> The big issue with all of these is that it’s very difficult to participate in the stock market anonymously. The SEC has all sorts of monitoring in place to catch more common forms of insider trading and fraud and you can guarantee that they would conduct a long, thorough investigation into a hypothetical hack-based market fraud. Unlike Bitcoin transactions, wire transfers and stock purchases can be reversed after the fact, and the exposure and risk go way up when you’re actually working with US dollars.
But this is divorced from reality. In reality you'd be one of thousands of people holding HTZ calls or TSLA puts in your Robinhood account. You could make a huge payday and be indistinguishable from the crowd. With the crypto scam, one person will eventually have to turn this BTC into fiat. With market manipulation, you've made thousands of retail investors indistinguishable from yourself rich. Which one sounds like a better idea?
> you'd be one of thousands of people holding HTZ calls or TSLA puts in your Robinhood account
Former options market maker. We regularly got incredibly detailed data requests from regulators following corporate actions. Everyone who made money got scrutiny. Anyone who made money who wasn't similarly profitable before is almost automatically punted to their broker's compliance department, who will put in several hours of investigative work by default.
One of the most consistent knowledge gaps between professional and amateur traders, I've found, is the underestimation of how advanced and pervasive insider trading / market manipulation surveillance is.
Thus it's easy to distinguish the guy that made a single perfect call from the crowd of imperfect one. The only solution for them would be to lose as much as much as everyone else from WSB... at least they wouldn't have to ever pay tax again right?!
> Anyone who made money who wasn't similarly profitable before
WSB is one offs and gets investigate. Other market players have historical data showing they are not one hit wonders. Like someone who hits 5/17 is different than one who hits 1/21
It doesn’t take that many puts in Tesla to make a killing. If you bought 5 Tesla puts at 1700 and then sent out a tweet from Musk saying “I’ve contracted coronavirus and am expected to be hospitalized due to the severity of the symptoms. I am temporarily stepping down from my position as CEO until I am healthy enough to lead this company.”
The price of Tesla would plummet by 75% for at least 30 mins while the mess was sorted. If it dropped to 500, you could make 500k easily without very much risk of being detected. Then switch directions and buy calls. Easy money. Or get 5 friends to but 1 put each. Not that hard and pretty undetectable.
Sorry, but are you unaware of modern technology and conventions that allow small groups of humans to efficiently process and analyze staggering quantities of data? Do you think such tools and methodology are only available to the tech sector?
And 4,600 is just the number of employees at the SEC — there are legions of employees at the relevant institutions who work on data compliance.
This might be true if you work at a professional brokerage or hedge fund, but there's no way the SEC can investigate everyone holding a few million worth of TSLA options.
Someone who buys a few million in puts just before hacking twitter is indistinguishable from some random robinhood user who decides it's time to go all in on puts because of a wsb post.
People in this thread are seriously underestimating the competence of the authorities in dealing with financial crimes. Virtually everything people are suggesting here is something law enforcement has seen a thousand times before.
Lots of people have had the idea that the SEC/FBI/etc. can never catch them. Right up until they go to prison.
So you're saying insider trading is a well understood and highly prosecuted crime? I'd love to believe that, but I'm wildly skeptical that financial crimes (including insider trading) aren't incredibly pervasive in our society. In fact, I'd bet good money the overwhelming majority of people get away with it - of course there's no way to prove that because nobody wants to fess up to a crime they got away with.
When they're motivated to turn the eye of Sauron toward you the Feds can be very hard to evade. This can happen in a lot of ways. Whether you got a tip from a family friend or you knew what trades to make in advance of some fake rumors on Twitter (because you planted them), if you turn $5,000 into $250,000 with some perfectly timed options trades around a news event in an individual stock you will show up on their radar.
Of course, insider trading among well connected hedge fund managers and our unaccountable financial elite is indeed pervasive and goes by without being prosecuted all the time, but it's fair to assume yesterday's hackers aren't in this protected class.
>Of course, insider trading among well connected hedge fund managers and our unaccountable financial elite is indeed pervasive and goes by without being prosecuted all the time
And a lot of those non-prosecutions involve either (a) civil fines, (b) the compliance department censuring or firing the relevant employee, or (c) the Feds backing down from a fight with a big white shoe defense firm. None of that applies to these Twitter hackers.
