Mapping Treasure: Looking Beyond the Yield of Traditional Insider Trading
[graphic: Money by Kevin Dooley, via Flickr]
A fresh spin on insider trading also made news this week, when the SEC filed a lawsuit against two Capital One fraud investigators who made 1800 percent on their investment over three years, based on their use of a Capital One credit card user database.
The two investigators, Bonan Huang and Nan Huang, grew an investment of $147,300 to $2.8 million based on thousands of searches across a database comprised of credit card customer transactions. Noting the volume of use of credit cards at a particular fast food company, they bought and traded the company’s stock based on this data.
Over time they made similar stock trades based on transactional volume and other publicly available news about three different companies.
Had the database been one for sale by a company rather than their employer’s proprietary database, the Huangs would have been lauded as investment rock stars. But because the method they used “misappropriates confidential information for securities trading purposes, in breach of a duty owed to the source of the information,” the two men are being sued for insider trading.
The Huangs’ trading experience gives pause when one considers the value of metadata, and of the data breach at JP Morgan Chase this past year.
Metadata can offer a volume of transactional activity, though it will not disclose the value of a transaction. Imagine smartphones indicating they are being used at particular devices – point-of-sale devices – at any retailer, from fast food to hard lines. An uptick in overall activity at a specific retailer indicates greater volume of business, the data fresher than that reported in a 10-Q report filed publicly with the SEC. What could an investor do with this kind of data? One could imagine success not much different than the Huangs experienced, provided they also understood other publicly available information about the retailers under observation. →']);" class="more-link">Continue reading
Russia’s Sabre-Rattling: Not Just Bluster About Banks and Ukraine Unrest
Last Friday, CNBC interviewed Andrey Kostin, CEO of Russia’s second largest bank, following the EU’s decision to extend economic sanctions against Russia, ostensibly to punish Russia for hostilities against Ukraine. Kostin’s comments were combative.
“You know, we have quite a strong opinion on sanctions. Sanctions, in other words, is economic war against Russia. Economic war will definitely have and will have very negative implications on the Russian economy, but more than that it will have very negative implications on the political dialogue and on security in Europe. And who wants to live in a less secure world? I think nobody. I think it’s the wrong way to treat Russia like this. I think it will never to lead to any other consequences as to less stability and less secure Europe.” [sic]
“”You can’t treat any country like this. You know you can’t say, if you behave rightly, that’s a small [weep*] for you, if you behave wrongly, that’s a big [weep*] for you.’ That’s not a dialog, that’s a threat. … I think we should talk. I mean, politicians should talk, like business men. Business men do talk, and they are interested in working together. …”
In short, Russia feels the sanctions are warfare, and they want to deal. They’d really like the asymmetric attack on finance to stop short of terminating Russian banks’ access to SWIFT (the impact of which WaPo spells out).
But the banks’ discomfort with the sanctions and continued incursions against Ukraine aren’t the only signs of Russian belligerence. By year end, there had been forty events characterized as “close military encounters” during 2014, according to European Leadership Network, a non-partisan, nonprofit think tank. →']);" class="more-link">Continue reading
Superb Owl Types: Check in Here for NotAllFootBall
Yeah, me, too — I can’t do football tonight. Once the Detroit Lions and the Green Bay Packers were knocked out of the running, I didn’t have a horse in the race any longer and couldn’t muster the whatev to bother following the limp ball debacle.
Instead of watching the game, I’m going to knock something off my To-Be-Watched List this evening. At the top is television series Black Mirror, Season 1, produced by Channel 4 in the UK. It’s been a while since I watched some speculative/sci-fi television, and I’ve heard a LOT of great things about this series from people whose opinions I respect.
Season 1 is available via YouTube; Seasons 1 and 2 are available to stream now on Netflix.
If you’re not watching the Super Bowl, what are you doing this evening (or very early morning on the other side of the dateline)?
Expectations of Light Ahead
This painting by Swedish painter Carl Larsson, dated 1904, depicts a Christmas Eve gathering. Family members present are not giddy but quietly enjoying the prospect of the feast they will share, set out before them. Snow falls outside in the growing dark as candle and fire light fills the space within. The picture is illuminated as well by the serving girl’s soft smile – she and what she bears, created by human hands, are as important and warming as the light within the room.
Tonight in my household we are making Swedish cookies from a recipe left to us by a departed family member. We laugh over happy memories we shared with them, and now make new memories over this messy communion flavored with cinnamon, sugar, and too much butter. The fun and memories are as important as the cookies themselves; they create the foundation for decades of holidays yet to come.
