FOREWORD

When I first read Rogue Code, I thought, “Here is a thriller that is really tuned into the dangerous potential of electronic trading.” Mark Russinovich paints a picture of what most would consider the nightmare scenario of what could go terribly wrong in the U.S. stock market. It is a dystopian view of where electronic capitalism might lead us.

And yet, Rogue Code shows us a Wall Street which is all too familiar — think it a synthesis of age-old business practices that thrive on exploiting the grey areas of financial regulation and modern electronic trading systems whose opacity is the only thing keeping computerized criminals at bay. The end result is a fictional portrayal of a global-market system that is hauntingly familiar in both its vulnerability and its propensity for financial crisis.

Mark is impressive, detail-oriented, hands-on. He aims to introduce you to the technical mechanisms, hacks, and exploits that are longstanding practices in the field of cybersecurity that he rightfully associates with critical vulnerabilities in our national market system. More importantly, Mark has tied together two disciplines that must cross-pollinate: cybersecurity and computerized trading. After you have read Rogue Code, you will believe these two fields are on a collision course.

Still, I confess that as I read Rogue Code I couldn’t help but smirk inappropriately at times. If he only knew, I thought. As the financial crisis proves, often Wall Street itself can be its biggest threat.

Rogue Code is a work of fiction. The bad guys don’t run multibillion-dollar hedge funds that have institutionalized illegal insider trading into a business model. They don’t run massive Ponzi schemes affiliated with unusually successful trading companies. They don’t publicly brag about their multi-year zero-loss trading days fueled by “secret sauce” that only recently has caught the attention of regulators.

In my experience, the current threat to Wall Street isn’t going to come from abroad … it has already firmly embedded itself into the fabric of our marketplace.

We don’t need foreign agents to compromise our markets. We are quite adept at causing the flash crash and more than twenty-five thousand “mini flash crashes” all by ourselves.

We don’t need a foreign agent to rig an exchange to provide a benefit to an affiliated trader — we are quite adept at creating conflicts of interest, self-regulation of for-profit entities, and regulatory loopholes that naturally evolve into collusive arrangements.

We don’t need super-hackers planted where they can exploit the order matching code for their own benefit, as the most lucrative career path for a developer is to cycle from exchange to trading company, back to the exchange space, and then onward to the most elite trading firm having attained the “goods.”

And I should know. Over a decade ago, I was awarded my first major promotion at a major investment bank for exploiting a back door in a European electronic exchange to get prices faster. Back then, we discovered holes. At some point, the game changed, and the industry started creating holes.

The search for what we in the industry call an “edge” led exchanges to manufacture artificial advantages in order to satisfy their most-favored clients. What else differentiates an exchange, when the primary service that traders want is to extract a profit in what nearly always is a zero-sum game for short-term traders? The money has to come from somewhere, doesn’t it?

And so many years later, I decided to blow the whistle on high-frequency trading to regulators, citing numerous undocumented features designed by exchanges to accommodate high-frequency trading strategies at the expense of the public customer. It was the road not traveled for one of my background.

Mark is an outsider to high-frequency trading, but that is what makes his contribution all the more sobering. What if Wall Street lost its stranglehold on a system where complexity and volatility equate to trading edge? What if outsiders indeed targeted the very systems which regulators readily admit they cannot monitor or control in any meaningful manner?

And that is probably the most terrifying conclusion one can draw from Rogue Code. Wall Street, having grown so accustomed to exploiting and circumventing its own system, is dramatically unprepared for real enemies, those who have no stake in the bedrock of our capitalist system.


— HAIM BODEK

MANAGING PRINCIPAL

DECIMUS CAPITAL MARKETS, LLC

Загрузка...