The possibility of cyber–financial warfare is not merely the product of the worried imaginations of American security officials. It comes from our enemies. Al Qaeda has called on its minions to wage “electronic jihad” against us and has suggested that America’s cybersecurity is just as weak as its physical security was prior to September 11, 2001. “This is the clearest evidence we’ve seen that al Qaeda and other terrorist groups want to attack the cyber systems of our critical infrastructure,” said a stunned Senator Joseph Lieberman in response to al Qaeda’s statement. “Congress needs to act now to protect the American public from a possible devastating attack on our electric grid, water delivery systems, or financial networks.”25
Were a cyberattack to occur, we probably wouldn’t be able to do anything about it until after it ended. For example, on May 6, 2013, the media announced the possibility of a cyberattack titled “OpUSA.” The Department of Homeland Security even released a statement explaining, “The attacks will likely result in limited disruptions and mostly consistent of nuisance-level attacks against publicly accessible web pages and possibly data exploitation.” But as the Weekly Standard reported,
the OpUSA threat was made on the Web weeks ago. The threat statement online listed 140 banks as targets and rambled on about U.S. war crimes in Iraq, Afghanistan, and Pakistan. The government said that the attack would come from “Anonymous-linked hactivists in the Middle East and North Africa.”
This government action should strike one as comical. What kind of cyber defense is the announcement that there is going to be an attack that no one can keep from happening?26
How will an attack affect you? It could affect you directly—your money could disappear from the bank. In December 2012 the U.S. financial services industry warned that Russian cybercriminals were planning to hack into and rob American banks; at the same time, the computer security firm McAfee said that a cybercriminal calling himself “Thief-in-Law” had broken into thousands of computers across the country in an operation called “Project Blitzkrieg.” According to the McAfee report, “McAfee Labs believes that Project Blitzkrieg is a credible threat to the financial industry and appears to be moving forward as planned.” In September 2012, Thief-in-Law claimed to have already stolen some $5 million.27
Beyond a direct hit on the markets, cyberattacks could destroy media, utilities, and other infrastructure, unleashing general chaos. Imagine if all ATMs stopped working and people could not get into their bank accounts. Or if the lights and television stopped. How about the traffic-dispatching network? Or just basic internet access? We are now a technology-dependent society that requires these conveniences just to survive. How could we possibly service our massive debt if any or all of these cyberareas were attacked?
Mutually assured destruction doesn’t work as a deterrent unless we can be completely certain about the source of the attack. The risk, therefore, is even higher than during the Cold War. In March 2012 the White House invited senators to a classified simulation of the effects of a hacking attack directed toward the electricity in New York City. As David Sanger of the New York Times reported, “The city was plunged into darkness; no one could find the problem, much less fix it. Chaos, and deaths, followed. . . . The real lesson of the simulation was never discussed: Cyberoffense has outpaced the search for a deterrent, something roughly equivalent to the cold-war-era concept of mutually assured destruction. There was something simple to that concept: If you take out New York, I take out Moscow. But there is nothing so simple about cyberattacks. Usually it is unclear where they come from. That makes deterrence extraordinarily difficult.”28
So what can we do?
Depending on what happens—what gets hit and how—you will need a strategy. If ATMs cease to operate, it will be good to have a certain amount of cash on hand. Yet, if the dollar were to collapse in value, even wheelbarrows full of paper dollars would be useless. That is why we will repeatedly stress diversification. And you should keep paper copies of your most recent statements showing what you own and where to access it.
Depending on how long the cyberattack lasts and the damage it inflicts, there may be a place for precious metals in addition to cash. Most of the money supply is electronic, so in a massive network outage, people would have to resort to paper money, which would become scarce. A devastating network attack would cripple the stock markets. Since most stock certificates are held electronically, it would be virtually impossible to buy or sell. The result would be mass chaos.
Other items of value, including food, water, fuel, and ammunition—anything you can use or barter—will be valuable in the case of a prolonged network outage. It is reasonable to keep at least a small supply of these items. Be sure to rotate your stock.
Flash Crash
A flash crash would initially look similar to a network attack, but it would focus more specifically on crashing the market, as opposed to an attack designed to take down an entire system. This version of attack is designed to cause the markets to purposely implode. On May 6, 2010, the Dow Jones Industrial Average dropped and then regained six hundred points in minutes. The causes of the crash are still unknown, although experts attributed the crash to high-frequency trading—as we’ve explained, high-frequency traders dump stock to avoid losses and to even out market transactions.29
In 2006, less than 10 percent of stock market trading was conducted by high-frequency computers. By 2010, high-frequency trading constituted over 60 percent of all U.S. equity volume. From 2008 to 2011, two-thirds of all stock trades made in the United States were made by high-frequency trading firms.30
That’s not the end of HFT influence. It’s not so much the trading as the quoting. For every actual trade, there are hundreds if not thousands of quotes designed to overwhelm the system and create opportunities for profitable trades.31 About 95 percent of all high-frequency trades are later canceled. And as David Zeiler, associate editor of Money Morning, writes, “The threat of another flash crash caused by high-frequency trading is as great as ever. And the next flash crash could be much worse than the one that shocked investors in May 2010.” Current Securities and Exchange Commission rules will do little or nothing to stop a flash crash. “You can’t stop a flash crash unless you stop the computers from doing what they’re programmed to do,” said Money Morning’s “Capital Waves” strategist Shah Gilani. “And that’s not being addressed. The SEC is looking at keeping the ship from sinking, not stopping it from hitting icebergs.” Professor James Angel of Georgetown University said of smaller flash crashes, “It’s like seeing cracks in a dam. One day, I don’t know when, there will be another earthquake.”32
Dave Lauer, a previous high-frequency trader turned whistleblower, explains that the only solution for many investors is to wait out the market, since day-to-day problems are bound to occur and are almost impossible to police.