I hope you are also someplace warm and happy tonight, enjoying pleasant memories and making more. Do something joyful, whether for yourself or others, even if you are alone. Embrace the expectation of increasing light in the days ahead.
And I wish Marcy and Mr. Wheel, Jim, bmaz, Ed, their families, and all the rest of the Emptywheel crew and community a very happy and peaceful Christmas.
Sony, Hacked: It’s Not One Massive Breach – It’s More Than 50 Breaches in 15 Years
Ever try to follow an evolving story in which the cascade of trouble grew so big and moved so fast it was like trying to stay ahead of a pyroclastic flow?
That’s what it’s like keeping up with emerging reports about the massive cyber attack on Sony. (Granted, it’s nothing like the torture report, but Hollywood has a way of making the story spin harder when it’s about them.)
The second most ridiculous part of the Sony hack story is the way in which the entertainment industry has studiously avoided criticizing those most responsible for data security.
In late November, when the hacker(s) self-identified as “Guardians of Peace” made threats across Sony Pictures’ computer network before releasing digital film content, members of the entertainment industry were quick to revile pirates they believed were intent on stealing and distributing digital film content.
When reports emerged implicating North Korea as the alleged source of the hack, the industry backpedaled away from their outrage over piracy, mumbling instead about hackers.
The industry’s insiders shifted gears once again it was revealed that Sony’s passwords were in a password-protected file, and the password to this file was ‘password.‘
At this juncture you’d think Sony’s employees and contractors – whose Social Security numbers, addresses, emails, and other sensitive information had been exposed – would demand a corporate-wide purge of IT department and Sony executives.
You’d think that anyone affiliated with Sony, whose past and future business dealings might also be exposed would similarly demand expulsion of the incompetents who couldn’t find OPSEC if it was tattooed on their asses. Or perhaps investors and analysts would descend upon the corporation with pitchforks and torches, demanding heads on pikes because of teh stoopid.
Nope.
Instead the industry has been tsk-tsking about the massive breach, all the while rummaging through the equivalent of Sony Pictures’ wide-open lingerie drawer, looking for industry intelligence. Reporting by entertainment industry news outlets has focused almost solely on the content of emails between executives.
But the first most ridiculous part of this massive assault on Sony is that Sony has been hacked more than 50 times in the last 15 years.
Yes. That’s More Than Fifty.
Inside Fifteen Years. →']);" class="more-link">Continue reading
Reagan? No, Regin — Yet Another [GCHQ] Intelligence Malware
Recently, computer security firm Symantec reported discovery of another intelligence-gathering malware, dubbing it “Regin.”
What’s particularly interesting about this malware is its targets:
- It infected computers in Afghanistan, Austria, Belgium, India, Iran, Ireland, Mexico, Pakistan, Russia, Saudia Arabia;
- At 48% of total infections, the largest group of targets were private individuals and small businesses.
Please do read Symantec’s blog post and its technical paper on Regin to understand how it works as well as its targets. Many news outlets either do not understand malware and cybersecurity, or they get facts wrong whenever major malware attacks are reported. Symantec’s revelation about Regin is no different in this respect.
Independent.ie offers a particularly exceptional example distorting Symantec’s report, claiming “Ireland is one of the countries worst hit globally by a dangerous new computer virus that spies on governments and companies, according to a leading technology firm.”
If by “worst hit,” they mean among the top four countries targeted by this malware? Sure. But only 9% of the infections affected Irish-based computers, versus 28% of infections aimed at Russian machines, and 24% affecting Saudi machines. The Independent.ie’s piece reads like clickbait hyperbole, or fearmongering, take your pick.
What wasn’t addressed by the Independent.ie and numerous other outlets, including those covering the tech sector are some fundamental questions:
- What assets or activities might the targeted countries have in common that would make them targets of a single intelligence operation organized by one or more nation-states?
- What are so many private individuals and small businesses targeted by this malware, in contrast to other malware-based intelligence-collection operations seen to date?
The Guardian came closest to examining these issues, having interviewed researchers at computer security firm F-Secure to ask the origins of the malware. As of 24-NOV-2014, the firm’s Mikko Hypponen speculated that the US, UK, and/or Israel were behind Regin’s development and deployment.
