The short-version is that they re-used a parameter from an old feature and one of the production machines was not updated so the re-used parameter re-activated the old feature instead of the new one. Furthermore, A refactoring of the code had left the old feature on the wrong side of the share accounting code so the system was not keeping track of the orders it was putting out.
This is not correct. Read the SEC report on the incident if you have time, it is pretty in depth: http://www.sec.gov/litigation/admin/2013/34-70694.pdf
The short-version is that they re-used a parameter from an old feature and one of the production machines was not updated so the re-used parameter re-activated the old feature instead of the new one. Furthermore, A refactoring of the code had left the old feature on the wrong side of the share accounting code so the system was not keeping track of the orders it was putting out.