The trader bots controlling the global stock marketAutomation, high frequency trading and bots have changed the global stock market in recent decades. How do these bots work, and how have attackers exploited them?
Trading on the stock market has only grown more complex in the past few decades.
Thanks to high frequency trading (HFT) and the rise of Big Data in financial markets, it’s impossible for an individual investor, trader or stock analyst to make the right investment decisions quickly enough to react to an increasingly complex market.
With traders needing to make investment decisions on-the-spot in seconds, not minutes, it’s unsurprising that they have turned to rule-based automation and AI. Computer-savvy traders set specific rules for entries, exits and monitoring of a trade, allowing computers to execute trades automatically on their behalf.
Not only are algorithms, high frequency traders and trading bots faster than human analysts, but they also require a smaller workforce to maintain, with computer engineering skills becoming an important asset for modern traders. For example, the 600 traders who worked the trading desks at Goldman Sachs’s New York HQ in the year 2000 have now been replaced by at least 200 computer engineers who supervise algorithms and trading bots.
Aside from reducing resourcing requirements, trading bots have several other advantages.
Advantages of using a trading bot
When a specific rule has been set to protect losses, a trading bot can determine the difference between a small loss or a devastating loss when a trade is going against the investor, and act accordingly to curtail losses.
Backtesting is when trading strategies are tested against historical data to determine if the rules created can be practical for a future trade. A trading bot can be tested against historic trading data and tweaked to be more effective before it is deployed on live trading scenarios.
As computers respond extremely fast to instructions, automated buy or sell orders can be processed instantly. Entering or leaving a trade just a few seconds faster can make a significant difference in the trade’s outcome, delivering better results than a human could react quickly enough to replicate. Bots are essential for high frequency trading as they react instantly to market changes.
Of course, there are some caveats to this reliance on trading bots:
As with any piece of software or hardware, automated trading bots can suffer from outages, errors or maintenance. A trade delayed by even a few seconds could mean a potential loss of millions, so an internet connection drop could be disastrous. Starting off with small trades and having failovers and contingencies is wise.
Although trading bots are automated, they do need to be constantly adjusted to the current stock market landscape. These interventions can create anomalies that could lead to wrong orders being placed. Expert monitoring is necessary to identify and resolve anomalies, and to lower the risk of losses.
Although backtesting can create a ‘perfect’ model for historical data, the stock market is often unpredictable. Over-optimizing based on past data can hamper performance on live trades.
When automated trading bots go wrong: Knight Capital Group
On August 1, 2012, Knight Capital Group experienced an issue with its automated technology software due to an error within its algorithms. The errant algorithm was making millions of faulty trades on 148 companies listed on the New York Stock Exchange. The algorithm was buying stocks at the highest price and instantly selling at the lowest price.
The algorithm cost Knight Capital a pre-tax loss of $440 million in a 45-minute period. Rival traders and investors quickly took advantage of the dilemma. The incident immediately pushed Knight Capital to the brink of bankruptcy, requiring investors to step in and raise funds to save the company. Knight Capital Group was later acquired by Getco LLC.
While this is an extreme case, it demonstrates how a simple error (some code not being correctly transferred to a server) can have devastating financial consequences if trading bot automation is allowed to run unmonitored.
Spoofing and stock market manipulation
Good bots are built to help investors become more efficient, effective, timely and accurate in their day-to-day tasks. Unfortunately, adversaries can also exploit weaknesses in systems, utilizing bots for financial fraud.
Legitimate trading bots are under threat from adversaries using their own bots to manipulate markets. This is known as spoofing.
Because HFT bots react so quickly and often follow similar rules, they are open to manipulation by bad actors.
These adversaries program bots to place bids or buy or sell futures contracts (agreements to buy or sell an underlying asset at a later day for a predetermined price) at high volumes, creating false demand within the market and causing other automated algorithms to buy or sell as an automatic response. The adversary will then cancel their bids or offers prior to the deal’s execution, making a profit based on however they have manipulated the markets to move.
Is spoofing illegal?
Spoofing is illegal in the USA under the 2010 Dodd–Frank Act, but in the UK, spoofing is not a specified offence. However, it is classed as market manipulation under article 15 of the FCA’s Market Abuse Regulations. In addition to this there are criminal offences relating to market manipulation of the Financial Services Act 2012 (sections 89 and 90) and section 2 of the Fraud Act 2006.
Spoofing in practice: Flash Crash and the Hounslow day-trader
The best example of spoofing became known as the ‘Flash Crash’. In 2010 a British trader, Navinder Singh Sarao, used automated software to place huge orders for the E-mini S&P 500 near month futures contract on the Chicago Mercantile Index, before cancelling them prior to execution.
This caused mayhem for Dow Jones Index futures contracts and erased almost $1 trillion in the US stock market in less than an hour. One man’s spoofing attack, using trading algorithm software to generate large sale orders from his bedroom, caused the biggest stock plunge seen in decades.
How is spoofing kept under control?
Due to the Flash Crash incident in 2010, regulators request that all traders’ algorithms must have pre-trade controls and circuit breakers that prevent them from manipulating and creating an impact on the market. In the last 10 years global regulators have invested massively in data analytics teams to analyze the data to ensure all traders and investors have done business legally.
Although spoofing is illegal in the USA and questionable in the UK, traders may turn to methods that have not been seen before to try to illegally influence prices, such as pushing misleading information from one exchange to influence prices on a different one. To date no flags have been raised to show this has happened.
However, we have seen a rise in spoofing activity using bots in the less regulated and decentralized world of cryptocurrency and NFT trading. Wherever there is opportunity to manipulate prices, bad bots and automation are usually close by.
web applications with Netacea's
Intent Analytics™ engine