.

First let’s talk about the United Airlines-Google News fiasco. Then I’ll get to the London Stock Exchange’s use of Windows.

Death of a prominent CEO for instance? Or a filing for bankruptcy? Why not program your computers to search the news for key phrases like “<Company_Name> files for bankruptcy?”. If it is too hard to build a crawler yourself just create a Google Alert on “Company_Name” and parse each alert for “files for bankruptcy”.

Computers are wonderful things. Do you want to make a lot of money in the stock market? Well, you know that stock prices move up or down when companies report their earnings. If you have a theory about which way those stocks move you can program a computer to automagically buy or sell stocks based on your theory. But wait, everyone else does that too. By the time you enter the data the market has already moved. So? Just program your computer to read the news. Within seconds of a company posting its reports you can jump in with your stock trades. Cool. What about surprise events that move stock prices?

This week we learned that quite a few of these programs actually exist. In a convoluted sequence of events United Airlines’ stock was pummeled by just such a program. Here is the latest theory:

1. Because of hurricane Ike passing nea Florida a lot of searches on "United Airlines" Saturday night resulted in a story at the Sun-Sentinel getting enough hits to pop it up to the “most read” section of their website.

2. Google’s crawler, which pings the Sun-Sentinel every 19 minutes saw the story, classified it as new and sent it out to anyone with a Google Alert set up for United Airlines. The story was titled “United Airlines files for bankruptcy”.

3. The story spread across Wall Street and triggered automatic trading programs.

4. UAL’s stock plummeted to 3 from 12 before trading in the stock was halted.

Wall Street Journal as much as a quarter of all stock trades are initiated by such “algorithmic trading mechanisms”.

According to the

Thirugnanam Ramanathan is one such scammer sentenced to two years prison just this week.

This incident has highlighted a major vulnerability that I predict will be exploited almost immediately by stock scam artists. Pump and dump schemes are common amongst these guys. If they can force a stock up or down they know how to profit from it. One technique you have seen many times is to simply spam the world about a stock to drive its price up. Another technique is to break into brokerage accounts, liquidate holdings, and purchase a penny stock. The increased activity drives the stock up and the scammer/hacker sells at the new high.

According to the Department of Justice, at least 60 customers and nine brokerage firms have been identified as victims with losses of approximately $300,000. Online brokerage firms affected included TD Ameritrade, ETrade Financial, Firstrade Securities, ChoiceTrade, OptionsXpress, TradeKing and Terra Nova Financial.

If you have used Google Alerts you have probably seen Google get confused by dates many times. I follow such things as “haephrati” and of course “Stiennon”. One common glitch I have seen is Google will re-send an alert on the anniversary of the original news story.

Stiennon on Security blog for instance. A headline reading “United Airlines files for bankruptcy” would be picked up and posted to Google news. (Go ahead, do a Google News search on that phrase: voila! You see this blog don’t you?) Then, anyone with an alert on United Airlines would see it and their automatic trading programs would Sell, Sell, Sell!

Assume the hacker can hijack a blog or news site that Google reads. The

A scammer could have previously sold the stock short or even set up a buy order at some low price and then sell the stock when it bounced back up after the mistake was revealed.

The stock markets have been woven together with the Web. This is a dangerous situation. Anytime you use algorithmic mechanisms you are asking for trouble as soon as the unexpected occurs. This is an application vulnerability of the highest order and risk. While Google should tighten up their own algorithms just to avoid the bad publicity and possible liability it is paramount that stock traders build in protections against this vulnerability.

--------------------------------------------------------------------

I have to chime in on this Monday’s failure at the London Stock Exchange. Over the weekend the US Federal government took the extraordinary step of nationalizing the two huge institutions that back most home mortgages. Monday was going to be a big day in the stock markets; too bad that the computer system used by the London Stock Exchange experienced a Blue Screen of Death (BSoD). That’s right, one of the biggest stock exchanges in the world uses Microsoft Windows to transact billions of pounds of trades every work day.

I am adding to my list of Top Ten Stupid Uses for Windows. This one goes to the top. I thought every major financial institution in the world used Sun, Tandem, IBM, running some flavor of Unix to handle critical transactions. Ever the optimist, I am wrong once again about the overall intelligence of the world.

The LSE has made its technology a major selling point in its marketing campaigns. From their website:

TradElect™ is the Exchange’s new trading system. It brings unprecedented levels of performance, enhanced functionality and new services to our markets whilst maintaining our exemplary record for reliability.

They may have to change that “exemplary record” part.

one source: TradElect was developed by Accenture in India:

From

Tradelect will run on the same "Extranex" privately managed IP network as Infolect and will rely on high-speed middleware developed in-house, which was created using Microsoft's C# programming language and the .net Framework. The system will run on Hewlett-Packard servers powered by 2.2GHz dual-core AMD Opteron processors.

You mean PCs? There is considerable anger in London over this outage. I hope the LSE is forth coming with a detailed analysis of the root cause so that others can learn from this situation.