I'd bet it's just like drink driving. A significant minority do it despite the heavy penalities it brings. I don't know about women but I'd wager between 10-25% of men drink drive semi-regularly.
Wait do you mean they bought millions of dollars worth of put options or they bought put options they then sold for millions of dollars?
Because anyone could just buy a crap load of $0.10 options marked a week out, wait a few days, then tank the stock. It would look like you got stupidly lucky, I have no clue how anyone could connect that to the twitter event directly. Especially since it’s not like you’ll be the only one that “won the lottery”.
(Tesla isn’t a great stock for doing this though because their IV is so high that the premiums are crazy expensive)
> It would look like you got stupidly lucky, I have no clue how anyone could connect that to the twitter event directly
The more standard deviations you go into profitability, especially over one trade, the more likely you'll be to get the stink-eye.
From that point, if someone raises a flag, it's just a matter of seeing whether they've been implicated in anything else. It's why departments that seemingly have no reason to have intel access are hooked into classified networks - precisely for this kind of data sharing.
Have you met r/wallstreetbets? While this certainly wouldn't be true for most people, many "day traders" make exactly these kinds of option plays that are in many cases literally just luck. There's many thriving communities around public market information before it's seen by the "mainstream".
For these people buying $10,000 out of the money contracts on a random ticker is completely normal and still legal. So tipping somebody like that off would certainly hard to correlate.
Does your account have a history of making those sorts of trades? That's a time-consuming and costly thing to fake.
Is your position outsized relative to other punters in the OTM weeklies market? Most people don't bet the farm on one big lottery trade because the risk of ruin is too great.
Will there really be that many people who time things as well as you do and haul in a bonanza payout as though they had perfect foresight? A lot won't even be watching the market for the 5 or 10 minutes your rumor moves the stock, and of those who are, a lot of them will hang on for moar gainz.
Right, purchase something like 200-300k worth of OTM options with low enough IV, tank the stock, cash out for 2-3mil. A 10x increase isn't all that crazy and and this trade is indistinguishable from someone that just likes to gamble on short-term options. Pay your taxes and brag to your friends about how you should start a hedge fund.
Just doing that would be suspicious. Establishing a record of doing similar things for months to a year before the hack and THEN doing it, and continuing to do so for other stocks for a while after... well, then there'd be a LOT more plausible deniability.
r/wallstreetbets calls these (rather unfortunately) "fd" options.
Basically you can use not that much money to buy unlikely to be profitable options and make an actual crapload of money - and it would look identical to just being lucky.
The thing is 90% of people don't trade options themselves, and 99% of people don't do random fd plays. If you tipped off someone from WSB then they'd likely get away with it - that's what they do. Tip off a family member who has never traded options before, well....
You still need capital. This could have been executed by some bored teenager who had nothing better to do on summer break (and likely has no access to capital or loans).
Time is also a factor here. It's possible the hackers here were afraid their insider would chicken out. If they were afraid of that, they don't have time to setup a realistic looking brokerage account, transfer money and do some trading to make it all look good. That type of setup would take weeks or even months. If you sign up and the first thing you do is go all in on TSLA puts shortly before this happened you're gonna be on a list of suspects.
Also, didn't most of these tweets happen after the US markets close or just before? If the market had overnight to digest what had happened before trading opened the next day, the markets wouldn't move on information that had already been determined to be false.
(This is assuming that the hackers did not have control of the time window in which they had elevated access.)
> "In reality you'd be one of thousands of people holding HTZ calls or TSLA puts in your Robinhood account."
Yes, but of those people, a lot of them probably have a history of buying TSLA puts because they are generally bearish on the stock. Or a history of buying calls on HTZ. And they've lost a lot of money in the past over this, because TSLA keeps going up and HTZ keeps going down.
In other words, I can look at all buyers of HTZ and TSLA stocks and most likely eliminate those with histories of buying puts or calls on these stocks.
