Shortcomings in traditional tools explain why XDR is generating a lot of buzz - it extends the capabilities of EDR beyond endpoints to an organization’s cloud workloads, application suites, and user personas...
October 4, 2022 |
Born in Israel in 1975, Malicious Life Podcast host Ran studied Electrical Engineering at the Technion Institute of Technology, and worked as an electronics engineer and programmer for several High Tech companies in Israel.
In 2007, created the popular Israeli podcast Making History. He is author of three books (all in Hebrew): Perpetuum Mobile: About the history of Perpetual Motion Machines; The Little University of Science: A book about all of Science (well, the important bits, anyway) in bite-sized chunks; Battle of Minds: About the history of computer malware.
Malicious Life by Cybereason exposes the human and financial powers operating under the surface that make cybercrime what it is today. Malicious Life explores the people and the stories behind the cybersecurity industry and its evolution. Host Ran Levi interviews hackers and industry experts, discussing the hacking culture of the 1970s and 80s, the subsequent rise of viruses in the 1990s and today’s advanced cyber threats.
Malicious Life theme music: ‘Circuits’ by TKMusic, licensed under Creative Commons License. Malicious Life podcast is sponsored and produced by Cybereason. Subscribe and listen on your favorite platform:All Posts by Malicious Life Podcast
At the turn of the 18th century Japan, lived a merchant’s son named Yomiji Sumiya. Yomiji — just 23 years old — was reputedly “the most dexterous person in the country.” And so when he told his father, Yozaemon, that he wanted to travel to Koriyama to examine the rice markets there…
“Yozaemon collected all the money he possessed, gave Yomiji 600 ryo of gold, and dispatched his son to Koriyama.”
Nate Nelson, reading from Kumagae Onna Amigasa, written in 1706.
“As soon as Yomiji arrived at the wholesaler in Koriyama, he started a money changing business.”
For context, rice wasn’t merely Japan’s most crucial good — it was a means of exchange. A currency. Some — including samurai — were paid with it. Brokers used it as the basis for financial instruments, like loans. Yomiji wasn’t so much entering the food industry, he was joining his era’s Wall Street.
And like Wall Street, there were already seasoned traders doing everything they could to make a profit when he got there. Yomiji was at an immediate disadvantage. But, dexterous as he was, he came up with a plan for how to beat the market.
“In order to get information about daily prices at the rice exchange, Yomiji hired a regular express messenger and another messenger. A minute after the rice exchange started the business of the day in Osaka, the [second] messenger wearing a red hat and red gloves ran like a flying bird and arrived at Kuragari Pass. He stood by a landmark pine tree and tried to regain his breath. If he raised his left hand by 1 degree, it meant the rice price increased by 1 bu of silver. If he raised his right hand by 1 degree, it meant the rice price decreased by 1 bu of silver. His role was to inform Yomiji of the increases and decreases of rice prices. Yomiji saw the person’s signals from the second floor of the wholesale store using a telescope which had a range of 10 miles, and bought or sold rice taking these price changes into consideration. After that, Yomiji dispatched the express messenger to Osaka to obtain the rice prices there. As Yomiji knew the rice prices earlier than anyone when the information was delivered to Kuragari Pass, there was not a single day that Yomiji did not make money.”
Any trading market, at any time in history, no matter where you are, the most important thing you can possess isn’t actually money, or influence, or anything like that. Knowledge — in particular, knowing something before everybody else — is far more valuable.
Imagine knowing what was going on with mortgage-backed securities, or Bernie Madoff, prior to 2008. Or realizing the true potential in Amazon and Apple, back in the 90s. Or what if you knew in 2010, what was going to happen to Bitcoin? If you’d have invested one dollar — literally, only one dollar — you’d have made around $400,000 off of it by now.
Our episode today is about the technologies that transmit market information, and the lengths at which traders are willing to go to get it before anyone else. In some cases, they’ll apply great ingenuity to the problem, like Yomiji did. In others, they’ll use manipulation — hacking into these technologies to gain an unfair advantage, and make a fortune along the way.