As of the video embedded above, Hypponen firmly says the UK’s intelligence entity GCHQ is behind Regin, in particular the malware’s invasion of a Belgian telecom network (see video at 07:20). Continue reading
Plane Meets Plow: The Curious End of Total S.A. CEO Christophe de Margerie
![[Photo tweeted by @Enel_Aire, post time stamped 2014-10-21 at 09:45 (time zone unknown)]](http://www.emptywheel.net/wp-content/uploads/2014/10/CdeMargerieTOTAL_crash_21OCT2014-1.jpg)
[Photo tweeted by @Enel_Aire, post time stamped 2014-10-21 at 09:45 (time zone unknown)]
Not as much as Moscow, mind you, but we get snow where I live in flyover country USA. Any time between mid-October and mid-April we can expect some frozen precipitation. A blizzard in October isn’t unheard of — we had one 17 years ago this week, in fact. I’ve lived with six months of snow per year for most of my life.
Which is why the photo here of the crash site looks sketchy to me.
Early reports indicated the plane carrying de Margerie hit or was hit by a snowplow driven by a drunken operator, in poor visibility. It’s not clear exactly which hit the other based on different accounts across the internet. A Russian reconstruction video furnished to Le Figaro shows the plane’s wing clipping a vehicle upon landing — but the video exerts more effort on the fire and smoke than it does on the initial impact. Note in this second video of the plane after the crash during daylight hours that the wing which hit the plow as characterized in the video is missing.
At least one article claimed debris was spread 200 meters by the plane after impact. Perhaps the wing was in that debris, but it’s not reflected in the Russian reconstruction video. A more recent report said the snowplow was parked on the runway.
Ultimately, what we see is a plane that flipped over — either tipped over by the force of a plow, or flipped over after impact.
And no snow. This particular photo is rather pixelated, but it doesn’t reflect reduced visibility due to snowfall. There’s no snow in the second video link above, though visibility has worsened. →']);" class="more-link">Continue reading
JPMorgan’s Form 8-K to Investors: We’ve Been Hack-Mapped!
JPMorgan’s Form 8-K filed on Thursday with the Securities and Exchange Commission advises:
On October 2, 2014, JPMorgan Chase & Co. (“JPMorgan Chase” or the “Firm”) updated information for its customers, on its Chase.com and JPMorganOnline websites and on the Chase and J.P. Morgan mobile applications, about the previously disclosed cyberattack against the Firm. The Firm disclosed that:
• User contact information – name, address, phone number and email address – and internal JPMorgan Chase information relating to such users have been compromised.
• The compromised data impacts approximately 76 million households and 7 million small businesses.
• However, there is no evidence that account information for such affected customers – account numbers, passwords, user IDs, dates of birth or Social Security numbers – was compromised during this attack.
• As of such date, the Firm continues not to have seen any unusual customer fraud related to this incident.
• JPMorgan Chase customers are not liable for unauthorized transactions on their account that they promptly alert the Firm to.
The Firm continues to vigilantly monitor the situation and is continuing to investigate the matter. In addition, the Firm is fully cooperating with government agencies in connection with their investigations.
According to ZDNet, a forensic security firm suggests the bank’s users’ accounts are now at greater risk of compromise and that password changes and two-factor authentication should be implemented to address the risk.
However, the 8-K’s wording indicates a different security risk altogether as the users’ passwords and Social Security numbers are not compromised.
The disclosure of information compromised combined with earlier reporting about the breach more closely matches a description of that collected by National Security Agency’s TREASURE MAP intelligence collection program. TREASURE MAP gathered information about networks including nodes, but not data created by users at the end nodes of the network. The application delineated the path to the ends. and physical ends, not merely virtual ends of the network. →']);" class="more-link">Continue reading
Treasure Map: It’s About Location, Not Gold
Der Spiegel and The Intercept published collaborative reporting this weekend on another Snowden document — this one referring to a National Security Agency program named TREASURE MAP.
The most chilling part of this reporting is a network engineer’s reaction (see here on video) when he realizes he is marked or targeted as a subject of observation. He’s assured it’s not personal, it’s about the work he does – but his reaction still telegraphs stress. An intelligence agency can get to him, has gotten to him; he’s touchable.
The truth is that almost any of us who follow national security, cyber warfare, or information technology are potential subjects depending on our work or play.
The metadata we generate is only part of the observation process; it provides information about our individual patterns of behavior, but may not actually disclose where we are.
TREASURE MAP goes further, by providing the layout of the network on which any of us are generating metadata. But there is some other component either within TREASURE MAP, or within a complementary tool, that provides the physical address of any networked electronic device.