It’s hard to have any confidence and I understand it having seen it from the other side. One of the main problems is . . . the police aren’t on the beat, the regulators aren’t able to keep up technologically. I’ve spent a lot of time talking to regulators and Congress about what I think needs to be done for them to, not compete with high frequency and their technology skills, but at least be there and be able to monitor what’s going on. And I know they don’t have those capabilities and, until they do . . . until they have the ability to monitor and enforce existing regulation and stop relying on individual exchanges to do surveillance and, again, nothing happens on a single exchange basis from the perspective of a high frequency trader—it’s 13 exchanges and many dark pools, and that’s how they see the world and that’s how regulators need to see the world as well.33
There are other techniques for manipulating the market using hacking, including “spoofing” and “layering,” in which orders are placed and then canceled, moving the market up and down based on false demand. In September 2012 a major New York brokerage and its top executives agreed to pay a $5.9 million fine for such manipulation in a settlement with
the Securities and Exchange Commission. The SEC had accused the brokerage of orders that “intended to deceive and did deceive certain algorithms into buying (or selling) stocks.” Brokerages are now being set up to trade largely overseas—most are located in China. After the flash crash of 2010, the SEC tried to increase the responsibility of brokerage firms for offering direct access to the markets for those who would manipulate it. Obviously, that didn’t work.34
The truth is that the markets endure flash crashes daily in one sector or another. In fact, traders estimate that there are, on average, about one dozen such targeted crashes every trading day.35 This is not normal for properly functioning markets but is symptomatic of manipulation. Traders manipulate the market to make a profit. What happens if someone manipulates the system to harm it rather than profit from it? We remain vulnerable. In September 2010 the House Committee on Homeland Security held a hearing at which virtually all witnesses agreed “the nation’s 10 or so stock exchanges and 50-plus related trading venues are vulnerable to attacks from traders overseas.”36
There are a variety of ways for enemies to flash crash the market, or at least systemic stocks. The question is whether a flash crash can do permanent damage. Some high-frequency traders use social media to trigger activity. They scour the news for stories that might indicate movements and attempt to react ahead of the market. As John Bates, chief technology officer for Progress Software, writes, “According to an August 2011 infographic from media agency We Are Social, there are 138,888 Tweets per minute, 180 million posted each day and 1.6 billion search queries per day. There are 200 million Twitter users with 450,000 new accounts created daily. . . . With the high frequency-obsessed trading community, speed is essential. And social media, particularly Twitter, is becoming a key source of high-speed information for feeding trading algorithms.” Bates notes that manipulating the news is not that difficult—in fact, the stocks for Berkshire Hathaway rose routinely last year whenever the actress Anne Hathaway was hot on Twitter or in the news, thanks to algorithms mixing up the actress with the trading firm.37
The Syrian Electronic Army appreciates the power of social media. In April 2013 it hacked the Associated Press’s Twitter feed, planted a false story, and briefly caused a $136 billion market drop. The planted story suggested that the White House had been bombed twice and that the president of the United States was injured. The tweet was corrected within seconds, but not before the Dow plunged 143 points. Sal Arnuk, the coauthor of Broken Markets, lamented, “When I realized it was a fake tweet, I was outraged and ashamed that the market was able to be manipulated so easily.” The market is not completely rational. There are still people making trades and reacting emotionally. And beyond that, algorithms pick up what’s happening on the social media front.38 The New York Times reported, “The markets recovered in minutes, but the episode has heightened concern among regulators about the combination of social media and high-frequency trading. . . . The vulnerability, in part, stems from the Securities and Exchange Commission’s decision to let companies and executives use social media sites like Twitter and Facebook to broadcast market-moving news.”39
A flash crash can destroy traders who use stop-loss orders—orders that automatically sell when the price hits a certain low. “You talk about $200 billion being erased [in the Twitter flash crash], but how much was folks with stops in the market?” Jeff Kilburg of KKM Financial asks. “These [algorithms] really ran the gauntlet and they cleaned out a lot of people. I don’t know the percentages, but definitely there was damage done to the ma and pas.”40 Richard Miniter points out that even as flash crashes increase, so do settlement failures: “Despite 2008 regulatory reforms, settlement failures are rising again. A settlement failure is what traders call it when buyers or sellers fail to provide the agreed-upon stock or cash to complete a transaction.” In a world of high-frequency trading, settlement failures pervert the market. Miniter concludes, “Imagine a computer virus designed to wipe out your retirement savings and sink our economy. The flash crash may have been a test run.”41
So far, such attacks have had only temporary effects, mostly because they happened with time left in the trading day for recovery. Also, the markets were rising, and investors were looking for buying opportunities. The damage would be much greater if such activity took place with nervous markets near the end of a trading day.
