Six years ago, during that fateful summer of 2008 when everything began to unravel, we first raised issues of financial terrorism as a risk to the stock markets, our economy, and indeed our way of life. In hindsight, it should be obvious that an attack on our markets does indeed have the potential to attack the very heart of America. Our initial research, later confirmed in a formal Pentagon report, served as the basis for the 2012 bestseller, Secret Weapon; How Economic Terrorism Brought Down the U.S. Stock Market and Why It Could Happen Again. Overall, we documented a variety of vulnerabilities that could be exploited through hidden market activity, cyber-manipulations, and other subversive efforts. As with any new concept, there was a considerable amount of skepticism. Since then, however, virtually every concept we described has been documented or validated.
We've seen multiple instances of validation in just the past few weeks. For example, our warnings of a direct attack on the U.S. dollar (what we described as a Phase Three attack) is now underway led by Putin's Russia. This attack is accelerating with the goal of removing the dollar as the primary global reserve currency. This serious concern was virtually dismissed just a few years ago. Read the WikiLeaks headline as just one example where the threat was downplayed:
Even the Pentagon sponsored studies released two years ago to deny that the dollar could be harmed (despite direct Chinese threats to do just that):
Chinese military and Communist Party officials have threatened to "dump" some of China's holding of $1.17 trillion in U.S. Treasury securities to punish the United States and wage financial war in response to arms sales to Taiwan, according to a Pentagon report to Congress.
The July report plays down the prospect of what has been termed the financial "nuclear option" by Beijing against the United States. "Attempting to use U.S. Treasury securities as a coercive tool would have limited effect and likely would do more harm to China than to the United States," says the five-page report entitled, "Assessment of the National Security Risks Posed to the United States as a Result of the U.S. Federal Debt Owed to China as a Creditor of the U.S. Government." …
And my reply as quoted in the Bill Gertz story:
Mr. Freeman, the financial security specialist, took issue with the report. He said that former Treasury Secretary Henry Paulson revealed in a 2010 book that Russia dumped American bonds in 2008 and urged the Chinese to do the same. "The Chinese did not at that time but this does not mean they won't," Mr. Freeman said in an email.
He said the Pentagon report was "naive" and provided a "politically correct answer" that failed to address what he said were very real risks from Chinese financial warfare. A number of scenarios exist that would involve China's government taking coercive action to dump or threaten to sell off U.S. bonds, Mr. Freeman said. "If they perceive us as wounded, they might be willing to suffer in the short term to accomplish larger goals," he said. Also, the report's assertion that dumping U.S. securities would be inflicting harm on China "assumes a domestic economic stability [in China] that may not exist ," he said. "The situation is much more complex than that."
Obviously, in light of recent headlines, the "nuclear option" of attacking the dollar is much more plausible than the government has been willing to admit.
Another key area that we discussed in Secret Weapon had to do with hedge funds and the vulnerabilities they can create. The assumption has long been that because hedge funds are intelligent investors seeking to maximize profits that they were beneficial for markets and required little if any regulation. While that may or may not be true in a theoretical sense, once you apply real-world dynamics the concept becomes ludicrous. Hedge funds have been known to manipulate markets when given the chance. They have been caught breaking the rules. They can be impacted by rogue traders. And, as revealed last week, can be themselves subjected to cyber manipulation. Because hedge funds have not been subjected to the same intense regulatory scrutiny, their IT security is often less than other large financial services firms. Yet, they have an enormous ability to move markets, making them a target for hackers.
Just imagine the damage that could be caused by a hacker who successfully gains control of a multi-billion dollar hedge fund. Of course, as we pointed out in Secret Weapon, this same effect could be achieved with a rogue employee or the theft of algorithmic trading codes. We've seen both issues in recent years. Here are some comments from Secret Weapon (excerpted from pages 94-97):
"One instrument that works hand-in-glove with both dark pools and naked sponsored access is high-frequency trading based on computer algorithms. Traders use sophisticated computer programs to profit from any price differentials…Another serious problem is that computers can be hacked and manipulated…The point is this: a relatively simple act–such as an employee walking out the door with a computer flash drive–could potentially manipulate a major firm's trading programs even for the purposes of terroristic activity. Given the recent explosion in high-frequency trading, this must be considered another potential secret weapon. Manipulating algorithms is a high-tech form of economic warfare. Sending a spy to retrieve them is an ancient art…Rogue employees clearly can impact the entire market, whether as traders or outright thieves…There is a clear risk that a rogue employee with access to data or systems could crash the market."
Here are some recent headlines:
By Chris Strohm Jun 19, 2014 12:37 PM CT
Hackers disrupted high-speed trading at a large hedge fund and rerouted data that might be used to make money in rogue stock-market transactions, a security official with BAE Systems Plc (BA/)said.
The attack was going on for eight weeks and BAE was called in by the fund at the end of 2013, said Paul Henninger, global product director for BAE Systems Applied Intelligence. He said it had "all the signatures of an organized crime attack."
"This is the first time we've seen criminals actively go after a business system and effectively take over that system and create sabotage," Henninger said in a phone interview. "The assumption is that this was a for-profit attack."
While the initial report makes the assumption that the motive was profit, when you dig deeper into the story, the implications become more ominous:
Here's the story from Christian Science Monitor:
U.S. Representative Mike Rogers, a Michigan Republican and chairman of the House intelligence committee, said he is "very worried" about hackers stealing inside information that could be used to manipulate market trading.
"We have seen nation states on our trading networks and we haven't fully answered the question what were they going to do," Rogers said in an interview.
Here is a video from the same story reported on CNBC (http://video.cnbc.com/gallery/?video=3000286076): Clearly, this is a matter of national security and something our nation should have addressed years ago. Only now are most beginning to even recognize the seriousness of the risks involved. In addition to the threat of manipulated hedge funds, we've seen recent articles on dark pools and leveraged ETFs as well, both issues we raised in our 2009 report and Secret Weapon. We will cover those in a forthcoming Blog post.
US hedge funds have been under stealthy attacks from cyber-criminals intent on intercepting trading strategies in order to profit from front-running and other illicit maneuvers.Mark Clayton Christian Science Monitor
"It's pretty amazing," Paul Henninger, global product director at BAE Systems, told CNBC, which first reported the attack. "The level of business sophistication involved as opposed to technical sophistication involved was something we had not seen before."
The just-disclosed hedge fund attack started in late 2013 with hackers sending a "spear phishing" e-mail that, once opened, installed malware onto the hedge fund's servers, BAE Systems officials said. The spear phishing e-mails appeared related to developments in the capital markets industry.
But even if the BAE disclosure was unusual in its sophistication, it was actually just one of many cases, part of a wave of largely unseen cyber-attacks targeting hedge funds over the past two years, say cyber-security experts.
The point is this. We were at risk and a financial warfare attack nearly destroyed our system in 2008. We are even more vulnerable today. It's time that America wakes up to this looming threat and takes measures to address it.