
Questioning the motive behind the security allegations against AMD - lathiat
https://www.gamersnexus.net/industry/3260-assassination-attempt-on-amd-by-viceroy-research-cts-labs
======
kabouseng
There is a bit of a back story from a South African perspective on what is
happening here.

Viceroy research group were the ones to break the Steinhoff scandal[1],
exposing gross financial misreporting on Steinhoffs financials and resulting
in Steinhof's share price dropping from R46 to R6 per share[2].

I suspect Viceroy had short positions on Steinhoff and made quite a bundle.
After tasting this legitimate success, they attempted a similar tactic with
Capitec bank, a very successful and fast growing South African bank.

They released a research report stating that Capitec has unsustainable and bad
debt levels and will soon suffer huge losses due to this bad debt[3]. This
opinion was largely unfounded and fears were dissipated with the South African
reserve bank making a statement that Capitec's business is sound, but not
before capitec suffered a short term drop in their share price.[4]

And so Viceroy have hit upon a very lucrative business strategy, and AMD is
next in line...

[1] -
[https://www.dailymaverick.co.za/opinionista/2017-12-13-the-s...](https://www.dailymaverick.co.za/opinionista/2017-12-13-the-
steinhoff-debacle-the-biggest-fraud-in-sa-history/)

[2] - [https://www.fin24.com/Companies/Retail/steinhoff-drops-to-
un...](https://www.fin24.com/Companies/Retail/steinhoff-drops-to-
under-r6-after-joostes-departure-amid-accounting-scandal-news-20171208)

[3] -
[https://www.dailymaverick.co.za/article/2018-02-02-viceroy-u...](https://www.dailymaverick.co.za/article/2018-02-02-viceroy-
under-fire-for-reckless-capitec-claims-but-others-have-also-raised-alarm/)

[4] - [https://www.iol.co.za/business-report/companies/capitec-
shar...](https://www.iol.co.za/business-report/companies/capitec-share-price-
still-on-a-downward-slide-13044332)

~~~
slivym
Well there's a lot to unpack there. But it's worth noting that there's an
enormous difference between doing something like this in South Africa, and
doing this in America.

Of course the SECs view that any trading on US stocks is under it's
jurisdiction, and Section 9(a)(4) of the SEC Act. It's known as stock bashing,
it's a fairly usual form of market manipulation and attacking big American
corporations like this is a great way of getting SEC attention.

So whilst it's potentially lucrative, it's also probably illegal and more a
game of when they get big enough to be picked up by the SEC rather than
anything else.

It's worth noting AMD's stock has not moved significantly right now, and these
anonymous, rather weak accusations are unlikely to be effective, which would
leave this strategy quite unprofitable.

-edit: somehow transposed India and South Africa

~~~
kabouseng
Sorry if it was implied in my post that their actions has my approval or
admiration or any other feeling. The purpose of the post was purely sharing
some background information I am aware of.

For the record I view their actions in the case of Capitec and AMD as attempts
at blatant (unlawful??) market manipulation.

-edit Oh and there is also a difference between India and South Africa :P

~~~
slivym
I have no idea where I got India from :)

------
dsl
Vicearoy, a firm that specializes in shorting stocks, had a 25 page writeup
[1] ready to print on why AMD was go bankrupt because of this before AMD
itself even fully analyzed the issues.

I suspect there will be an SEC investigation.

1\. [https://viceroyresearch.files.wordpress.com/2018/03/amd-
the-...](https://viceroyresearch.files.wordpress.com/2018/03/amd-the-
obituary-13-mar-2018.pdf)

~~~
tgsovlerkhgsel
At which point does it become illegal though? Is it considered insider trading
if you know about a security issue but have no internal knowledge about deals
etc.?

I would hope that intentionally spreading false information to manipulate
stock prices would be illegal, but it may be hard to draw the line between
subjective interpretation, intentionally misleading interpretation, and
outright lies.

~~~
qeternity
> Is it considered insider trading...

No, it's not. Short selling is not a populist activity, but it's essential for
disciplined price discovery. This type of behavior is EXACTLY what the SEC and
other regulators want to encourage: self regulation. This is a market solution
to a market problem. These vulns may or may not be significant, and the people
behind the release may be shady...but this is what society should want to see
from market participants. It's no different than performing forensic
accounting and discovering massive fraud. There have to be incentives for
investors to perform due diligence, and if people only get compensated by
rising prices, there will be no incentive to uncover the frauds.

~~~
jjeaff
It seems a little more nefarious than that. From what I am reading it seems
that the group that is releasing the vulnerabilities has created a fake
research firm and released an analysis attacking AMD. That parts reeks of
market manipulation.

~~~
int_19h
Wouldn't it just be straight up libel?

