Economic prosperity that once excited the constant admiration of the Western world changed to a depression, like the leaves of a tree that are blown away in a single night by the autumn wind. . . . What is more, such a defeat on the economic front precipitates a near collapse of the social and political order.
The Chinese are ahead of us: their doctrine of strategic financial warfare emerged in 1999 in response to the 1997 Asian financial shock. In comparison, U.S. thinking about financial warfare did not take recognizable shape until ten years later, in 2009, in response to an even bigger shock, the global financial panic of 2008. By 2012, both China and the United States had engaged in extensive efforts to develop strategic and tactical financial warfare doctrines. It was in this context that our group was summoned to brief Andy Marshall and his team on the emerging threat.
* * *
Financial warfare has both offensive and defensive aspects. Offense includes malicious attacks on an enemy’s financial markets designed to disrupt trading and destroy wealth. Defense involves early detection of an attack and rapid response, such as closing markets or interdicting enemy message traffic. Offense can consist of either first-strike disruption or second-strike retaliation. In game theory, offense and defense converge, since second-strike retaliation can be sufficiently destructive to deter first-strike attacks. This line of reasoning was the same doctrine Andy Marshall helped develop in nuclear-war-fighting scenarios during the Cold War in the early 1960s. The doctrine was called Mutual Assured Destruction (MAD). Now a new doctrine of Mutual Assured Financial Destruction was emerging. To Andy Marshall, financial weapons were new, but deterrence theory was not.
The distinction between offensive and defensive capabilities in financial warfare is not the only dichotomy. There is also a distinction between physical targets, such as exchange computers, and virtual targets, such as business relationships. Virtual targets involve business conduct based on trust. A seemingly honest entity can gain trust through patient, repetitive trading, then suddenly abuse that trust by flooding a trading system with malicious, manipulative orders.
Physical targets consist of a vast network of servers, switches, fiber-optic cable, and other message traffic channels, as well as the exchange premises themselves. It is not difficult for exchange engineers or enemies to see that disrupting one link in this electronic chain through sabotage or hacking can cause chaos and force a market closure, at least temporarily. More extensive attacks can shut down markets for weeks or even months, depending on the extent of the disruption.
The financial meltdown in 2008 was not an act of financial warfare, but it did demonstrate to U.S. officials the complexity and vulnerability of the global financial system. Approximately $60 trillion of wealth was destroyed from the peak in October 2007 to the trough in March 2009. If such a catastrophe could be caused by instruments as innocuous as mortgages, imagine how much more harm could be caused by malicious market manipulation orchestrated by experts who knew exactly how the system behaved.
Thanks to Marshall and others, there’s a growing awareness that a well-orchestrated cyberfinancial attack could be as disruptive as any traditional military assault.
■ The Enemy Hedge Fund Scenario
A hedge fund is the perfect cover for an intelligence operation. A malicious trader does not have to destroy a system physically in order to carry out an attack. If an enemy trader sets up a legal entity such as a hedge fund, it can open accounts with major clearing brokers and commence a pattern of ordinary trading. This trading can continue for years as the entity becomes a sleeper cell in the capital markets. In time, clearing brokers come to see the entity as a prime customer generating huge commissions, and they grant it larger lines of credit.
Hedge funds are also classic intelligence-gathering operations that seek information advantage on a continual basis. The tradecraft that intelligence agencies and hedge funds use to gather information is similar. Attending high-level professional conferences is one way to build an expert network and tap into confidential information about new products and inventions. Investing in a company gives the investor access to management. Both fund traders and intelligence agents seek such access. For hedge funds, the purpose is to acquire a trading advantage, such as an early look at a new product that will affect stock prices. For intelligence services, the purpose is to keep ahead of technological developments that will affect the relative economic power of rival states.
The hedge fund sleeper could build close relationships with many brokers around the world so that its buying power was hundreds of times its capital, once all credit lines and the notional value of derivatives were taken into account. On orders from an enemy financial command, the fund network could turn malicious. Orders to sell specific stocks such as Apple, Google, or other widely held names could come flooding in and overwhelm the market makers and buyers. A price decline could start out slowly and gather momentum until it turns into a full-fledged market panic. Circuit breakers could be tripped, but the selling pressure would not abate. Business TV channels would pick up the story, and the panic would spread.
For the enemy traders, there is no tomorrow. They are not worried about paying for their trades in a few days or in the repercussions of mark-to-market losses. Their capital might even be on its way back to banks in Beijing or Moscow, unbeknown to the clearing brokers now handling the orders. Capital markets have certain safeguards against overnight credit risk, but no effective safeguards have ever been devised to insure against losses that arise during the course of a single day. Chinese or Russian covert hedge funds could exploit this weakness while abusing trust and credit built up over years.
The malicious attack need not be confined to cash markets. While the attackers are selling stocks, they could buy put options or short the stock in a dealer swap to add selling pressure. The malicious customer becomes like a virus infecting the dealer’s trading desk, forcing it to add to the mayhem.
Another force multiplier is to begin the attack on a day when markets are already crashing for unrelated reasons. Attackers could wait for a day when major stock indexes are already down 2 percent, then launch the attack in an effort to push markets down 20 percent or more. This might produce a crash comparable to the great two-day crash of 1929, which marked the beginning of the Great Depression.
Financial attackers can also utilize psychological operations, psyops, to increase the attack’s effectiveness. This involves issuing false news stories and starting rumors. Stories that a Fed chairman has been kidnapped or that a prominent financier has suffered a heart attack would be effective. Stories that a top-tier bank has closed its doors or that a hedge fund manager has committed suicide would suffice. These would be followed by stories that major exchanges are having “technical difficulties” and sell orders are not being processed, leaving customers with massive losses. For verisimilitude, stories would be crafted to mimic events that have actually happened in recent years. Mainstream media would echo the stories, and the panic-inducing scenarios would be widespread.
The New York Stock Exchange and the SEC claim they have safeguards designed to prevent this kind of runaway trading. But those safeguards are designed to slow down rational traders who are trying to make money and may be temporarily irrational. They involve time-outs for the markets to allow traders to comprehend the situation and begin to see bargains they might buy. They also involve margin calls designed to cover mark-to-market losses and give the brokers a cushion against customers who default.
Those mitigation techniques do not stop the financial warrior, because he is not looking for bargains or profits. The attacker can use the time-out to pile on additional sell orders in a second wave of attacks. Also, these safety techniques rely heavily on actual performance by the affected parties. When a margin call is made, it applies the brakes to a legitimate trader due to the need to provide cash. But the malicious trader would ignore the margin call and continue trad
ing. For the malicious trader, there is no day of reckoning. The fact that the enemy might be discovered later is also no deterrent. The United States knew the Japanese bombed Pearl Harbor after the attack, but it didn’t see the attack coming until its battleships were sunk or in flames.
A clearing broker could close out the malicious account to prevent more trading, but that moves the open positions from the hedge funds to the brokers. In such circumstances, many brokers would fail, and the cascade of failure would ripple through the financial system and render the clearinghouses insolvent. The entire hierarchy of exchanges, clearinghouses, brokers, and customers could be pushed to the brink of collapse.
Sleeper hedge funds can serve another insidious purpose, acting as intelligence-gathering operations years in advance of an attack. Intelligence analysts today need more than state secrets. Economic intelligence—including plans for natural resource projects, energy discoveries, pipeline routes, and other initiatives—is just as valuable. This information can impact commodity markets, financial stability, economic growth, and the allocation of resources by both the private and the government sectors. Such intelligence is not always known to government officials, but is known to CEOs, engineers, and developers throughout the private sector.
Once a covert hedge fund acquires a material position in a target company, it can arrange to meet that company’s management. Access to management is especially easy at small to medium-size companies that receive less attention from brokerage research departments. Companies like this are often on the cutting edge of new designs in satellites, 3-D applications, and digital imaging. Access is the key. Savvy investors pick up winks and nods and interpret hints to infer the timing and nature of the latest developments. This can continue for years as the covert hedge fund patiently builds trust, churns the account, gathers information, and spots vulnerabilities. Then, like a scorpion, the fund stings, on orders from its sovereign masters.
Skeptics claim that an intelligence or military covert operation in hedge fund form would be easy to detect because of detailed anti-money-laundering and know-your-customer rules, strictly enforced by the brokers. This objection does not withstand scrutiny. The necessary techniques for operating with cover include front companies, so-called cutouts, secret agents, cover stories, and entities layered on top of each other so that the unwitting points of contact cannot see the controlling parties. A covert hedge fund structure involves layers of legal entities in tax-haven countries offering the enemy sponsor a deep cover. Professional assistance is needed from corrupt lawyers or bankers who retain innocent professionals to handle detailed work such as fund administration. Directors are recruited from the advisory companies in offshore jurisdictions that offer administration services to investors. Having innocent parties in the food chain throws counterintelligence agents off the scent.
The covert fund manager would operate in well-appointed quarters in a cosmopolitan center such as Zurich or London. The enemy managers would be highly educated professionals groomed years before by foreign intelligence agencies to perform such tasks, with business degrees from Harvard or Stanford. They would receive experience in large bank training programs at places like Goldman Sachs and HSBC, forming a cadre of sleeper finance professionals who are then given a covert assignment to manage the enemy funds.
Counterintelligence agents might happen upon such sleepers; the interception of targeted communications may reveal something of their doings. But if their operation is structured wisely by the enemy, such hedge fund plotters are almost undetectable by outsiders unless insiders betray them. Then there’s the bigger issue: Is the U.S. national security community on the lookout at all?
■ The World in Financial War
If all this sounds far-fetched, consider that the Chinese—and others—are already perpetrating even subtler forms of financial attack.
