Hacker News new | past | comments | ask | show | jobs | submit login

Amazing coincidence!

On the very same day this information came out, 'Viceroy Research Group' managed to release a 33-page 'analysis' of these results. With illustrations.


>We believe AMD is worth $0.00 and will have no choice but to file for Chapter 11 (Bankruptcy) in order to effectively deal with the repercussions of recent discoveries.

Viceroy Research lists no employees or contact address, but it appears they are not a crack team of hardworking & incisive business analysts, but two Australian teenagers and a former UK child social worker, struck off in 2014 for misconduct.

They have previous form in producing or plugging short-call stories (quite effectively), and latterly investigated by South African media for similar shady business.


It took very little internet sleuthing to find this stuff out. None of the tech press bothered to do so.

Disclaimer: I have no position in AMD.

Edit: link to Viceroy https://viceroyresearch.org/

If you look at the metadata of both the white paper and the analysis, you can see that the creation time of them is only 2 hours, 50 minutes apart.

And that's the creation date, not even when they were published.


(Replying to myself because I can't edit my post anymore)

Edit: And it gets better! If you check the HTTP headers when requesting the whitepaper from their servers, it will tell you that the file was placed there (last-modified) at 13:22 GMT, so just 1 hour before Viceroy Research Group created their analysis - and probably ages before the actual news broke.


If they did this just to short AMD and make money, that's indeed quite shady, and they go through all the trouble of hiding their real intentions because they also know it's super-shady.

That said, unless the whole "research" is fake, I wonder if we could be seeing more such tactics in the future against tech companies, and whether or not that would give them an immense incentive to care about security - or risk getting ruined in the stock market.

Honestly, such a huge incentive may actually be needed to get most companies to get about security. The money equation needs to make sense to them. Right now most think investing the absolute minim amount in security for compliance reasons is already too much money wasted on security. If this were to become common, I think maximizing security would actually start looking quite profitable to them.

I mean, this research is already saying there are some backdoors in AMD's chips. I imagine in the future, companies would be way more careful about allowing backdoors in their products, whether intentionally or by mistake, if they knew they risked getting their stock crushed.

So yeah I just like to play with this idea a little bit. So far this revelation doesn't seem to have had the "desired" effect by the backers of the research, though, but we'll see. I just want to know whether or not the research is real, so I'll wait for AMD's confirmation. I assume AMD wouldn't try to lie to us about it, because there are now probably at least a dozen security teams trying to pick AMD's chips apart, so the flaws would be found soon enough, if real.

Well, this could be interesting. AMD is a US listed security. If true, these two lads could very look forward to a visit from the US SEC. Seeing as how market manipulation is not a capital-crime, I don't see Australia objecting to an extradition, should charges be warranted.

Which exact crime are you alleging, specifically? Plenty of short sellers investigate companies and their products and make investment decisions based on their findings.

I work in finance, and one of the many hats I wear at the small ATS (Alternative Trading System) I work at is regulatory analyst. Action probably wont start with SEC, but possibly FINRA or any exchange they're trading through. This definitely wreaks of manipulation. If I knew of any trades on this came through my ATS, it would be my legal and ethical duty to report it. I could still be asked to provide all trade activity for AMD.

They tend not to weaponize those findings putting innocent people in harms way.

Perhaps so, but that's not a crime. There's nothing illegal about trading on your own private research.

Trading on research, no. But attempting to artificially manipulate the market while doing so is effectively "pump-and-dump" but short instead of long. A lot comes down to timing and exactly what the communication says.

Not a sure-thing conviction, but certainly a dangerous business plan.

Matt Levine wrote about this recently, and comes to a somewhat different conclusion (though he's not a lawyer):


> If you think a company is bad, or fraudulent, you can sell its stock short and try to profit when everyone discovers its problems and the stock drops. If you want to hurry that process along, you can always noisily publish research reports explaining why the company is bad or fraudulent. If your research reports convince other investors of your thesis, then the stock will drop, and you will make money. There are more longs than shorts, and more dicey public companies than noisy short hedge funds, and so people who use this strategy tend not to be especially popular. In particular people often go around accusing them of fraud, or market manipulation. "Wait," people ask, "how is it not manipulation to short a stock and then publicly announce that the stock is bad?" I am always confused by this complaint. Just flip it around: It's not manipulation, surely, to own a stock and then publicly announce that the stock is good.

(Followed by further justification of this position).

But he more or less assumes that you are stating an opinion on the company, rather than misrepresenting or downright inventing bad news.

True, that's the actual crux of the question here; if you are inventing bad news and trading on it, then by my reading you're probably engaging in stock manipulation.

On the other hand, it seems that uncovering new true information, and then taking a short position on it, not illegal.

A lot of the comments in this thread were assuming that there was some crime just from reporting the bad news and trading on it, unconditionally on whether or not the news was true.

Apparently known as "short and distort". See also "When Does Short Selling Become Manipulation?":


From that paper, 'The term “manipulative... connotes intentional or willful conduct designed to deceive or defraud investors by controlling or artificially affecting the price of securities."

If the claims you're making are true, then it's not deceiving or defrauding, even if the way the information was published was immoral under standard professional ethics.

If these vulnerabilities were misrepresented by the short sellers that funded it, then I suspect that would bring them into stock manipulation territory.

Hmm ... I was more tempted to dig into connections between the Israeli firm and Intel but your analysis is way better!

Why is AMD 1.04% up today then (while technology index is -1.16%)?


    AMD	$11.64

Look at the interday pricing. There were some small slumps. Clearly most traders did not react too negatively to the story, at least by the end of the day.

I even thought Meltdown/Spectre was overblown, and the average user will never see these attacks.

Then you were wrong, since those attacks against unpatched, unhardened hosts are trivially weaponizable through browser Javascript.

They're weaponizable when using a small and rapidly shrinking percentage of unpatched browsers running JavaScript delivered by extremely uncommon websites.

That's true because the vulnerability itself wasn't overblown, and was immediately patched.

I am particularly talking about things like Intel's stock price though

Oh. Sure, I buy that. I don't believe patchable vulnerabilities really exert major pressure on stock prices.

>JavaScript delivered by extremely uncommon websites

All it takes it emailing them a slightly convincing link, and they're running javascript from one of those "extremely uncommon websites". It doesn't matter how common the website it, a single website can compromise millions of users.

Attacks only get better.

Can you point to a javascript example?

I can think of a number of approaches, but nothing I could catergorise as trivial.

First hit for googling "Spectre Javascript POC": https://github.com/ascendr/spectre-chrome

> Enable `#shared-array-buffer` in `chrome:///flags` under your own risk...

SharedArrayBuffer was disabled exactly because vulnerabilities like this are easily exploitable (but there are POCs that don't depend on it).

It was only disabled as a mitigation to these specific attacks, in case you though it was an experimental or “at your own risk” type of thing.

Disabling SharedArrayBuffer is just stopping the most obvious method of exploitation; it's by no means a fix. Expect a slew of papers over the next few years on other methods of exploitation from JS.

Every single browser had to disable that feature because of those flaws.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact