Read on Twitter
The attackers stole an investors relations infographic (not, say, a draft 10-K filing), which is pretty cute conceptually.
But investor relations data is not necessarily straightforward to monetize (a thread): https://twitter.com/financialtimes/status/1352473607604211712
But investor relations data is not necessarily straightforward to monetize (a thread): https://twitter.com/financialtimes/status/1352473607604211712
At the most basic level, the attackers must understand whether the stolen investor relations data will move the stock price up or down.
They can use the company’s financial guidance, analysts’ earnings estimates, & other public commentary as a proxy for that...
They can use the company’s financial guidance, analysts’ earnings estimates, & other public commentary as a proxy for that...
But what if attackers steal an investor deck regarding to-be-announced M&A?
It’s not always obvious which way public markets will move in response to a deal. Sometimes companies themselves are surprised, despite the $$$ that pours into convincing investors it’s a stonkly move.
It’s not always obvious which way public markets will move in response to a deal. Sometimes companies themselves are surprised, despite the $$$ that pours into convincing investors it’s a stonkly move.
What if the infographic showed the company missing revenue targets but exceeding earnings per share (EPS) estimates?
Now they have to perform financial analysis to figure out how that will influence public market sentiment (including how algorithmic trading may interpret it).
Now they have to perform financial analysis to figure out how that will influence public market sentiment (including how algorithmic trading may interpret it).
Do the attackers just buy shares & hold? Do they buy short-dated out-of-the-money call options (ignoring @matt_levine’s advice)?
Depending on jurisdiction, they may need to be stealthy and develop a proper trading strategy to monetize the stolen info.
Depending on jurisdiction, they may need to be stealthy and develop a proper trading strategy to monetize the stolen info.
The thing is, even seasoned finance professionals often bungle the whole sneaky insider trading thing.
And if attackers are anything like the infosec people I know who think they’re capable of day trading, their trading will be baby elephant levels of loud and clumsy.
And if attackers are anything like the infosec people I know who think they’re capable of day trading, their trading will be baby elephant levels of loud and clumsy.
I like imagining a future dystopia where attackers steal secret investor relations info, trade on it, lose money, then file a class action lawsuit with the Global Office of Securities Health (GOSH) blaming the company for not managing investor expectations in the right direction.
Anyway, attack techniques & insider trading tactics both lie on a spectrum of “sophistication.”
The attacker has to be sufficiently advanced to steal investor relations data without getting caught before trading on it *and* successfully trade on it without getting caught. Oof!
The attacker has to be sufficiently advanced to steal investor relations data without getting caught before trading on it *and* successfully trade on it without getting caught. Oof!
tl;dr: tech peeps often imagine they can “hack” the stonk market with their “super clever” trading strategy (real traders are grateful for the easy prey).
Attackers can literally do it, but, if clever, will seek finance expertise — an advanced persistent trader, if you will.
Attackers can literally do it, but, if clever, will seek finance expertise — an advanced persistent trader, if you will.