Stock markets are a nearly millennium-old phenomenon, dating back to local farm auctions and fairs in Europe. Gradually, businessmen realized the value in spreading their operational networks — obtaining pricing information from far distances which may, in the end, provide opportunity for profit. After all, why purchase local goods if you can obtain the same goods elsewhere at a lower price? Couriers were dispatched to gather such information, and the speed at which they traveled was, of course, of the utmost importance.
In the 1600s, Dutch traders took it a step further. They’d stand near the North Sea coast, using telescopes to watch for ships coming into port. They often knew the names of the ships, and what cargo they were carrying. The depth at which the ships were floating in the water gave them a vague idea of how heavy they were — ergo, how much of that cargo they were hauling in. According to supply and demand, lots of new supply triggers lower prices, and vice versa. These financial astronomers would then rush to place buy or sell orders hours before everyone else got word of the new shipments.
For centuries, then — long before there was a Tokyo Stock Exchange, or a New York Stock Exchange, or even a New York — traders have utilized whatever technology they had at their disposal to gain an information advantage over their competitors.
But that was the game. These traders were resourceful, clever, but lawful. Yomiji certainly did trick everyone — as the author of Kumagae Onna Amigasa noted…
“Other merchants had no idea about his scheme. They gave Yomiji the nickname “Forecasting Yomiji” and rice prices in Koriyama came to be greatly influenced by Yomiji’s transactions. “
…but it was ingenuity that earned him his fortune. Not cheating…
In 1834, two brothers came up with a plan for how to cheat the stock market, and obtain data at the expense of everybody else. They managed to pull it off by hacking into a bona fide long-distance communications network — using a strangely familiar method — which many people consider to be the first ever telecommunications hack.
Agamemnon — a tragedy written by the Greek playwright Aeschylus in the 5th century BCE — opens with news that the Greeks have finally taken Troy, after a decade-long siege.
Clytemnestra — wife of Agamemnon, who leads the Greek army — is joyous. From the city of Argos, across the Aegean Sea, she has received the good news the very evening of its occurrence. She proclaims her joy to the Chorus: in Greek plays, a group of fourth-wall actors who narrated the action, but could also interact with the characters.
The Chorus is suspicious. “Yet who so swift could speed the message here?” they ask. “Didst thou receive a call? A text via WhatsApp? A notification from thou’s iPhone?”
You don’t have to listen to Malicious Life to know that the ancients didn’t have 5G. So how did the great general’s wife receive news of a war ending a sea away, the very night it occurred? She explains:
“From Ida’s top Hephaestus, lord of fire,
Sent forth his sign; and on, and ever on,
Beacon to beacon sped the courier-flame. [. . .]
Flame after flame, along the course ordained,
And lo! the last to speed upon its way
Sights the end first, and glows unto the goal.
And Troy is ta’en, and by this sign my lord
Tells me the tale, and ye have learned my word.”
What she’s describing is a system of beacons, arranged within sight of one another at high points between Troy and Argos. What we’d call a “semaphore” system. When Troy fell, the watchman there lit a fire which the next watchman — miles away — saw, and copied, and so on and so forth. At the speed of light, such a system was only slowed down by the time it took for a soldier — probably bored out of his mind — to get up out of his seat and light a bonfire for the first time in ten years.
Fire is just fire, though. For more detailed communications, over a shorter-range, one might have used a network of flag-bearers. With different flags, waved or held in different patterns and motions, a messenger can pass along more detail, like alphabetically spelled-out words. Yomiji the rice trader used a similar system for numerical values. These systems also had the capacity to be bi-directional, unlike giant bonfires.
In 1810 came the heliograph — by merely directing sunlight off of a mirror at particular intervals, a precise operator could translate Morse code over vast distances. But the very best system humanity could come up with, even as late as 1834, was the semaphore telegraph. And the best semaphore telegraph system was in France.
The Chappe System
A kind of combination of all these prior iterations of the same technology, the “Chappe” system — named after its creator — consisted, yet again, of towers on hills around 10 kilometers or so apart. Atop these towers, however, was a rotating long arm: imagine the letter T, except that the top bar of the T can pivot around its axis. A shorter rotating arm was attached to each side of the main arm, like an abstraction of a person with a flag in each hand. The short arms could be arranged in one of eight positions each, and the long arm one of four, with some exceptions, leading to nearly 200 different possible combinations in all.
