- U.S. senator’s bombastic “hackusation”
- Media toadies and deep-state finger-pointing
- Following the money… to cybersecurity firms (HACK)
- Market weirdness abounds: “quadruple witching” day
- Frustratingly vague details about delisting Chinese stocks
- Men in Tights (exposed)
- “Did your email server get hacked or confiscated?”
“This is virtually a declaration of war by Russia on the United States and we should take that seriously,” Sen. Dick Durbin (D-Illinois) told CNN this week.
As you’ve probably heard by now, large swaths of the federal government’s computer systems have been hacked. And perhaps many Fortune 500 companies’, too.
So far, it appears to be a garden-variety hack — even if the techniques are more sophisticated and the scale is more massive. The aim is to steal information, not to disrupt the electric grid or anything like that.
In other words, the sort of thing the U.S. government does in other countries constantly. Heh…
Anyway, the Cybersecurity and Infrastructure Security Agency — a unit of Homeland Security — says “this threat poses a grave risk to the federal government and state, local, tribal and territorial governments as well as critical infrastructure entities and other private-sector organizations."
To be clear, there’s nothing in CISA’s statement laying blame on anyone. Indeed no one has publicly stepped forward to offer tangible evidence pointing a finger anywhere.
But anonymous deep-state actors have made it known to their favored lackeys in corporate media that they have a perp in mind.
“Russian government hackers,” says The Washington Post. “Working for the Kremlin,” parrots The New York Times.
Sorta reminds us of that goofy aliens guy…
And of course, those selective and evidence-free leaks have had the desired result — to wit, Sen. Durbin’s tirade. On the floor of the Senate yesterday, he called the hack a “virtual invasion.”
Which strikes us as a little rash when talking about the only other nuclear superpower on the planet — but unlike Durbin, we don’t have access to the feds’ Raven Rock bunker in Pennsylvania.
Can we step back for a moment and think about this rationally?
We were pioneers on the cybersecurity beat here at The 5 — following the breadcrumbs starting in early 2013, and making cyber recommendations in our paid publications a few months later.
The entire time, we cautioned about the perverse incentives many cybersecurity firms have: When a newsworthy hack attack occurs, these companies tend to blame foreign nation-states — usually those Washington doesn’t like. It’s in these firms’ interest to gin up outrage in the Beltway, the better to secure a steady stream of juicy government contracts.
But in reality, “attribution” of an attack is wicked hard to pin down. “Claims of attribution aren’t testable or repeatable because the hypothesis is never proven right or wrong,” wrote Inside Cyber Warfare author Jeffrey Carr in 2016.
“There’s no way to prove whether the assignment of attribution is true or false unless (1) there is a criminal conviction, (2) the hacker is caught in the act or (3) a government employee leaked the evidence.”
Vivid and relevant case in point: Remember how the Democrats’ purloined emails in 2016 were widely blamed on “the Russians”?
That was based on the research of the cybersecurity firm Crowdstrike (CRWD), which examined the Democratic National Committee’s servers. (Strangely, the FBI never bothered looking itself — leaving the job to Crowdstrike.)
But late in 2017, Crowdstrike president Shawn Henry testified behind closed doors to the House Intelligence Committee. Asked on what date Russia “exfiltrated” the DNC’s data, Henry replied, “There’s not evidence that they were actually exfiltrated. There’s circumstantial evidence… but no evidence that they were actually exfiltrated.”
Only under oath did the truth come out… and the truth didn’t become public until the testimony was released this past May, more than two years later.
Which comes back to something Jeffrey Carr said in 2016: Yes, the Russian alphabet turned up in some of the computer code linked to the DNC emails. But blaming the Russians makes as much sense as saying the perps in a bank robbery must be Japanese because the getaway car was a Toyota.
Besides, if Evil Genius Putin is behind this attack, how does that explain the election outcome?
Or so asks our favorite political reporter…
Really, it wouldn’t have taken much effort. Mr. Tracey reminds us the entire election came down to fewer than 43,000 total votes in Georgia, Arizona and Wisconsin. Trump victories in those three states would have resulted in a 269-269 tie in the Electoral College. Once the election was thrown to the House of Representatives, the procedures laid out in the Constitution would have resulted in a second Trump term.
Significantly, the cybersecurity firm that discovered the attack — FireEye Inc. (FEYE) — is not rushing to lay blame on this occasion.
Which is interesting because in years past we’ve pointed out how FireEye regularly blamed China, Russia, Iran and North Korea for various hacks.
Perhaps FireEye is being more circumspect this time because it tumbled to the hack while looking into a breach of its own systems.
The investing takeaway is that cybersecurity will be huge in 2021. The easy way to play it is the ETFMG Prime Cyber Security ETF (HACK). In 2020, HACK has outperformed the S&P 500 but underperformed the Nasdaq. (And FEYE, which tumbled nearly 14% in two days last week, does not rank among its top 10 holdings.)
It wouldn’t surprise us at all if HACK outperforms all the major U.S. indexes next year. And our editors will be on the lookout for specific names in the sector with the potential to make you a small fortune — or a big one.
To the markets today, where all three major indexes are pulling back from yesterday’s record closes.
The Nasdaq is holding up best as we check our screens, down only 16 points at 12,748. The Dow is taking the biggest hit, down about a half-percent at 30,150.
Beneath the surface of the major averages, the potential for weirdness abounds today. For one thing, it’s a “quadruple witching” day. That’s one of four days a year when four types of derivatives expire all at once — stock options, stock futures, index options and index futures.
