet in less than five minutes.”

According to the security company, Trend Micro, the Zeus is so easy to use, and so well supported, that even people with minimal technical knowledge are able to set up a fully functional botnet in less than five minutes.

David Perry

“We will see a lot more attacks on the general public and more attacks that affect consumers,” David Perry, Global Director of Education at Trend Micro predicts.

However, the focus of most security experts right now is what other cyber criminals will do with newly leaked code.

“There will be plenty of script kiddy interest at first,” says Howard Fraser, principal researcher at the security firm Sophos.

Adding: “But the most concerning thing about the release is that it might enable people to add functionality from Zeus to their own malware.”

Last year, the Police Central E-Crime Unit at Scotland Yard disrupted a Zeus operation in Essex (UK) that had stolen a total of GBP 6 million from customers of HSBC, Barclays and Lloyds TSB.

In March this year an unemployed man from Manchester (UK) was sentenced to five years in prison after using Zeus to infect more than 15.000 computers worldwide.

Zeus, also known as Zbot, is a password stealing Trojan that allows the attacker to control a whole network of infected computers – a so-called botnet.

The malware hide itself inside legitimate programs, undetected by anti-virus software, and interacts with your browser directly to monitor traffic.

Before the Zeus was made available to everyone in May this year, it was sold for about USD 10.000 on the black cyber market. It was shipped with an easy-to-use graphic interface, providing regular automatic upgrades – and even with a 24/7 online support!

“Its writers are not the same as the people who implement it. These guys don’t want to do the criminal activity, they just want to write code.”

“It’s a very sophisticated piece of code, professionally written with a good understanding of C++. Its writers are not the same as the people who implement it. These guys don’t want to do the criminal activity, they just want to write code,” David Perry at Trend Micro says.

“Zeus shows the level of professionalism in the world of cyber crime,” he points out.

For a long time, the Zeus worked alongside other malware like Bredolab, FakeAV and Koobface – a virus found on social network sites.

“The fact that you can blend up pieces of malware from different groups and use them in the same attack is just startling.”

But recently it was discovered that someone had merged the Zeus with its rival – SpyEye – to create another, even more dangerous, hybrid banking crimeware toolkit.

“The fact that you can blend up pieces of malware from different groups and use them in the same attack is just startling,” Perry says.

Today, not two implementations of the Zeus are alike.

An infection typically has as many as 50 different components working at the same time.

A recently discovered version included the Jabbar instant messaging client (used in Google Talk) to deliver a live feed of the victims’ banking credentials while they were logging in.

This made it possible for the attackers to raid a bank account in barely a couple of seconds.

Detection by antivirus software are still remarkably low: Under 40 percent, according to the Zeus Tracker website.

The experts are still puzzled by the question of why the crimeware’s source code now is being handed out for free.

Particularly since it was offered for sale – just a few months ago – for a six-figure sum.

“Zeus has been around since 2007. Car models don’t last that long!”

There are several theories.

Some researchers believe it’s done to “muddy the waters,” making it more difficult for law enforcement to track its origin.

Others believe the opposite; that it was released on purpose so that the clues and patterns in the codes eventually might lead back to its authors.

However, most experts agree that the Zeus itself was about to reach the end of its lifetime.

“Zeus has been around since 2007. Car models don’t last that long! Zeus is falling from the star position. The big guys are done with it,” Perry states.

Fraser Howard

But don’t think for a second that this means bank may let down their guard for a moment.

“It would be nice to think that the authors of Zeus had made enough money to hang up their boots and do something more worthwhile. In reality, they’re probably moving on to something bigger and nastier,” Fraser Howard at Sophos concludes.

See also: What is Zeus? Technical presentation by Sophos.

.

The History of Zeus

*

Latest updates (provided by The Hackers News – THN)