An operator or “stationaire” in each tower had a telescope, to watch for the signal — the exact combination of arm positions — that came before him. A second operator could replicate the signal for the next tower in line. A third operator would oversee their work, keeping watch for typos. One could only receive and transmit a few arrangements of the arms per minute, so Chappe’s company developed a codebook which combined the symbols two at a time, to create over 8,000 different coded words and phrases. Directors and inspectors were the only people with these codebooks — the operators themselves simply passed the signals along.
In all, the system of 556 stations spanned nearly 5,000 kilometers across France, from Dunkirk to Marseille, Bordeaux to Paris, Nantes, Strasbourg. Almost like a subway system, main lines ran down each half of the country, branching to reach cities off the path. Those symbols could transmit across the network at 500 kilometers or 300 miles an hour, meaning full messages could transmit between major cities in minutes.
The raison d’etre for Chappe’s network was, as with most cutting-edge technologies, military in nature. Its first ever use was to announce the victory of French troops over the Hapsburg Austrians at Quesnoy in 1794. Napoleon, most notably, used the system extensively to coordinate his empire and army. Though its inventor, Chappe, advocated for its use in commerce, finance and news, it was only used for military and government administrative purposes. Oh, and lottery numbers, for some reason.
Between the secrecy of the coding system, and the inspectors who oversaw messages passing through, the Chappe system was well-policed. Encrypted and actively monitored, you might say.
But you know what podcast you’re listening to. Basic security is no match for a clever and motivated adversary.
Brothers Francois and Joseph Blanc were bankers, and traders at the Bordeaux Stock Exchange. Their problem was just how significantly the market in Paris — France’s most important hub of financial activity — impacted the rest of the country. Like Yomiji, or those Dutch pseudo-astronomers, whoever in Bordeaux was first to act on news from Paris could make a healthy profit before the rest of the market had time to adjust. The 550 kilometer journey between cities could take days to complete, but worse: everybody got the news at the same time.
In 1834 they came up with a way to fix that, by performing what we’d today call a man-in-the-middle attack.
The Blanc Brothers
At the Chappe tower in Tours — a town along the Loire river, about 40 percent of the way from Paris to Bordeaux — the inspector receives a parcel. Inside the package is clothing. Opening a package, ruffling with its contents An odd place to be delivered clothing, perhaps, but whatever. The clothing is wrapped — in a white paper, or gray. The inspector knows what that means.
The tower 10 kilometers or so ahead of them forwards a message. One of the operators at Tours receives it. The inspector reviews it, interprets it according to his official codebook, removes any errors, and instructs his operator what to pass on. As is his job.
Minutes later, the Chappe tower in Bordeaux receives the message. The first part of it comes through, then a backspace. An error was made. It’s scratched from the official record and the message continues on, but not before a person waiting in Bordeaux catches a glimpse of the redacted error and takes note of it.
By paying off a key few people along the line — the man in Paris who sends the parcel, the inspector in Tours, and the man watching for the error code in Bordeaux — the Blanc brothers were able to inject their own code into the government’s communications system, without it showing up on the final record. That code — indicated by the color of the wrapping paper, and translated via the error positions — indicated whether the market in Paris was up or down, outpacing the public news by hours and even days.
(Perhaps you’re wondering why they couldn’t have simply bribed an inspector in Paris, rather than involved an extra person in Tours. Well, the Blanc brothers had thoroughly scoped out the network they were hacking. In Tours — as with other major hubs — there was an inspector whose job was to read, interpret and remove errors before passing the message onward towards Bordeaux. The Blancs’ malicious steganography would’ve been corrected too soon.)
For two years, the Blanc brothers made a fortune off of early access to market data from Paris. According to some accounts, it ended when one of the co-conspirators tried to find someone to take his place while he was away. The recruit didn’t comply, and informed the authorities. According to legend, though, the conspirator was simply riddled with guilt, and revealed all while laying on his deathbed.
