Terry Zink's Cyber Security Blog

Discussing Internet security in (mostly) plain English

Are spammers just like high frequency traders? Or is it the other way around?

Are spammers just like high frequency traders? Or is it the other way around?

  • Comments 3

A couple of weeks ago, we had a problem wherein a spammer signed up for our service tens of thousands of times and started sending out low volume spam. He would send a small blast and then discard the account. He would then move on to the next one and would send out the same spam campaign. He did this over and over again. He was doing it so much he managed to create a backlog in legitimate trials.

The reason a spammer can do this is because of technology. He obviously was doing some work ahead of time to find out the forms that he had to fill in as well as break the Turing test. As soon as he found something that worked, he scripted it and proceeded to send spam, then continuously discard accounts and re-sign up. He didn’t need to be personally involved. He couldn’t; a human cannot sign up that many times in so short a period.

Aside: it’s not all bad, I guess. Being abused in this manner means that we are worthwhile abusing. It means we have name recognition.

Technology allows the spammer to scale out in order to accomplish things that would otherwise be impossible. By breaking down a massive task (sending out a huge spam campaign) into a series of smaller tasks (sending out small bursts many, many times from many, many accounts), he can evade detection but also keep his costs down. Human effort is only required up front to program the algorithm to (a) sign up, and (b) send out spam. After that, it’s auto-pilot.

Compare this to high frequency trading (HFT). HFT is when large institutions frequently buy and sell small chunks of stock in the financial markets hoping to make a small profit. They cannot just buy or sell large chunks because that moves the price too much. It either increases supply when buying (which drives up their purchasing cost) or increases demand (by driving up selling pressure and thereby lowering their profit). Thus, rather than selling 1 million shares in one transaction, they will sell 1000 shares 100 times.

It’s more than this, though. It’s not just about moving 1 million shares, it’s about trading hundreds of thousands or even millions of times per day. This is in order to capture small spreads.

In stock trading terms, the spread is the difference between the bid and the ask. When you buy stock, you purchase at the bid, and when you sell it, you sell at the ask. The difference between the two is the spread. This means that if you bought stock and immediately turned around and sold it, even if the price of the stock hadn’t moved, you would lose money.

For example, below is a quote of Microsoft stock. The current closing price is 27.36, but look at the bid and ask:

image

The spread between the bid and ask is 4 cents. But in the above, if you bought at the bid and sold at the ask, even if the price didn’t change (27.36), you’d still lose 4 cents per share. Lousy deal, eh? The market is currently closed, but because Microsoft is such a big company, the spread during the market hours is frequently 1 cent.

But that bid/ask spread is not the same everywhere. For you see, in computer networks there are inefficiencies. The Bid/Ask on the stock exchange in New York might be 27.35/27.39. However, because the market is geo-distributed, the exchange in San Francisco (if an exchange existed there) might be 27.41/27.43. You see, because the markets are always moving, the price is always changing. But because it takes time to replicate prices everywhere in the world, sometimes markets are out of sync. Eventually everything will sync up. But there is a period of time where these differentials exist.

image

This condition doesn’t exist very long. It may be a few minutes, or a few seconds, a few milliseconds, or a few microseconds. But during that period of time, there’s opportunity. From our example, suppose we have the following condition:

New York: Bid=27.35, Ask=27.39
San Francisco: Bid=27.41, Ask=27.43

If you buy at the Ask in New York (27.39) and sell at the bid in San Francisco (27.41), you can make two cents per share. This process is called arbitrage – looking for and exploiting inefficiencies in the market. Two cents per share doesn’t sound like much unless you do it hundreds of thousands of times per day. Then it starts to add up. This is HFT.

High Frequency Trading is more prolific today for two reasons (in my opinion):

  1. As a byproduct of protecting small investors.

    During the 1990’s, SEC Chairman Arthur Levitt pushed to have penny bid/ask spreads. Prior to that, stocks were always quoted in eighths of a unit – 27 1/8, 27 3/8, and so forth. However, this means that instead of getting shafted on pennies per stock (due to the spread), investors were getting shafted on at least 12.5 cents per share because the minimum bid/ask spread was always 1/8 of a dollar (12.5 cents).

    Levitt fought to lower that down to penny bid/ask spreads because those big spreads were so unfair to small investors (the difference was going to the market makers). However, because the spreads are now so small, big institutions trade more frequently than they normally would have had to because they are trying to multiply a much smaller number.

  2. As a byproduct of the improvement of technology.

    Technology has improved the speed at which we can do communications. Trading frequently works because institutions can use all the bandwidth to query multiple data sources simultaneously and make decisions quickly. If you weren’t sure that the quote you were getting on a 56k modem was going to be accurate, you might not be so inclined to trade that often for fear of making a purchase decision at one price but the execution of the order at another.

    In addition, people have gotten better at programming over time, and machines have gotten better at doing sophisticated numerical calculations in real time. These complicated algorithms look for inefficiencies and make trades automatically. The processing power to make these decisions, and the availability of programmers, makes high frequency trading accessible to most firms who have decent, but not outlandish, capital to invest.

