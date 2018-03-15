Can AMD Vulnerabilities Be Used To Game the Stock Market? (vice.com) 44
Earlier this week, a little-known security firm called CTS Labs reported, what it claimed to be, severe vulnerabilities and backdoors in some AMD processors. While AMD looks into the matter, the story behind the researchers' discovery and the way they made it public has become a talking point in security circles. The researchers, who work for CTS Labs, only reported the flaws to AMD shortly before publishing their report online. Typically, researchers give companies a few weeks or even months to fix the issues before going public with their findings. To make things even stranger, a little bit over 30 minutes after CTS Labs published its report, a controversial financial firm called Viceroy Research published what they called an "obituary" for AMD. Motherboard reports: "We believe AMD is worth $0.00 and will have no choice but to file for Chapter 11 (Bankruptcy) in order to effectively deal with the repercussions of recent discoveries," Viceroy wrote in its report. CTS Labs seemed to hint that it too had a financial interest in the performance of AMD stock. "We may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports," CTS Labs wrote in the legal disclaimer section of its report.
On Twitter, rumors started to swirl. Are the researchers trying to make money by betting that AMD's share price will go down due to the news of the vulnerabilities? Or, in Wall Street jargon, were CTS Labs and Viceroy trying to short sell AMD stock? Security researcher Arrigo Triulzi speculated that Viceroy and CTS Lab were profit sharing for shorting, while Facebook's chief security officer Alex Stamos warned against a future where security research is driven by short selling.
[...] There's no evidence that CTS Labs worked with Viceroy to short AMD. But something like that has happened before. In 2016, security research firm MedSec found vulnerabilities in pacemakers made by St. Jude Medical. In what was likely a first, MedSec partnered with hedge fund Muddy Waters to bet against St. Jude Medical's stock. For Adrian Sanabria, director of research at security firm Threatcare and a former analyst at 451 Research, where he covered the cybersecurity industry, trying to short based on vulnerabilities just doesn't make much sense. While it could work in theory and could become more common in the future, he said in a phone call, "I don't think we've seen enough evidence of security vulnerabilities really moving the stock for it to really become an issue." Further reading: Linus Torvalds slams CTS Labs over AMD vulnerability report (ZDNet).
On Twitter, rumors started to swirl. Are the researchers trying to make money by betting that AMD's share price will go down due to the news of the vulnerabilities? Or, in Wall Street jargon, were CTS Labs and Viceroy trying to short sell AMD stock? Security researcher Arrigo Triulzi speculated that Viceroy and CTS Lab were profit sharing for shorting, while Facebook's chief security officer Alex Stamos warned against a future where security research is driven by short selling.
[...] There's no evidence that CTS Labs worked with Viceroy to short AMD. But something like that has happened before. In 2016, security research firm MedSec found vulnerabilities in pacemakers made by St. Jude Medical. In what was likely a first, MedSec partnered with hedge fund Muddy Waters to bet against St. Jude Medical's stock. For Adrian Sanabria, director of research at security firm Threatcare and a former analyst at 451 Research, where he covered the cybersecurity industry, trying to short based on vulnerabilities just doesn't make much sense. While it could work in theory and could become more common in the future, he said in a phone call, "I don't think we've seen enough evidence of security vulnerabilities really moving the stock for it to really become an issue." Further reading: Linus Torvalds slams CTS Labs over AMD vulnerability report (ZDNet).
Seriously? Peddling the fake propaganda a second t (Score:2, Interesting)
The last time this shit was posted, we established that the prerequisites for those "vulnerabilities" were ridiculous, requiring *at least* admin access, or even installing a hacked bios first! We also established that CTS labs were in bed with Intel had created the domain for this only right before publishing it. Apart from the fact that everyone agreed that giving AMD only such a short time to react befor publishing it, was completely unprofessional and a "hit job". (To which I agree.)
So, do you plan on p
Re: Seriously? Peddling the fake propaganda a sec (Score:2)
Re: Seriously? Peddling the fake propaganda a sec (Score:3)
Markets dont care (Score:2)
Markets have shown little care in the face of computer security issues. You may get a few day drop but nothing lasting. Look at Intel, Target, or anyone else. It's just not that big of a deal to investors or consumers.