So now I have a smaller pool of people who suddenly bought HTZ or TSLA puts/calls. Of those, I can probably eliminate anyone with small positions. This isn't worth risking for a profit of a few thousand dollars. Sure I can get a few friends together to invest from their accounts, but the more people i involve, the more i risk. Plus, i can't just do family members or friends who live nearby (unless i'm in a major city), because it'll look strange if a group of people who are related or live close to each other are running the same trades at the same time.
So now they have whittled it down quite a bit. So i bring in the FBI and I start investigating my much smaller list and I target it towards people with computer savviness. It's can probably eliminate accountants and many others who most likely don't have skills to hack twitter. So it's a smaller group of people and the chances of getting caught are no longer so small (not to say it's impossible to get away with it though).
I’m not honestly 100% sure of the situation right now, but things like hertz catch on with more first-time-sucker money than you might think. I mean your benchmark is people with tsla shenanigans, which is relatively recent. With larger betting sports out or curtailed I’m just not sure there isn’t a big enough sea to hide out in.
The window of opportunity for a hack like this is extraordinarily small. The market would have caught on to the hack and reverted back to normal pricing within minutes. Anyone capitalizing on it would have had to be waiting with their finger on the trade button.
It's not comparable to something like the Hertz thing which drags on for weeks or the TSLA run-up which has been going on for months. Imagine filtering for trades that happen within a specific 120-second window. Then filter by people who have atypically large volume during that window. It's not a long list.
Anonymizing BTC is a lot easier than hiding from the SEC. There are that many people holding massive amounts of short-term TSLA options (enough to make >$500k on a single day movement) that the SEC can't look at each of them.
I highly doubt that the SEC wouldn't put the required resources into this. After all, this would've caused tens of millions in damages, rather than the mediocre 100k$.
Also, you could filter for new traders and traders overly invested in TSLA. Giving the rather mediocre execution (i.e. single Bitcoin address), I doubt the attacker had a lot of time and capital upfront to hide in these masses.
Lastly, stock market transactions can be paused and are reversible - there's a good chance of a circuit breaker hitting or a reversal happening with that blatant market manipulation.
> the SEC wouldn't put the required resources into this
Keep in mind that a lot of the SEC's enforcement breadth comes from brokers' compliance departments. Any time anyone makes an unusual profit around corporate actions, the SEC basically requires a thorough investigation by the broker's compliance staff.
Also, getting away with an event like that hurts confidence in the stock market as a whole. It's not not purely about immediate damages to people in the market, it's also about how willing people are to participate in the future. A fraction of a percent of less people participating or slowing activity likely amount to many multiples of the damages from this event.
The SEC would be extremely motivated to find these people to make an example of them so others think twice in the future.
When Musk posted a tweet 'joking' about taking Tesla private, which was utterly trivial to investigate, the SEC only managed to deliver a slap on the wrist.
Not sure I agree they'd have investigated thousands of people.
>When Musk posted a tweet 'joking' about taking Tesla private, which was utterly trivial to investigate, the SEC only managed to deliver a slap on the wrist.
Because prosecuting Elon Musk requires going up against top tier defense lawyers and proving things like "Musk tweeted this with the intention of impacting his stock's value" or something.
With hackers, you can use the financial stuff to target the hackers, and then either (a) prove the computer crimes or (b) use the computer crimes and the surrounding stock sales to prove intent. You also don't have to go up against a legal defense better funded than some militaries.
Musk is in one class of people, people who for the most part are completely beyond consequences for things like financial crimes, fraud, or even causing mass death (as in the case of the Sacklers and the opioid crisis).
You and I and yesterday's Twitter hacker are not in this class.
The SEC can look at each of them.
Compliance and suspicious trading activity mechanisms put in place by financial actors are very sophisticate.
Analyze millions of trades and make reports out of it is not a big deal. I wouldn't be surprised if SEC is already analyzing trades related to stocks impacted by this hack.
I got the impression that the author doesn't quite know the volume of people holding ~100k in TSLA options that could easily be 5x that with a well-crafted tweet.
Given that he said "buy the stock" and "short the stock", options leverage may be the missing puzzle piece for the author.