The NSA has the ability to track individuals not only by Internet Protocol addresses (IP addresses), but by media access control addresses (MAC addresses), according a recent interview with Snowden by James Bamford in Wired. This little nugget was a throwaway; perhaps readers already assumed this capability has existed, or didn’t understand the implications:
…But Snowden’s disenchantment would only grow. It was bad enough when spies were getting bankers drunk to recruit them; now he was learning about targeted killings and mass surveillance, all piped into monitors at the NSA facilities around the world. Snowden would watch as military and CIA drones silently turned people into body parts. And he would also begin to appreciate the enormous scope of the NSA’s surveillance capabilities, an ability to map the movement of everyone in a city by monitoring their MAC address, a unique identifier emitted by every cell phone, computer, and other electronic device.
[emphasis added]
In simple terms, IP addresses are like phone numbers — they are assigned. They can be static; a printer on a business network, for example, may be assigned a static address to assure it is always available to accept print orders at a stationary location. IP addresses may also be dynamic; if there’s an ongoing change in users on a network, allowing them to use a temporary address works best. Think of visits to your local coffee shop where customers use WiFi as an example. When they leave the premise, their IP address will soon revert to the pool available on the WiFi router. →']);" class="more-link">Continue reading
Internet Cats, Weaponized: US Defense Contractor Consulted on Targeted Network Injection Surveillance for Commercial Sales Abroad
![[photo: liebeslakritze via Flickr]](http://www.emptywheel.net/wp-content/uploads/2013/06/SpyGrafitti_liebeslakritze-Flickr_300pxw.jpg)
[photo: liebeslakritze via Flickr]
But as Jeremy Scahill tweeted last evening, read this piece by WaPo’s Barton Gellman on malicious code insertion. This news explains recent changes by Google to YouTube once it had been disclosed to the company that exploits could be embedded in video content as CitizenLab.org explains:
“… the appliance exploits YouTube users by injecting malicious HTML-FLASH into the video stream. …”
“… the user (watching a cute cat video) is represented by the laptop, and YouTube is represented by the server farm full of digital cats. You can observe our attacker using a network injection appliance and subverting the beloved pastime of watching cute animal videos on YouTube. …”
The questions this piece shake loose are Legion, but as just as numerous are the holes. Why holes? Because the answers are ugly and complex enough that one might struggle with them. Gellman’s done the best he can with nebulous material.
An interesting datapoint in the first graf of the story is timing — fall 2009.
You’ll recall that Google revealed the existence of a cyber attack code named Operation Aurora in January 2010, which Google said began in mid-December 2009.
You may also recall news of a large batch of cyber attacks in July of 2009 on South Korean targets.
The U.S. military had already experienced a massive uptick in cyber attacks in 1H2009, more than double the rate of the entire previous year.
And neatly sandwiched between these waves and events is a visit by a defense contractor CloudShield Technologies engineer from California, to Munich, Germany with British-owned Gamma Group. →']);" class="more-link">Continue reading
Emptywheel Twitterverse
emptywheel
@submergingmkt Brookings pundits are picked not for their wisdom but for their justification for more defense funding.
bmaz
@WinstonTapper You are really cute, but shy won't you come to my birthday party?? Love, Kiki http://t.co/ogQIDhc06l
emptywheel
@firetomfriedman So many pundits, such a shortage of appropriate hate!
emptywheel
@onekade You mean you willfully signed up for old-school surveillance?
I bet you're getting Visa rebate too, where they'll track purchases
emptywheel
Shorter Michael O'Hanlon: RAZE Mt. Rushmore and build a pyramid to the Great General's honor!
emptywheel
Shorter Michael O'Hanlon: Oh let the Great General return to service!!! He will vanquish all terrorists by shrink wrapping them in steel!
emptywheel
Shorter Michael O'Hanlon: Statues to His Honor in mere gold would soil His Great Legacy.
JimWhiteGNV
@biasedreporter Yes. Can't let cats out any more due to owls. Snakes will get active now with warmer weather & saw a hawk near barn today.
emptywheel
Shorter Michael O'Hanlon: Bribing Sunnis to stop fighting for 6 months was the most noble thing a US public servant has ever done.
emptywheel
@RWFreeman Oh!?!?!?! You question the General's ability to shrink wrap tanks!?!?!
Heresy!!!!
emptywheel
Shorter Michael O'Hanlon: This country does David Petraeus an injustice unless it names 5 states and 2 territories after him.