In January 2011 The New York Times reported that China had been a net seller of U.S. Treasury securities in 2010 after years of being a net buyer. The Times report found this selling strange because China was still accumulating huge dollar reserves from its trade surpluses and was still buying dollars to manipulate the value of its currency. The implication was that China must still be a large buyer of Treasuries, even though official data showed otherwise. The Times noted that in 2010 Britain had emerged as the world’s largest purchaser of Treasury securities, and it inferred that China had “shifted purchases to accounts managed by British money managers.” In effect, China was using London bankers as a front operation to continue buying U.S. Treasury notes while Beijing officially reported that it was selling.
Another technique China uses to disguise its market intelligence operations was reported on May 20, 2007, in The New York Times when Andrew Ross Sorkin disclosed that the China Investment Corporation (CIC), another sovereign wealth fund, had agreed to purchase $3 billion of stock in Blackstone Group, the powerful and secretive U.S.-based private equity firm.
Blackstone Group was cofounded by former Nixon administration senior official Peter G. Peterson, later chairman of both the Council on Foreign Relations and the Federal Reserve Bank of New York. The other Blackstone cofounder, Stephen A. Schwarzman, is a multibillionaire who became notorious for his sixtieth birthday party held at the New York Park Avenue Armory on February 13, 2007, just a few months before Blackstone’s sale. That party included a thirty-minute performance by Rod Stewart, for which the singer was reportedly paid $1 million. China was now buying its own front-row seat at the Blackstone party, gaining access to top management and the ability to coinvest in pending deals.
In June 2007, shortly before global capital markets began the collapse that culminated in the Panic of 2008, Schwarzman described his deal-making style: “I want war, not a series of skirmishes. . . . I always think about what will kill off the other bidder.” He was referring to conventional finance; real war was the furthest thing from his mind. Yet he was already a pawn in a financial war greater in scope than his blinkered perspective allowed him to see. Self-styled global citizens like Schwarzman, who treat New York as a pit stop in their travels from Davos to Dalian, may think real war is a thing of the past, even obsolete. Similar views were advanced in the late 1920s, even as events were moving toward the greatest war in history.
Analysts praised the fact that the CIC-Blackstone deal showed that China was willing “to put its vast reserves to work outside of China.” But this emphasis on the outbound money flow ignores the inbound flow of information. It is naïve not to consider that information on America’s most powerful deal machine’s inner workings is being channeled to the political bureaus of the Communist Party of China. The Chinese investment due diligence teams get a look at confidential deal target information, even on deals that do not ultimately get done. The $3 billion sale price may seem like a lot of money to Schwarzman, but it is only one-tenth of one percent of China’s reserves, the equivalent of dropping a dime when you have a hundred-dollar bill. China’s penetration of Schwarzman and Blackstone is a significant step in its advance toward East Asian hegemony and a possible confrontation with the United States. Of course, information channels are a two-way street, and firms such as Blackstone do assist the U.S. intelligence community with insights on Chinese capabilities and intentions.
The United States is not the only potential Chinese financial warfare target. In September 2012 a senior Chinese official, writing in the Communist China Daily, suggested mounting an attack on the Japanese bond market in retaliation for Japanese provocations involving disputed island territories in the East China Sea. On March 10, 2013, China hacked the Reserve Bank of Australia in an effort to obtain intelligence on delicate G20 discussions.
China’s actions in the bond and private equity markets are part of its long-term effort to operate in stealth, infiltrate critical nodes, and acquire valuable corporate information in the process. These financial efforts are proceeding side by side with malicious efforts in cybers
pace and attacks on systems that control critical infrastructure, launched by China’s notorious military espionage Unit 61398. These combined efforts will prove useful to China in future confrontations with the United States.
* * *
The United States is not supine when it comes to cyberwarfare; in fact, U.S. cybercapabilities probably exceed those of the Chinese. Journalist Matthew Aid reported in 2013 on the most sensitive U.S. cyberoperation of all, inside the National Security Agency:
A highly secretive unit of the National Security Agency (NSA) . . . called the Office of Tailored Access Operations, or TAO, has successfully penetrated Chinese computer and telecommunications systems for almost 15 years, generating some of the best and most reliable intelligence information about what is going on inside the People’s Republic of China. . . .
TAO . . . requires a special security clearance to gain access to the unit’s work spaces inside the NSA operations complex. The door leading to its ultramodern operations center is protected by armed guards, an imposing steel door that can only be entered by entering the correct six-digit code into a keypad, and a retinal scanner to ensure that only those individuals specially cleared for access get through the door. . . .
TAO’s mission is simple. It collects intelligence information on foreign targets by surreptitiously hacking into their computers and telecommunications systems, cracking passwords, compromising the computer security systems protecting the targeted computer, stealing the data stored on computer hard drives, and then copying all the messages and data traffic passing within the targeted email and text-messaging systems.
The Death of Money Page 6