> I got the impression that the author doesn't quite know the volume of people holding ~100k in TSLA options that could easily be 5x that with a well-crafted tweet.
When communications are hacked, the market typical figures it out in a matter of minutes. Anyone wishing to capitalize on a Twitter hack would have to have perfect timing to exit their trade.
If someone was trading options of a similar volume all day every day before and after the hack, they might be able to blend in. However, once you filter down on the number of people who caught windfalls in the narrow window of time between the hack and when the market reversed and then filter further for people who invested atypically large amounts on that particular trade, it's not as short of a list as you suggest.
Could you set up a standing sell order at some price break, though? You'd have plausible deniability if you'd had it for a while and it just happens to get automatically exercised during a market panic.
But timing is essential when taking advantage of an event like this. Lots of people are trading TSLA but few are taking positions immediately before and getting out immediately after this event, as would be required to make a consistent profit from it. And unless you have an extensive history of similar risky trades (which would probably cost a lot of money to produce by itself) your data is going to stand out like a sore thumb given that timing, even among the sea of TSLA traders.
You, as the attacker, don't have to do it immediately before either. You could make your trades, wait a week, then do the scam and plausibly say you sold when the stock jumped.
This isn't really true. Especially with the volatility in the market and TSLA specifically right now, you would be taking a huge risk holding a position like that for a week. Natural moves in the stock could easily be much larger than the move your hack causes. You could even be margin called before the hack happens.
Bizarrely, a lot. Just a couple weeks ago Hertz was the most traded stock on the NYSE and is still up there with incredibly high volume. People in this thread are really underestimating how easy it would be blend into the crowd of millions of traders.
As of today, Hertz trading volume is around 5 million, while Tesla volume is around 13 million.
Tons of people would cash out their options immediately after a major event like this. And you don't have to get in immediately before. You can buy a week or even a month ahead of time and make a profit.
I still think the OP is underestimating the risk of getting caught though.
To make money on a short, you aren't selling. You're the one buying back what you've already sold, just a lower price and pocketing the difference as profit. You stand out in the middle of a sell-off.
The time between something being posted on twitter significant enough to move the market and the market finding out that thing is not true would be small enough that the number of people who had been able to take advantage of such a price movement would be extremely small—and your trade timing would need to be perfect as well, because your cash out would need to occur prior to an event you cannot control which is it becoming apparent that the posts had been hacks or at the very least untrue. You should plan to move very quickly. Remember there are many alternative means of communication.
- Any head of state is communicating directly with the press at all times through their comms department and/or they themselves commanding the focus of the press.
- Any specific company targeted, as soon as the movement in their valuation occurred, would be able to blast out the truth via PR Newswire that the specific claims were untrue and the result of a hack.
I think in this case since the correction would occur so quickly the number of trades executed made by retail would be pretty easy to sift through, and you’d undergo heavy scrutiny, even if you had an established trading history that explained your position taking.
A retail investor would be very easy to catch, basically. On something like this, I’d imagine enforcement would be a federal priority. The data available to law enforcement on matters like this is voluminous and it would only be a matter of time. Lack of enforcement is usually just a resource constraint or low prioritization. You’d have to have a much more complex plan than just taking and exiting a market position.
The only conceptual framework I can fit the idea of getting away with hacking twitter accounts to move the market and successfully exiting would be an institution with billions of positions moving fluidly in a predetermined way to align with the information seeded by the twitter posts for a short period of time. But why would anyone do that right now when all the investment banks have close to record revenue? Just 5 months ago, investment banks were in a rough spot. Now they are raking in this market recovery with little effort. I don’t know why you’d expose yourself to prison for a one time gain that would be limited because the institution needs to it make it obvious this occurred so you cannot extract maximum return.
You're making a couple implicit assumptions, here, though, such as:
1. The attacker has enough capital to load up on HTZ calls or TSLA puts.
2. The attacker has been planning this for a while.
3. The attacker is a US citizen
If any of those is not true, it changes the risk/reward considerably.
The money one is easy. Even if you get a bunch of call options for free, and if you manage to temporarily push TSLA down 10% (unlikely), then you still need $900,000 in working capital in order to exercise enough of those options to be able to dump them later for a $100,000 gain.
