Re: Pricing intrusions

[ryan25 () wenet net (Ryan M. Ferris)]

ummm...Intrusion Detection Systems probably have a much better chance at
catching their man than the SEC.  Our global casino economy moves about 1
trillion US dollars per day by some counts.  (see "F.I.A.S.C.O. : The Inside
Story of a Wall Street Trader by Frank Partnoy"  for an execellent expose
from the inside on what it is like to work in derivatives trading.)

I know enough about this to be dangerously opinionated as I did Investment
Bank (trading floor support) for many IBs.  Essentially, I was a consultant
who worked on the NT 4.0 migration.

Your discussion on the dollar cost of intrusions are interesting, but really
underestimate the value of knowledge.  These institutions rationalize, plot
and control the entire world's economy on the basis of their (sometimes
crude and naive) understanding of global markets and technology.  A single
model (i.e. excel spreedsheet) can be responsible for billions of dollars of
transactions in the fast-paced world of derivative and option trading. Often
times, a company "buys" a cross town trader or "derivatives geek" for an
unbelievable salary (say a base 500K to 1M plus commissions) just to have
his information, client lists, models, and modeling ability.

Without being a statistician and simply using the general knowledge of the
outrageous amounts of money moved and traded every day on the world's stock
and money markets,  I would say it would not be an outrageous guess to
assume several 100 billion dollar loss figure in information theft.  I would
guess the majority of that theft is currently electronic, undiscovered and
furthermore,  when such theft is discovered it is never discussed.

(It would simply have to go through to many career ruining admissions to
become open- first IT, HR, Management, then the business unit...There would
be too many careers at stake for such an admissions to ever see the light of
day....)

Ryan M. Ferris
ryan25 () wenet net
----- Original Message -----
From: Marcus J. Ranum <mjr () nfr net>
To: Fernando Trias <fernando () pedestalsoftware com>; <ids () uow edu au>
Sent: Wednesday, October 13, 1999 8:43 PM
Subject: Re: IDS: Pricing intrusions

> FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
> IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
> HELP: Having problems... email questions to ids-owner () uow edu au
> NOTE: Remove this section from reply msgs otherwise the msg will bounce.
> SPAM: DO NOT send unsolicted mail to this list.
> --------------------------------------------------------------------------
-
> ---
> > But the stock trading approach is risky too. The NY Stock Exchange claims
> > that they monitor every single brokerage account for suspicious activity.
> > If you make money most of the time just before earning are announced for
a
> > handful of companies, they'll pick it up and cart you off to prison.
>
> If you think about it for a second, you'll realize that doing such
> a thing is a problem of the same magnitude as doing statistical
> intrusion detection.
>
> mjr.
> --
> Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
> work - http://www.nfr.net
> home - http://www.clark.net/pub/mjr