Re: (Score:2)
I don't think the duration of the drop is really that relevant to the accusation being leveled against CTS Labs. More important is the volume of the drop, the knowledge that it is likely to occur and when it is most likely to occur. If there was indeed collusion and CTS Labs benefited financially from the timing of their announcement, that's illegal.
Re: (Score:2)
I am not in agreement that its illegal. I can research a company and find something I think is negative about them and sell that information to a 3rd party who intends to short the stock. No one is accusing CTS labs of having material inside information about AMD. The information CTS has was independently discovered by them. If this was illegal every short equity operation (Muddy Waters, etc) would be shut down. The most troubling thing about this is the text of the Viceroy Research report. Saying a company
Even if true... (Score:2)
So if someone with a Ryzen is concerned there's something they can do about it. Source: https://www.bleepingcomputer.c... [bleepingcomputer.com]
Re: (Score:2)
Securities fraud (Score:3)
Re: (Score:2)
Re: (Score:1)
Re: (Score:3)
But is information you have found out yourself, or from someone unrelated to the company, "insider knowledge"? In what sense are these people insiders?
Re: (Score:2)
Look at Mark Cuban's investor newspaper. Its business model was to research and publish news about companies, but between research and publication Mark would invest in them (long or short positions). The SEC sued him. His blog has a lot of details.
Re: (Score:2)
Manipulating the markets even without insider knowledge is also technically illegal but virtually impossible to prove or prosecute. People are allowed to have opinions and publish them even if they are wrong. People are also allowed to speculate financially based on their opinions.
Re: (Score:3)
Its not clear that this would be considered insider knowledge to me. The normal modus operandi for short sellers is to do a significant amount of research on companies looking for flaws, wrong doing, etc. purchase a position then try to build uncertainty by hyping a press release.
Previously unknown security vulnerabilities don't seem much different than accounting fraud assuming neither has a source inside the company.
Re: (Score:1)
First, the SEC only has civil jurisdiction, meaning they can ONLY fine people and companies. The SEC brings civil suits, most of which are settled for pennies while the targets never have to admit any wrongdoing. Only the most egregious fraud gets the attention of the FBI who can pursue criminal charges.
Oh, and everything being claimed in the article is completely legal if the author of the hit pieces disclosed their position. And yes, saying "we may or may not have a financial interest in publishing thi
Re: (Score:2)
Indeed. But now we have to contend with mismanaged funds (always a problem), and idiot savants using AI algorithms to scour newsfeeds for good / bad information (and automatically engage in buying / selling).
And they really went SEO over this one. The Asus forums I frequent all had interesting "posts" about this problem, typically followed by a single post stating that one must acquire admin rights before anything can be exploited (and if they already have admin rights, they don't exactly need an exploit at
Re: (Score:2)
Wrong. If a 3rd party independently discovers information that is non-public but adverse to a public company they can do whatever they wish with it. If AMD employees in possession of non-public information made trades based on it, they would be in trouble. But in that situation, AMD would have had to know prior to any public release. As it stands now, the information is public and anyone can trade based on it.
Its criminally minded people trying this out (Score:2)
So far, it does not seem to work against AMD, good. And the attempt was on low amateur level in addition, like a lot of crime. Of course, a lot of the press response was also on low amateur level (whatever happened to verifying stories before publishing?), so some small-time investors may have gotten spooked. I hope the SEC and others looks into this ruthlessly.
Obvious stock market manipulation (Score:2)
And Dan Guido is prime helper number one in this crime.
Re: (Score:2)
Slashdot is helper number two given they're spreading this bullshit without any good reason. I wonder if slashdot has some skin in this game?
Nothing suspicious here (Score:1)
Hey guys, I'm one of you, a neutral third party financially uninvolved in any of this.
Let's all go and buy Intel processors because they don't have any of these critical security flaws that are just so much more noteworthy than boring and harmless Spectre and Meltdown. And who even remembers those? They are so 2017, am I right?
Also did you know that when you support Intel you support small independent security researchers of the highest ethical and moral standards? Wow, if that isn't standing up for the lit
Not without your help, duche! (Score:1)
I can't believe this is still being spread...
maybe CTS Labs can find out what happen drop soap (Score:2)
maybe CTS Labs can find out what happens when you drop the soap!