#2 and #3 adjust the actual risk of the operation. #2 because shoving the money around quickly gives a clearer signal for the SEC to pick up on, and #3 because triggering a whole bunch of extra KYC red tape risks getting even more hounds on your trail.
BTC does have to be turned into fiat. But I can only assume, based on how rarely people who conduct ransomware scams and the like seem to get caught, that bitcoin laundering is a solved problem.
>BTC does have to be turned into fiat. But I can only assume, based on how rarely people who conduct ransomware scams and the like seem to get caught, that bitcoin laundering is a solved problem.
Furthermore, professional black hats tend to have business expenses that can be paid in bitcoin so they don't even need to convert all of it.
You can't just pay your amazon bill with it; that creates a paper trail. The feds could subpoena Amazon to find you. You can only pay other dark web denizens, and only if you trust them not to use it for something subpoena-able.
Not true, you can sell to close back into the market without exercising. This is what most options traders do.
Also you can easily get them for "free" in a manner of speaking, if you use something like a bull put spread. You sell a naked leg of the position that pays for the purchase of the other leg.
There is no citizenship requirement for owning stocks of American companies. While U.S. investment securities are regulated by U.S. law, there are no specific provisions that forbid individuals who are not citizens of the U.S. from participating in the U.S. stock market.
You need to have a local broker/bank to deal in US dollars and in US stocks. While it's easy enough in the UK or Canada, it is really challenging to do for a random individual in most countries in the world.
Not true, I can walk into most banks here in South Africa and open an account that allows me to trade on foreign stock exchanges. Minimum deposits are in the order of USD5k, and
require only local ID to open.
Doing this anonymously would be much harder, but that's not what you were suggesting.
You think the FBI and SEC couldn't get a warrant, look through 10000 people's trading activity and have a list of 100 most likely suspects within a single day?
That's severely miscalculating the number of traders (around 10 million individuals, often with multiple accounts and multiple strategies, and not counting institutions). What I'm saying is that hiding in plain sight might be very easy - just join the crowd for a week and you'll look like many beginners that have scored surprisingly.
Do you trade? There are many ways to bet against a stock without actually selling it short. Shorting a stock is not even that capital efficient, and is capped at 100% return.
Sell a call spread, buy a put spread, do a diagonal calendar...
You'd be surprised. The SEC has largely been captured by the industry it regulates. Most employees there are junior level, looking to get hired into Wall Street.
There are certainly some strong employees as well, but they have only so much time.
> The SEC has largely been captured by the industry it regulates.
An objection that, while true, doesn't impact "will they go after Bitcoin scammers" much. If anything, it's precisely the sort of thing they'd prefer to do over fighting with industry.
Even very average positions could yield millions, especially a series of them. Imagine a "manager" of a MLM doing this with their team of sheeps. There are many teams like that.
I think the problem is you would need to use a previously active account to pull it off. If you get this hack today without an account history going back a ways, you're easy to find.
You think they could convict on "We looked at a thousand accounts and his was the most suspicious?"
If you don't leave evidence for a targeted inspection against you, it wouldn't help them to be able to narrow it down to "you probably did it" if they couldn't clear the "reasonable doubt" hurdle.
No, but it's enough to get a warrant for data or surveillance until they have enough evidence to build a case. They need to clear "probable cause" not "reasonable doubt."
No, I mean that you don't leave evidence for a targeted inspection against you to find. i.e. You execute the hack cleanly, the inspection against you finds nothing, and all they are left with is your suspicious trade, which is suspicious, but not prosecutable.
Before you're even under surveillance, you have to be perfect in leaving no fingerprints for XX years before/after and they only need you to screw up OPSEC once. Easy?
You just have to leave no evidence of the hack that links to you, but you have to do that anyway to get away.
There's nothing to hide after the fact. Dump the burner computer you used for the hack when you're done and never log in to the accounts, VPNs and VPSs you used again.
That you have the money is an open and legal fact, so you don't have to conceal anything really.
