GPS..Global Positioning System. The term has become part of our everyday lives. There are GPS devices everywhere – in your car, in airplanes, at the stock exchanges and even in your iPhone. But did you ever wonder how secure these GPS devices are? Can they be jammed or even worse counterfeited or “spoofed”? What could happen if a GPS device was spoofed?
Well, in an absolutely riveting testimony before a House Subcommittee on Homeland Security, Todd Humphreys of the University of Texas at Austin lets us know exactly what can go wrong with a civil GPS signal:
“The problem is that the same transparency and predictability that have made civil GPS signals so wildly popular all across the globe give rise to a dangerous vulnerability. Transparency and predictability make the civil GPS signals easy to imitate to counterfeit. The fact is that civil GPS signals are like Monopoly money: they have a detailed structure but no built-in protection against forgery.”
To prove his point, Todd and a group of researchers successfully commandeered a civil unmanned aerial vehicle (UAV) at the White Sands Missile Range with the use of a GPS spoofing device that they developed. They proved that civil GPS is “inherently insecure and shouldn’t be trusted blindly”.
Why are we at Themis Trading talking about the hacking of a GPS receiver on a UAV? Because GPS devices are also embedded in our financial system and a GPS spoofing scenario could cause a market disaster similar to the flash crash. Here is what Todd Humphreys said in his testimony before the House Subcommittee on Homeland Security:
“But there is one input port that the network firewalls leave entirely unprotected. An unassuming set of antennas on the roof of these data centers carry unsecured civil GPS signals directly into the core of the matching engine network. Slaved to a once-per-second synchronization pulse from a GPS- disciplined clock, the individual servers in the network apply time stamps to the trades they execute. A decade ago, a tenth of a second was an acceptable time stamp resolution. High frequency traders now demand nanoseconds.”
Now, thankfully, this is not news to the major stock exchanges. Todd talks about how he met with senior executives from some exchanges and feels that they have taken precautions against GPS spoofing. But there is a group of financial professionals that he feels have not taken any precautions against GPS spoofing and remain vulnerable to an attack:
“High frequency traders whose servers are co-located with the matching engines at major exchanges may be more vulnerable to GPS spoofing. In the NYSE and some other exchanges, these co-located customers are offered either a timing feed from the exchange’s system time or a direct feed from GPS antennas on the roof. Many co-located customers, distrustful of the exchange’s system time, opt for the direct GPS feed.”
“The high-frequency traders who own the servers do not like inexplicable market behavior, and unlike old-fashioned traders who are obligated to stay in the market no matter its behavior, high-frequency traders can pull the plug at any moment. In the aftermath of the May 6, 2010 flash crash, it was revealed that automatic data integrity checks in trading algorithms were configured to trigger on unusual latency in the exchanges data feeds. In other words, if transaction time stamps do not look right, algorithmic traders flee the marketplace.”
“A spoofing attack that aggressively manipulated the timing in a large number of co-located servers could therefore cause a partial market vacuum, what traders call a loss of liquidity, with the result being increased price volatility and damage to market confidence.”
We wonder if our regulators are aware of this potential vulnerability in our market structure. While we hear so much about the supposed benefits of high frequency trading (they tell us that they shrink spreads and add liquidity), we don’t often hear about the systemic risks that HFT has placed on our market. While HFT continues to extract its ultra short term rents from the market, it also continues to layer more and more risk on the market. You can bet that if a GPS spoofing event were to corrupt data, HFT’s would run for the exit doors quickly. And guess who would be left holding the bag again?
Source: Themis Trading
Category: Think Tank, Trading
Please use the comments to demonstrate your own ignorance, unfamiliarity with empirical data and lack of respect for scientific knowledge. Be sure to create straw men and argue against things I have neither said nor implied. If you could repeat previously discredited memes or steer the conversation into irrelevant, off topic discussions, it would be appreciated. Lastly, kindly forgo all civility in your discourse . . . you are, after all, anonymous.
Great, add another possible Black Swan Hair Trigger to the growing list of KNOWN possibilities.
Knight Capital and Nanex, move over. The GPS SNAFU’s are flying in –on final approach yet?
And then there are the UNKNOWN Black Swan Hair Triggers lurking, and finally the UNKNOWABLE possiblities!
[Dorothy: "Yes, Toto, there are hidden corners of our universe which are NOT KNOWABLE!"]
Recall this from Warren Buffett on hair triggers:
‘There are more people [like hedge-fund managers] that go to bed at night with a hair trigger than ever before, it’s an electronic herd, they can give vent to decisions that move billions and billions of dollars with the click of a key. We will have some exogenous event – we will have that. There will be some kind of stampede by that herd? ‘When you have far greater sums than ever before, in one asset class after another, that are held by people who operate on a hair-trigger mechanism, then they lend themselves to more explosive outcomes. People with very short time horizons, with huge sums of money – they can all try to head for the exits at the same time. The only way you can leave your seat in burning financial markets is to find someone else to take your seat, and that is not always easy …’
http://money.cnn.com/2005/05/01/news/fortune500/buffett_talks/
Diligently yours and building up to full functionality,
HAL
[2001: A Space Odyssey]
The upside is that extremely high trading volumes are neither an indicator of health for our exchanges nor our economies. Perhaps our markets have excess liquidity being driven by scalping operations. Investors do not benefit from this excess liquidity. In fact this excess trading volume siphons off wealth.
I read with amusement the article you posted today from Themis Trading. Of course there are market participants that use GPS at data centers. That this activity can/could/would/ induce a “flash crash” if someone where to spoof the signal is absurd. Let’s take a step back from fear mongering and ask the simple question of “why would someone use GPS clocks syncs?” The answer to this has nothing to do with live trading. The reason why firms do this is so they can synchronize the market data they collect across exchanges for research purposes. Computer clocks drift and exchanges are located in different data centers so if someone wanted to back test strategies they need to make sure the timing is accurate or else the simulation will be corrupted. Spoofing the GPS would be a pain to the user but it would corrupt research and not live trading not to mention be easy to detect.
AC
This all assumes that someone is going to use a high-spec GPS receiver as their own private Stratum-1 time source and not have a redundant time source, such as a GPS-disciplined oscillator, or a redundant time source.
The only excuses for being hacked by GPS spoofing are incompetence (abundant on Wall Street) and stupidity (also in great supply on Wall Street).