The Blancs, and their co-conspirators, were arrested and put to trial. But upon reviewing the case, it became clear: they hadn’t broken any explicit laws. The government hadn’t thought to make such tampering with the Chappe system illegal. In 1837, the two brothers were acquitted. They not only walked away free, but they got to keep all the money, too.
In the quiet French countryside, the Count of Monte Cristo approaches a man gardening outside the highest tower in the region. “Did you come here, sir, to see the telegraph?” the gardener asks.
“Yes, if it isn’t contrary to the rules.”
“Oh, no,” said the gardener; “not in the least, since there is no danger that anyone can possibly understand what we are saying.”
“I have been told,” said the count, “that you do not always yourselves understand the signals you repeat.”
Indeed, only select people know how to decode the messages. The Count listens with false earnestly, before popping the question: “Well, suppose you were to alter a signal, and substitute another?”
The operator is reticent, but Monte Cristo bribes him with 25 years worth of wages. With great guilt, the man broadcasts Monte Cristo’s fake telegram, kicking off a series of events which will lead to one of Monte Cristo’s enemies losing one million francs.
Alexandre Dumas may have taken inspiration from the Blanc brothers, who hit the tabloids in his home country shortly before he began working on The Count of Monte Cristo. Of course, he did change one crucial detail in his story, probably because by the time he published — 1844 — the Chappe system was old news. It’d been the very same year the Blanc brothers were acquitted for their hack — 1837 — that two inventors filed a patent for the first ever telegraph.
The impact telegraphs had on stock markets was seismic. Previously, if you weren’t hacking a sensitive government semaphore network, you were using couriers — maybe, in some cases, telescopes — to get market data as fast as possible. That meant hours, if you were at any reasonable distance from the action, or days, if you were in another city. With the telegraph? Minutes, at most. It was the biggest time-saving technological jump in history, and it connoted a massive advantage in the market.
Soon, the advancements were coming faster but in smaller increments. The mid-19th century saw the advent of printing typewriters, capable of transmitting actual text, not just Morse code. In 1867, an engineer at AT&T developed a type of printing telegraph specifically designed for the stock market. Traders could subscribe for the chance to see price movements nearly as soon as they appeared on the stock ticker at the New York Stock Exchange (which was at that time a half-century old). The system wasn’t quite so modern as it sounds, though, as the stock tickers themselves took as much as 15 to 20 minutes to update. Actually, traders would often rely on young boys to act as couriers, because they were faster. Just like in the old days.
A century later, stock brokers would access market data from computers. The major suppliers — like Ultronics, Scantlin Electronics, and Teleregister — transmitted up-to-the-minute stock prices, bid/ask spreads and more to traders’ remote desktop terminals. The system ran over telephone lines, utilizing AT&T “DATA-phone” modems — high-speed but funny-looking machines, almost like if you smashed together a computer with a regular rotary phone.
It wasn’t so vastly unlike what we have today. Investors in 2022 use expensive, specialized software — from Reuters, or Bloomberg, probably, if you’re in America — which provide all the data and features one could possibly want. Information also travels through alternative channels — from news stories posted to CNN to press releases and earnings calls, any information that pertains to the future wellbeing of businesses will move the market.
That’s how it goes. In markets, nothing is more valuable than the speed of information. Nowaday, wealthy firms will camp their equipment as physically close as possible to the servers that update such information, piling on top of one another and paying millions of dollars for the privilege.
In the centuries since trading first became institutionalized, technology has been there to help enterprising and motivated traders get an edge. Over time, they’ve helped those speeds increase. At the same time, though, those technologies have become more and more vulnerable to attacks.
The Blancs needed to bribe at least three government officials if they wanted to hack into the Chappe system.
The Count of Monte Cristo needed to bribe just one man. Fictional as he may be, the story was realistic enough, as telegraph systems were far more common, and many were privately-owned, meaning they couldn’t be so easily policed as the centralized Chappe network.
Today, you don’t need to bribe anybody to break into computer networks.
And that’s going to be the subject of our next episode of Malicious Life: hacking the stock market today. Who’s doing it? How? I’ll give you a sneak preview:
Like the Blanc brothers, a lot of these people are getting away with it.