I know that's like a formulaic crack, but the last time I was at the DMV, I did wait like 2.5 hours ... because there were a huge number of people being served by a small number of people.
That's what efficiency looks like. Each transaction took a small amount of time, the clerks processed each one efficiently and had little downtime between them. Each clerk was maximally utilized, and the DMV was fully utilized all day.
A DMV where you could walk into at any time and a clerk was available to help you immediately would be incredibly inefficient: it would have too many clerks who were being paid to stand there not working. Convenient, yes, efficient, no.
I think it is very much a case-by-case basis, depending on a number of factors. Factors include, but are not limited to, what part of what government, purpose/mission, funding, incentives, and local culture.
Yes, one can find examples of incompetence and inefficiency if one looks, but one can find the opposite as well. I think a blanket attitude of government == inefficient incompetence is an unhelpful one, and a major part of how you get DMVs that deserve the purgatory comparison.
When Taylor Swift starts getting tweet responses to her "short Tesla!" tweet she would declare she was hacked very quickly and your plausible deniability would collapse.
You probably have to give Robinhood information about yourself for anti money laundering legislation. I don’t use them, but I had to give my birthplace and National Insurance (UK’s SSN) because of the latest round of aml law.
If that really happened, I think the SEC would have some questions for _every_ TSLA short / HTZ long that made exorbitant profit, with a special emphasis on anyone that entered recently.
Blue sheets are no joke. I got to see a glimpse of the info the SEC collects and learn a bit about how they use it. Dont underestimate the SEC on market manipulation. You would not be indistinguishable- it's a trap "novice" market manipulators fall for that makes them so easy to catch before they do really big news-worthy trades.
The FBI has some very effective ways to pick faces out of the crowd once there's real money on the line.
One of the advantages of using BTC for this attack is that as a stateless currency, fewer states are willing to dedicate resources to pursue people getting their BTC defrauded out from under them.
The FBI's history is a lot to go into in the space of a Hacker News comment thread, but to summarize the thought: yes, the long tail of crimes go unsolved, but high-profile crimes or crimes embarrassing to the state tend to get resolved because the organization has many resources to devote to such a task (especially in the digital era). For example, this was embarrassing to the government because it hit national news, and the cost of the tools put on the task of finding the woman are disproportionate to the damage to the car.
In this case, someone trying a major stock market manipulation would have drawn a lot of org resources. And given that even without those resources, it appears the dragnet may be closing in on them (https://krebsonsecurity.com/2020/07/whos-behind-wednesdays-e...), it would have likely been a bad call to try actual stock manipulation with their hack.
I'm not sure this works. A lot of the folks who're short on Tesla are big names with trading records who've been short on Tesla for a while. If you roll up and your first stock trade is to buy some short term put options right before the hack and then cash out immediately[1], that's going to be distinguishable and suspicious.
Any efforts to defer that (using a patsy with an established trading history, buying longer-term options, buying them earlier) cuts into your margins, and may well not work (since again, you've got to be the first one out since you know it's a momentary dip).
[1] - Remember, you know this is a momentary dip because you know the hack is going to get discovered soon, but the other investors don't know where the bottom is.
If you want to blend in with the RobinHood traders then you need to have some capital at play already and have had some success. Anyone whose first significant successful trades were yesterday would be up for scrutiny. At the point you fit that profile, risking what you have (and your freedom) for more becomes much less appealing.
Also, I suspect that if the hack had occurred during market hours, Twitter execs would have aggressively shut down the entire site. I imagine the hacks were intentionally timed to start after the markets closed to maximize the window for bitcoin payments. Twitter stayed up, so if that was the strategy, it seemed to work.
That’s the value of the internet that’s gone under leveraged by the public
Synchronize intent in one online bubble. Make it look like banal, random, distributed behavior via Robinhood transactions.
Mom, dad, grandma, and grandpa sat on the couch shouting impotently at Dan Rather.
The kids are shouting about all that behind their backs and figuring out how to leverage information technology from age 5 at a different scale than 30 years ago, to coordinate
I wonder if this falls under the category of insider trading? On one hand it's an interesting idea, convince a huge discord server to all buy a little stock. See if it moves the needle. But I can't imagine that there wouldn't be some implications from the SEC or feds if they found out the people were organizing.
