August 5, 2012

Could GPS Spoofing Cause Another Flash Crash?

The Big Picture:

"But there is one input port that the network firewalls leave entirely unprotected. An unassuming set of antennas on the roof of these data centers carry unsecured civil GPS signals directly into the core of the matching engine network."
A spoofing attack that aggressively manipulated the timing in a large number of co-located servers could therefore cause a partial market vacuum, what traders call a loss of liquidity, with the result being increased price volatility and damage to market confidence."

GPS spoofing usually involves the use of a device that mocks encoded, though not encrypted time signals broadcast by the Global Positioning Satellite constellation, confusing receivers into calculating incorrect positions.

In this case, though, the spoofing is in the manipulation of those broadcast signals for their time value alone, not how that value is used to calculate position.

High frequency trading (HFT) servers, co-located at major stock exchange data centers, use GPS broadcast signals for official trade time-stamping. Manipulated time codes can yield incorrect timestamps. That can create a trading advantage and loss of trader confidence in the system.

The major exchanges take steps to thwart GPS spoofing before the time codes reach their servers, but HFT admins often elect to directly connect their servers to rooftop antennas, effectively bypassing the exchange's precautionary measures.

Done just right, a GPS spoofing attack could manipulate high frequency trading and net someone a tidy pile of cash. Witness the messy and, in some cases, unprofitable Facebook IPO resulting from untimely trades and loss of trader and investor confidence. And that was unintentional.