~~~
emn13
They're trying to cover their a.. with a long disclaimer. I hope that that's
not enough to provide legal protection; but it may provide some protection
against some laws. And then there's the issue of jurisdiction - which
defamation laws apply? If they reasonably believed to be true statements that
a reader might reasonably infer, is that enough to shield them - even if
another reader might (incorrectly) infer something else?

------
thisisit
Another article on the same issue highlights some other problems as well:

[https://wccftech.com/low-down-amd-security-exploit-saga-
cts-...](https://wccftech.com/low-down-amd-security-exploit-saga-cts-labs/)

> The offices shown in the CTS-Labs interview don’t exist, its CGI.

> shorting the AMD stock to make a quick buck. In fact, both CTS-Labs and
> Viceroy Research, very ‘ethically’, disclose that they could be doing just
> that.

~~~
aepiepaey
Both those points were covered already covered by this item's article.

~~~
thisisit
This comment was meant for another submission which didn't cover these points
explicitly. Comments were merged hence the issue.

------
dsacco
If an action is brought against the researchers, I predict it will be a
(likely unsuccessful) insider trading case, not a market manipulation case. I
don’t see any market manipulation here[1], considering activist investors have
set a precedent for make hyperbolic statements which are mostly unchallenged,
so long as there is a nontrivial kernel of truth.

Material, nonpublic information is of course not illegal to trade on, on its
own. It’s not generally illegal to trade on unpublished vulnerabilities. But
it’s routine to be forcibly entered into a confidentiality agreement as part
of the process of _reporting_ a vulnerability. For example, reporting a
vulnerability through Bugcrowd or Hackerone would immediately make it illegal
for you to trade on the knowledge of the vulnerability.

I assume the researchers were savvy enough to report the vulnerability in such
a way that did not enter them into a confidentiality agreement. That said, AMD
may lean on the widespread commonalities of how many responsible disclosure
processes _do_ work with respect to confidentiality in order to try and
establish a precedent. They’ll make arguments about reasonable disclosure
windows before publication, etc. This is, to my eyes, the best case for
someone trying to bring a case forward. If the researchers implicitly agreed
to a confidentiality agreement (for example, if the page with security contact
information has “browsewrap” terms and conditions, or if buying an AMD product
at all has such terms), it will be messy, but they’ll be _probably_ fine, I
think.

However, if they actually reported the vulnerability through a medium that
explicitly forces confidentiality, I think they’re actually screwed.

__________________________

1\. Legally speaking. I decline to comment on ethics.

~~~
otakucode
Going strictly by the letter of the law what you say makes sense. But there
are other factors at play here. These are "computer nerds" taking aim at an
American company from outside the US. I do not think they will find many
willing to practice the restraint we would see if we were dealing with a
typical wealthy American white collar criminal. Such behavior is normalized in
some circles, but it is still seen as aberrant for any 'outsiders' to engage
in the same behavior.

~~~
dsacco
_> These are "computer nerds" taking aim at an American company from outside
the US. I do not think they will find many willing to practice the restraint
we would see if we were dealing with a typical wealthy American white collar
criminal. Such behavior is normalized in some circles, but it is still seen as
aberrant for any 'outsiders' to engage in the same behavior._

1\. That they are "computer nerds", in your words, is inconsequential. Their
in-group will not be a deciding factor, for better or worse. This isn't high
school, and the SEC has a minimum level of professionalism it _does_ adhere
to.

2\. Your characterization is, more broadly speaking, not well-founded.
Activist investors are not, as a rule, white collar criminals. in fact they're
not typically any sort of criminal. The SEC doesn't need to practice restraint
or extend arbitrary leniency (something the SEC is _not_ known for, for any
group), because the activity tends to only rarely overstep legal boundaries.

3\. This behavior is not seen as aberrant for _any_ outsiders, and it's not
normalized to only some group in "Big Wall Street." For example, I'm an
outsider to activist investing, and I find nothing aberrant about it at all.
In fact I think of it somewhat positively.

~~~
otakucode
I think you misinterpreted what I was talking about. Either that or you define
'activist investors' very differently from how I define it. What these people
are doing is not 'activist investing.' They are providing disinformation,
engaging in active and intentional deception towards the goal of destroying a
company in order to profit. They are not uncovering wrongdoing or fraud. They
are not doing due diligence and profiting from material information. That is
not criminal, obviously, and is to be lauded!

If you engage in willful intentional deception, you are not an activist
investor. You would be engaging in fraud and illicit market manipulation. I
find it very bizarre that you would claim these malicious actors as activist
investors. Most of the rest of your complaints with my statements seem to stem
from your notion that I would do the same. I do not.

------
ghazak
The most likely explanation to me is that the authors are connected to people
shorting AMD, and they wished to get the maximum impact out of their release.
It didn’t seem to hurt the stock any though.