     


HFT is a problem because it adds very little value to the market. People are not buying because of their perceptions of the value of the underlying security, whether it is stocks, bonds or commodities; instead, they are acting only to extract profit from underlying inefficiencies in the markets. It’s kind of like if the only reason you went into a restaurant was to enjoy the air conditioning, but you sat at a table and ordered nothing. You’re getting value, but to the restaurant, all you’re doing is taking up space.

This might not be so bad except that HFT has some serious drawbacks. For spammers, when they create botnet algorithms to sign up and spam, they each have their idiosyncrasies. Some target Hotmail, others target Yahoo, and others target Office 365. But they are all pretty similar and they each do more or less the same thing – sign up and spam. The main differences are in the up front work developing the algorithms to do the spamming.

HFT is the same. The algorithms are all fairly similar – they each look for certain patterns and if they see them, they buy. All the financial managers go to the same schools, and all the programmers study similar curriculums. They are all looking for the same patterns and they all act on the same patterns. This means that machines can all see patterns and drive up prices in tandem. It’s not because of perceived value but because of machines acting on heuristics.

The flip side is when machines start to sell, they all see the same thing and act in concert with each other. One firm sees the price drop and sells. Then another sees it drop and it, too, sells. And so forth. This causes a snowball effect. The effect is massive run ups and crashes in value (e.g., the 2000 Internet bubble, the 2008 oil run up, the housing run up, etc). This matters because when things crash, people’s retirement accounts and pensions lose huge value and they end up working longer than they wanted to because they no longer have enough money.

And this brings me back to the title of this post. Are spammers like High Frequency Traders?

  1. Both break down a big task (sending out a huge spam run vs. selling large blocks of stock) into a series of smaller tasks.

  2. Both use machines to automate the tasks without human interference.

  3. Both bring little value to the medium they are exploiting – spammers are borrowing the infrastructure of services they are abusing without using it for legitimate purposes (of sending out personal or wanted communication), and HFT’s use the financial markets to squeeze out micro-value (whereas markets are supposed to provide liquidity and act as a rational arbitrator of value of the underlying security).

  4. Both have been made possible through the drop in the costs of technology.

  5. Both need huge amounts of small transactions in order to make it profitable.

  6. Both need to stay small in order to survive. Spammers need small campaigns to stay under throttles and avoid detection, and HFTs need to stay small to avoid moving the market too much from their profit/loss price point.

  7. Both destabilize the mediums they are exploiting and ruin it for legitimate users. Spammers create backlogs and degrade the outbound IP reputation of the service. HFTs create bubbles and crashes.

  8. However, the one key difference is that spammers bring no value whatsoever to the landscape.

    You could make the case that HFT does bring some value in that it generates profits for the financial firms and the shareholders, as well as the people whose money they have invested. Employees at these companies pay taxes and are not using social safety nets. They provide for themselves and their families. Furthermore, bubbles and crashes are not necessary parts of HFT, you could argue that they could be regulated somehow and the people who program them should put in fail safes to prevent dumb-assery.

    In this regard, HFT is not like spamming.

So I guess the answer to my question is that spammers are not like high frequency traders. But they’re close.

Leave a Comment
  • Please add 6 and 1 and type the answer here:
  • Post
  • (Sorry, this may be a double post)

    Thanks for another superb blog post. I just don't quite get how you come to the answer in your final sentence. I think your post makes clear that spammers ARE like high frequency traders. They may not be "equal to" or even "exactly like" but they are certainly "like" HFTs!

    And if we are going to try and look for positive sides to things, how about this for spammers:

    Let's consider that, at heart, all spammers (V1agra ones anyway) are criminals. If all spammers are criminals, then if they aren't spamming, then they are going to be committing some other sort of crime. It may not be violent crime (robbery, etc.) but it also may be - therefore by letting them spam we are reducing the risk of violent crime!

    Much spam is also for small amounts, multiplied by lots of victims. If the spammers had to spend lots of time on each "incident", they would go for a much bigger payday. Joe Bloggs is a lot better off having $20 stolen than having his house swindled away from him.

    While spammers may not pay corporation or income tax, but they don't get away with not paying sales tax - everyone has to pay it. Good spammers earn a lot of money, and so provide lots of tax and employment for those in the community.

    Am I stretching it a bit?

  • I was using the comparison for "like" as "exactly" like HFTs, not merely "similar to."

    I think the idea that a spammer provides benefits to society because it diverts one source of bad behavior to another is stretching it.

  • High Frequency Trading has been causing havoc for years in the financial markets. People like Carl Weiss a High Frequency Trading expert have been trying to come up with ways to combat it.Thankfully now at least the HFT's and their bots can be tracked in real time by anyone.Have a look at the way the bots were in action a few weeks ago during the US Presidential election courtesy of Carl Weiss from sceeto http://www.sceeto.com http://youtu.be/N1ouo0aeO7o

    As you know High Frequency Trading and these type of algos as a matter of fact are responsible these days for more than 70 to 80% of all the daily US volume. hfts have been quote stuffing, i.e placing massive buy sell orders within milliseconds for a long time now. sceeto is one of the first small companies anywhere in the world that tracks the hft's in real time across various markets. Have a look for yourself ,Carl Weiss has done numerous videos on these algos. http://www.sceeto.com The chief software developer of sceeto he has for a decade tested to come up with software designed a system to sniff these out and try to at least again level the playing field a bit for the ordinary investor.

Page 1 of 1 (3 items)