Financial terrorists could also crash markets by stealing or altering trading algorithms, either by theft or by coopting an insider. In 2009, Sergey Aleynikov allegedly stole some thirty-two megabytes of Goldman Sachs technology, including algorithmic information on which the company’s high-frequency trading was based. As Rob Iati of the TABB Group wrote, “There’s no doubt that Goldman Sachs, or any other proprietary trading firm, could indeed lose tens of millions of dollars from its proprietary trading if their strategies are stolen—and that is very serious. The competitors that obtain access to these trading secrets could (and would) use it to front-run or trade against it, ruining even the most well-planned tactics.”42 While the alleged thief of the Goldman Sachs trading code was later released, charges were refiled.43 Whether Aleynikov is guilty or innocent, the financial system is vulnerable to the kind of crime with which he is charged.
If the threat is a “flash crash,” the answer is cash. Flash crashes cause stock prices to drop below their intrinsic values. Having cash to pick up shares could be very rewarding, assuming the markets bounce back as they have so far.
The Domino Effect
The real risk is that a chain reaction of systemic failures overwhelms the financial system. That is what happened in the crash of 2008, as even the strongest institutions found themselves interdependent on weaker ones. Few people realize how close the whole economy came to absolute catastrophe. Representative Paul Kanjorski, a Democrat from Pennsylvania, explained on C-SPAN how dire the situation was when Congress stepped in:
[There was a] tremendous draw-down of money market accounts in the United States, to the tune of $550 billion. . . . The Treasury opened its window to help. They pumped a hundred and five billion dollars into the system and quickly realized that they could not stem the tide. We were having an electronic run on the banks. They decided to close the operation, close down the money accounts, and announce a guarantee of $250,000 per account so there wouldn’t be further panic out there. And that’s what actually happened. If they had not done that their estimation was that by two o’clock that afternoon, five-and-a-half trillion dollars would have been drawn out of the money market system of the United States, which would have collapsed the entire economy of the United States, and within 24 hours the world economy would have collapsed. . . . It would have been the end of our political system and our economic systems as we know it.44
In hindsight, it is obvious that Lehman’s failure was the fall of the first domino. That risk has not abated. “Too big to fail,” warns Ben Bernanke, is “still here.” Richard Fisher, the president of the Federal Reserve Bank of Dallas, wants the entire financial system restructured to prevent another too-big-to-fail scenario. The giant banks, he says, “represent not only a threat to financial stability but to fair and open competition, … they are the practitioners of crony capitalism and not the agents of democratic capitalism that makes our country great.”45 He suggests that “the largest financial holding companies be restructured so that every one of their corporate entities is subject to a speedy bankruptcy process, and in the case of the banking entities themselves, that they be of a size that is ‘too small to save. . . .’ The downsized, formerly too-big-to-fail banks would then be just like the other 99.8 percent [of banks], failing with finality when necessary—closed on Friday and reopened on Monday under new ownership and management in the customary process administered by the FDIC.”46 The editors of USA Today write, “Perhaps the best way to view the world’s largest banks is not as companies, but as nations unto themselves. Like rogue states, they profit from their ability to wreak havoc on the world, borrowing for less b
ecause lenders know that governments wouldn’t dare let them collapse. And like opportunistic governments, they are brilliant at playing nation against nation.”47
Although the risk persists, politics stands in the way of a solution without another crisis. The problem now, however, is that we may not have the firepower to stop another systemic collapse as we did in 2008. The federal debt is already almost twice as large as it was in early 2007.48 The unemployment rate is substantially higher than the 5-percent level of December 2007, and the number of food-stamp recipients has more than doubled, with well over forty-five million Americans receiving such assistance. We have barely recovered from 2008–2009, and we might not recover at all the next time. The risk is another Great Depression. Depending on the policy response, we could see massive deflation or hyperinflation. We could even see confiscation. There is no simple way to address this risk in advance. It would require a great deal of flexibility and willingness to adjust as circumstances unfold.
If the government were unable to borrow to provide additional stimulus, the Federal Reserve could be left as the only buyer of government debt. Inflation would soar, leading to currency collapse. Almost any investment would then be better than cash. On the other hand, the government might pursue a policy of austerity and raise taxes. We would then face deflation, and cash would be king.
One complication is that the government could restrict access to cash in money-market or other accounts, as the government of Cyprus did in 2013. Americans might think that such a policy is impossible here, but in June 2013 the SEC proposed a new rule that would make it difficult for investors to pull cash from money-market investment vehicles “during times of financial distress.” Bernanke backs the proposal.49 If that happens, cash on hand becomes king, and assets lose value.
Game Plan Page 10