~~~
DiabloD3
Yeah, ironically, the price went up significantly.

~~~
nikanj
Short squeezes are rough, especially if people are expecting one and want to
get in on the action.

------
jaclaz
As a side-side note, I noticed this in the article (near the end):

> The CTS-labs.com domain name was registered on June 25, 2017, around when
> the Meltdown exploits were privately revealed to Intel.

which somehow sounds "queer" to me, particularly in an article attempting to
debunk a possible "conspiracy", I mean June 25, 2017 is also _surprisingly_
around the time the UK parliament was cyber-attacked and the time the large
Brian Head fire started in Utah, what gives?

~~~
cptskippy
Yeah that jumped out to me as irrelevant and baseless theorizing. If it had
been intelflaws.com or some bandwagon like domain then the claim might have
merit. But the article is just making speculation similar to what they're
criticizing CTS Labs for.

------
dang
[https://news.ycombinator.com/item?id=16577433](https://news.ycombinator.com/item?id=16577433)
was the big thread on the front page all day, but since a second wave of
analyses with more information is coming out, this submission is rising and it
seems like discussion can move here.

------
akerro
Do you think it could be organised and paid by the same company that bribed
Dell and other OEMs so they don't sell AMD CPUs in their laptops?

~~~
detuur
To give you a straight answer: no, it isn't. Intel isn't afraid to get its
hands dirty and will take a close look at every opportunity to sabotage AMD,
but this was amateur hour. At the very very least, Intel would've exposed an
actually serious flaw in Ryzen. There's already a strong suspicion that CTS
isn't a real lab but just something set up to make it look more credible,
while the actual exploits have been bought through a 0day broker. This is
amateur hour by some people who've never done actual security research and are
only in for a quick buck. Odds are high this will lead to an investigation for
stock manipulation.

------
onetimemanytime
This is also a business model: short the stock, issue "research" that put the
company in a bad light, cash out--if lucky.

Shorting on the other hand is quite legitimate and so is pointing out you
opinions.

~~~
detuur
Shorting is legitimate—under certain conditions. In many markets throughout
history, shorting has been explicitly forbidden. This is because it encourages
destroying value. It's much much easier to destroy a company's value than to
raise it. So anyone holding a short on a company has every incentive to
disrupt its operation. This is in contrast with the traditional position,
where you hold stock in a competing company. Then you have only a very minor
incentive to disrupt your competitors, because it translates in small gains
for your own stock. Only when companies are neck-to-neck does it become
profitable, but then any sabotage is scrutinised much more closely.

------
TorKlingberg
It looks like both cts-labs.com and amdflaws.com are completely black-holed by
Google search. Does anyone know why?

~~~
Ded7xSEoPKYNsDd
For the first one, it's probably that they don't allow search engines to crawl
their site:

[http://cts-labs.com/robots.txt](http://cts-labs.com/robots.txt)

The other domain does appear on Google for me.

------
c12
Feels shady to me.

------
dwlttpr
Is link dead?

~~~
lathiat
Still working fine for me

They released a video version of the article here if that helps you:
[https://www.youtube.com/watch?v=ZZ7H1WTqaeo&t=628s](https://www.youtube.com/watch?v=ZZ7H1WTqaeo&t=628s)

------
jpdus
Why was this flagged? While the title is clickbaity, this seems to be a well-
researched piece on the alleged AMD vulnerabilities.

By the way: There were also some very interesting pieces by Matt Levine on
Bloomberg about the legal implications of independent short-selling "research
groups" like Viceroy. If you can't show that they are acting in bad faith, it
is apparently not illegal to publish biased "research" to move the stock down.

Edit: Ok, just saw that there were already other threads about this topic.
However this article adds some additional research and statements from
industry insiders, probably it would make sense to just change the title.

~~~
dang
We've changed the title.

------
sergiotapia
Poor title choice.

~~~
ggg9990
I thought someone had tried to kill the CEO.

------
thisisit
Discussed earlier here:

[https://news.ycombinator.com/item?id=16582022](https://news.ycombinator.com/item?id=16582022)

~~~
dang
We merged those comments into this thread. It's true that one was posted
earlier, but
[https://news.ycombinator.com/item?id=16577433](https://news.ycombinator.com/item?id=16577433)
was earlier still, and the current post seems at first glance to have the more
substantial analysis.

