Dozens of high-speed traders and others from Wall Street are helping the Pentagon study how hackers could unleash chaos in the U.S. financial system.
The Department of Defense’s research arm over the past year and a half has consulted executives at high-frequency trading firms and quantitative hedge funds, and people from exchanges and other financial companies, participants in the discussions said. Officials described the effort as an early-stage pilot project aimed at identifying market vulnerabilities.
The Defense Advanced Research Projects Agency, or Darpa, began the initiative before the revelations of attacks on Equifax Inc. and the Securities and Exchange Commission brought public scrutiny of risks to U.S. market infrastructure.
Jamil Nazarali, senior adviser to the chief executive officer of Citadel Securities, is among the experts who have advised the Defense Advanced Research Projects Agency. Mr. Nazarali, right, is shown during an SEC round table in Washington in 2012.Photo: Andrew Harrer/Bloomberg News
Participants described meetings as informal sessions in which attendees brainstorm about how hackers might try to bring down U.S. markets, then rank the ideas by feasibility.
Among the potential scenarios: Hackers could cripple a widely used payroll system; they could inject false information into stock-data feeds, sending trading algorithms out of whack; or they could flood the stock market with fake sell orders and trigger a market crash.
High-speed traders and quant-fund managers, who use sophisticated computer programs to buy and sell stocks, sometimes in fractions of a second, form the core of the group. Such traders tend to have deep expertise in the inner workings of financial markets and the automated systems that account for huge swaths of trading activity today.
Darpa officials confirmed the effort, which is unclassified but hasn’t been previously reported. The Wall Street Journal spoke with several traders who participated in the initiative, called the Financial Markets Vulnerabilities Project.
“We started thinking a couple years ago what it would be like if a malicious actor wanted to cause havoc on our financial markets,” said Wade Shen, who researched artificial intelligence at the Massachusetts Institute of Technology before joining Darpa as a program manager in 2014.
Darpa famously developed the technology behind the internet and stealth bombers. It recruits experts from academia and industry in a bid to keep its thinking fresh. The agency declined to release a list of its financial-industry advisers for the project.
The goal of Darpa’s project is to develop a simulation of U.S. markets that could be used to test scenarios, said Wade Shen, a Darpa program manager.Photo: DARPA
There have been three meetings for the project since last year, with another one expected later this year, an agency spokeswoman said. The last meeting took place in a conference room at New York University this spring over pizza, participants said.
High-frequency traders have been vilified by critics such as author Michael Lewis, who accused them in his book “Flash Boys” of exploiting slower-moving investors by “front-running” their orders, though these traders deny doing this and say it isn’t even possible.
Some of the biggest names in the high-speed trading business have advised Darpa. They include Jamil Nazarali, senior adviser to the chief executive officer of Citadel Securities, a trading giant responsible for around 20% of daily volume in U.S. stock markets. Misha Malyshev, CEO of trading firm Teza Technologies, has “advised Darpa on vulnerabilities within the U.S. financial markets,” Teza’s website said. Manoj Narang, CEO of quant hedge fund Mana Partners, said he had advised Darpa, too.
Among potential targets that participants have worried could appeal to hackers given their broad reach are credit-card companies, payment processors and payroll companies such as Automatic Data Processing , Inc., or ADP, which handles the paychecks for one in six U.S. workers, participants said.
An ADP spokesman said, “We work diligently to protect our clients’ data, which includes efforts to prevent, detect and respond to attempted cybersecurity incidents.”
- The Quants Run Wall Street Now
- ‘We’ve Been Breached’: Inside the Equifax Hack
- The Security Setting You Must Always Turn On
The Mana Partners CEO said he began taking part in the Darpa meetings as a skeptic, thinking the U.S. stock market was resilient and it was unlikely for attackers to cause anything more than temporary damage. But since then, he has gotten more worried.
One scenario he fears: a hack of a U.S. exchange in which the attacker sends a wave of fake sell orders to every firm offering to buy shares. That could potentially erase hundreds of billions of dollars of market value as prices drop and firms try to cover losses by selling on other exchanges, Mr. Narang said.
Project participants have also debated the impact of attackers transmitting false data via the electronic feeds that traders use to monitor stock prices, or publishing “fake news” to shake investor confidence.
The goal of Darpa’s project is to develop a simulation of U.S. markets, which could be used to test scenarios, Mr. Shen said.
Such software would need to model complex, interrelated markets—not just stocks but also markets such as futures—as well as the behavior of automated trading systems operating within them.
Many quantitative trading firms already do something similar, Mr. Narang said. His company won a small contract from Darpa this year to test whether its simulation tool could be used by the agency, according to Mr. Narang and a Darpa spokeswoman.
The project isn’t the first time the Pentagon has studied such risks.
In 2009, military experts took part in a two-day war game exploring a “global financial war” involving China and Russia, according to “Currency Wars: The Making of the Next Global Crisis,” a 2011 book by James Rickards. The Applied Physics Laboratory at Johns Hopkins University hosted the event, a spokesman there confirmed.
Such scenarios might seem far-fetched, but Mr. Shen said it is Darpa’s job to think about futuristic attacks that haven’t happened yet.
“Our charge at Darpa is to think far out,” he said. “It’s not ‘What is the attack today?’ but ‘What are the vectors of attack 20 years from now?’”
Write to Alexander Osipovich at firstname.lastname@example.org