July/August 2011

•  BackBox – Linux distribution based website Hacked
• British police issue warning to Anonymous, Lulzsec and other internet hacktivists
• Operation Shady RAT – Biggest Cyber Attacks in history uncovered
• Operation Defense – Anonymous shut down Colombia’s president website
• Zero-day flaw in WordPress image utility allows to upload files and execute codes
• CA security finds Android Trojan which records phone calls
• Sun website 1000’s users data stolen
• Italian Intelligence agency CNAIPIC steals sensitive data from Indian Embassy
• 30 China Government Sites Hacked By Hitcher
• Another Government contractor – PCS Consultants (USA) got hacked by #Antisec
• Accused LulzSec hacker Topiary released on bail
• Vimeo (Brazil) Video sharing site got hacked by Terminal_pk
• 7000 law enforcement officers details leaked by Anonymous Hackers
• ZCompany Pakistani Hackers deface big Indian Websites
• 77 Law Enforcement websites hit in mass attack by #Antisec Anonymous
• Italy’s Police IT network vitrociset.it Database Hacked and Leaked by #Antisec
• Department of Homeland Security (DHS) Emails leaked by #Antisec Anonymous
• Nicolas Sarkozy’s official Elysee Palace website Hacked for ‘Get Him Out’ Game
• South Korean social network hacked, 35 million users Data at risk
• Anonymous hacks Defense contractor ManTech for #Antisec
• Paypal gives FBI the list of IP Address of 1,000 Anonymous hackers
• SPINN – Secure Personal Information Notification Network Hacked By Inj3ct0r
• War Texting: Hackers Unlock Car Doors via SMS
• Iframe Injection Vulnerability on FileHippo – Popular software download site
• LulzSec Member Topiary arrested in the Shetland Islands
• #OpPayPal – Anonymous calls for boycott of PayPal for blocking Wikileaks
• BSNL System Hacked by Pakistan Cyber Army – Users info at risk
• Operation Intifada: Anonymous Prepares For DDOS Attack on Israel Parliament
• 90.000 web pages infected by mass iFrame attack
• Change.Gov Donor List 2010 leaked by #Antisec
• Anonymous, LulzSec & Stuxnet nominated for Pwnie Awards 2011 for Epic 0wnage
• 300 Military and Government Accounts leaked by P0keu
• CNAIPIC – Italian government hacked by #Antisec, Various Confidential documents leaked
• Mallika Sherawat official website Defaced by KFMDD Teams Hackers
• Philippines Congress hacked by BashCrew for #AntiSec
• Colombian Anonymous Hackers reveal personal data of Colombian police officials
• English Defense League Facebook Page Deleted & Members Mobile Numbers Leaked
• Apple Mac Books Can Be Hacked Through the Battery
• Pakcyberarmy database hacked and Leaked by Indian Hacker – Lucky
• 8 Court Cases against Sarah Palin Leaked By TeaMp0iso
• NJouve Group hacked by Inj3ct0r Team against the Nato
• 10 Peru government sites database Dump from #antisec Peru
• 15 Porn sites defaced by Amin Safi (Tunisian Hacker)
• Critical Vulnerabilities in Facebook and Picasa discovered by Microsoft
• Harvard researcher arrested on hacking charges
• India – US sign Cyber Shield deal
• Sify.com hacked with SQL Injection Vulnerability
• WD TV Live Hub Compromised – Multiple Vulnerabilities Found By Dr. Alberto Fontanella
• Association of American Feed Control Officials (AAFCO) Hacked by ZHC
• Anonplus.com (Anonymous Social Networking Site) Hacked by AKINCILAR
• FBI Raids Homes of Suspected Anonymous Hackers at New York
• LulzSec will release Murdoch email archive
• FBI arrests AT&T employee for leaking information to Anonymous
• Microsoft offers $250,000 reward for information of Rustock Botnet
• Auth3ntiQ & shika01 found Local file include on numericable.be & numericable.lu
• Tourism Development Corporation of Punjab – Pakistan (TDCP) Hacked by Code Injector
• Israel Web Hosting Server Hacked For Palestine by Dr T.
• Lady Gaga website hacked and fans details stolen by Hackers
• THE CRAZIES Hackers Leaks Server Certificates of Defense Information Systems Agency (DISA)
• 4000 Websites hacked by the 077 ( HamDi HaCker )
• Parliament of Botswana hacked by V0iD
• Jawahar Knowledge Center website Hacked & Databse leaked by PCA
• EC-Council Academy Hacked by GaySec (Malaysian hackers)
• Songs.pk hacked by Indishell against Mumbai blasts
• Yellowstone County website hacked – Tax Payers Information at Risk
• Pentagon Admits to biggest ever data breach

Related by the EconoTwist’s:

• The Cyber War: Complete Coverage (Part 1)
• Kaspersky: Military-Run Cyber Attacks Real Future Threat
• Online Banking Malware Has Surfaced
• Citibank Hacked: 200.000 Credit Card Numbers Stolen, May Affect 20 Million Customers
• Hackers Threaten To Attack The US Federal Reserve
• And Here We Go: Nasdaq Stock Exchange Hacked!
• NASDAQ Hackers Aimed At Corporate Bonds
• NASDAQ Comments On Hackers, Lack of Information
• Hackers Target The New York Stock Exchange
• Cyber Attacks Force EU to Close Emission Trading System
• EU Institutions Hit By Major Cyber Attack
• Internet Nuke Bomb Ready To Blow
• Stuxnet Mutants All Over The Web
• Europe: Cyber Criminals Attack Critical Water, Oil and Gas Systems
• The REAL Weapon of Mass Destruction