For another thing, this is the last trading day before Tesla joins the S&P 500 Index, which means scads of index funds will aim to buy TSLA at today’s closing price. But seeing as TSLA will instantly become the sixth-biggest company in the index based on its market cap, there might be “additional, unpredictable” effects, to borrow The Wall Street Journal’s understated phraseology.
Turning to nondollar assets, precious metals are holding their own after another nice rally yesterday. The bid on gold is $1,882; silver, $25.82. And crude is a penny away from $49 a barrel — territory last seen just before the COVID-crash began in March.
Bitcoin, however, is pulling back from yesterday’s records, now $22,530.
Speaking of “additional, unpredictable” effects… we’re going to find out in 2021 what it really looks like when Chinese stocks are delisted from U.S. exchanges.
In September of last year, we told you how the Trump administration was mooting how to “limit U.S. investors’ portfolio flows into China.”
It was a trial balloon, skimpy on details. Delisting Chinese companies from U.S. exchanges was among the possibilities. And how would that work, we wondered?
Would you have to sell those shares (but only to foreign buyers) and document the transaction to the IRS? Is there any guarantee the market makers could find buyers?
Or would Washington just zero out that portion of your brokerage account? That would make for some really interesting Fifth Amendment takings-clause litigation.
Fifteen months later, we still don’t know… but that’s not stopping the White House from acting. Last month, the president issued an executive order barring U.S. investors from buying into 35 Chinese companies deemed by the Pentagon as tied to China’s military.
The order takes effect in stages next year, but there’s already a scramble by the keepers of major global stock indexes to make adjustments. Inevitably that will spill over into the ETFs based on those indexes, like the popular iShares MSCI Emerging Markets ETF (EEM).
The details are still maddeningly vague, however.
This morning’s Wall Street Journal tells us Secretary of State Mike Pompeo and Treasury Secretary Steve Mnuchin are at odds over whether subsidiaries and affiliates of the blacklisted companies should be included. Pompeo says yes, Mnuchin says no.
Pompeo getting his way “could spook markets and prompt large amounts of forced selling to scrub portfolios of problematic stocks,” the Journal says.
MSCI, one of the major index keepers, has so far interpreted the order as narrowly as possible. Thus, less than 1% of the MSCI China Index’s market cap is affected. FTSE Russell is doing much the same.
The disruption to markets has been limited — at least up until now.
We were onto this story from the beginning last year. We’ll stay ahead of the curve going into next year.
Hmmm… The feds have hit Robinhood harder than the rumor mill said they would.
As you might know, Robinhood is the brokerage app that’s crazy-popular with millennials. It became the biggest online brokerage this year as a consequence of the “time to spare, money to burn” phenomenon that emerged amid the pandemic.
Yesterday, Robinhood settled a complaint with the Securities and Exchange Commission for $65 million. At issue was Robinhood’s disclosures — or lack thereof — about how it makes its money.
Robinhood blazed trails with no-commission trading, which prompted a question in the rest of the industry: How did they make their money?
Per the SEC’s complaint, the company didn’t disclose that on its website until 2018.
The answer is something called “payment for order flow.” Robinhood sold the data about customers’ orders to high-frequency trading firms like Citadel Securities and Virtu Financial.
“Those firms in turn have what amounts to a free option on the Robinhood trader’s order,” writes Matt Taibbi at TK News. “They can execute the trade themselves, or they can offload it to an exchange, which in turn posts the order and compensates the market maker firm in the form of rebates, while earning money itself by charging fees for ‘data feed’ that include information about such retail orders.”
If you’re thinking “conflict of interest,” the SEC says you’re right. It’s not illegal, but it does require full disclosure.
In addition, the SEC faulted Robinhood for failure to disclose that many trades aren’t executed at the best available price, and indeed some customers got prices “that were inferior to other brokers’ prices,” says the agency. Heck, as recently as last year, Robinhood’s website claimed that order-execution quality was equal to or better than the competition.
The settlement is one of those neither-admit-nor-deny-any-guilt things. Robinhood will carry on with its addictive techniques honed by the founders’ social-media background — video confetti to celebrate each transaction, push notifications whenever a position moves up or down 5% or 10%.
And of course, the high-frequency traders will keep doing their thing — guaranteed to get them better execution prices than you or I.
But as we mentioned on Wednesday, our James Altucher is putting the finishing touches on a trading algorithm that will level the playing field come early next year. Watch this space!
“I haven’t received any emails from Agora since Monday,” a reader writes.
“No 5 Min., no Laissez Faire Today, no spam!? Nothing.
“Did your email server get hacked or confiscated?”
The 5: Not at all, and we have every expectation you’re reading this right now.
When a host of Google services went down for a while on Monday morning, they had a bunch of spillover effects even after service was restored.
Long story short, even after Gmail came back up, a lot of emails either got caught in spam traps… or in many cases didn’t recognize Gmail users’ email addresses as legit and bounced back to us.
Fixing that fell onto our people — not Google’s. But we’ve got some of the best in the business. They’ve been putting in extra hours all week. Most of the situation is back to normal, but they’re still conducting some final tests and they tell us we should be back to 100% by day’s end.
Yes, your paid publications were affected too. Best check the websites for those newsletters and trading services for any buys, sells and updates.
In the meantime, thanks for your patience and understanding.
Try to have a good weekend,
Dave Gonigam
The 5 Min. Forecast
P.S. Unrelated to the Gmail glitches, our customer service director has an important message that merits close and immediate attention. You can see it at this link.