[Cryptography] from CNBC: "Cybersecurity firm says large hedge fund attacked"
Jerry Leichter
leichter at lrw.com
Thu Jun 19 17:04:01 EDT 2014
On Jun 19, 2014, at 3:47 PM, John Ioannidis <ji at tla.org> wrote:
> My reaction to this article was "nice story, bro, but I don't believe it". It reads like a parable, or a cautionary tale. Anyone could have made it up.
> Especially since the "good guys" in the story (BAE) stand a lot to gain by attracting customers this way.
The main thing that makes no sense to me is that, according to the story, the attackers "installed a malicious computer program on the servers of a large hedge fund, crippling its high-speed trading strategy and sending information about its trades to unknown offsite computers".
Either of these two attacks makes financial sense: You can badly screw up their strategy and make money as a counter-party; or you can watch what they do and make money running some combination of parallel or adverse strategy. The second is more subtle, difficult, and takes longer, but the chance of it being detected is extremely small if you're careful. The former may get you big money quickly, but it's certain to be noticed.
Depending on you goals and capabilities, either approach would make sense, but it's hard to come up with a reason to do both simultaneously: The second is unlikely to increase the gains much over what the first gives you before the first gives the whole game away.
-- Jerry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140619/25a7c5ab/attachment.bin>
More information about the cryptography
mailing list