Fraudsters open bank accounts in other peoples names all the time. The FBI says, if you wire money out the country, it's gone after 72 hours. I think they could do it with some effort and coordination. The main issue is that it was just a lone person not organized crime, not someone with tens of millions to spend, not someone with friends who own a hedge fund.
Feds would first filter the list of traders who have clean backgrounds and narrow it down to anyone who haven't been trading the stock for a while and they will review anyone who have withdrawn their cash quickly.
Unless you have been doing years of planning, planting clean evidences, you would stand out from the crowd.
> In reality you'd be one of thousands of people holding HTZ calls or TSLA puts in your Robinhood account. You could make a huge payday and be indistinguishable from the crowd.
For one, having known many posters on wsb personally, the number of people actually trading large positions vs the number participating in that forum is not the same.
Finally, people (apparently even the "informed" crowd here) greatly overestimate the difficulty of identifying individuals or actions in massive systems that are effectively recorded and completely surveilled, and they underestimate the resources of the feds. It's usually not that hard to whittle down to a handful of actions, and even if there are hundreds it only takes a tiny bit of taxpayer money to comb through it by hand.
> one person will eventually have to turn this BTC into fiat
Not if the perpetrator already participates in a cryptocurrency economy.
And even if the individual wants to convert to government currency, do you think that's a big hurdle in post Soviet states, or for state-sponsored attackers?
We still don't know if the hackers didn't steal all the DMs to sell on the dark web. They basically can prove without a shadow of a doubt to anyone that they were the hackers involved (by sending BTC from the publicized address). That removes any questions of authenticity for potential DMs and is likely to increase the price. They or someone else they resell to can then go about the blackmail aspects of the whole thing.
If they didn't mean the BTC address to be an authenticity stamp after the fact it seems silly to not have varied it to get around blocks.
edit: They can also use it for blackmail even if there's no incriminating DMs. By making up fake DMs and then using the authenticity stamp to "prove" they were authentic. Could cause quiet a bit of chaos if released in the right way and be worth something to someone.
I doubt Apple or Bill Gates have very many incriminating Twitter DMs. Kanye is a non-factor, nobody serious cares what a, respectfully, manic-depressive is DMing about.
Elon Musk might have some suspect DMs, but honestly I think his crazy Twitter behavior is priced into TSLA already.
I think this assumes that only the obvious accounts were affected (basically any that sent out the tweet about the scam). It's quite possible many accounts were accessed more quietly.
If they were stealthily looking for dirt, why would they draw so much attention to the compromise? There’s no way Twitter wouldn’t examine all of the accessed accounts now and the “this process access” theory is both sketchy in general (Guccifer 2.0 publicized the idea of putting forgeries into a dump to make them seem legitimate) and wouldn’t apply in this case since these are different accounts.
I don't think there was a way to hide this from Twitter once it was executed, since each hacked account got a password reset email. Assuming that you can't hide it from Twitter, then it's a fine strategy to make sure that everyone, especially potential customers of the hacked DMs, knows that you hacked these accounts.
If you're looking for dirt, you want to be the only one with the dirt to maximize potential for selling or blackmailing with said dirt. If you've found an exploit and exfiltrated the dirt that you care about, you might want to ensure that the exploit gets patched to stop others from being able to gain access to the dirt.
I would think it's more likely to be used as blackmail material, where they threaten to release them publicly if they aren't paid.
In that case, it's irrelevant what the public thinks of them, all that matters is what the blackmailed individual's ability to pay and what they thinks about the public seeing them.
Put another way, maybe Musk's DMs being leaked doesn't actually change anything, but maybe Musk feels like it changes a lot for him, either personally or professionally. That's worth money to someone with the DMs.
It's possible (though perhaps unlikely) that there are DMs that could get him 'cancelled'. I would guess that is the leverage that DM-blackmailers would use.
Sure, but I was actually commenting on how it doesn't have to be DMs that will get him cancelled. It only has to be DMs that look bad enough that he thinks something like that might happen. Or even some smaller thing.
If you're Musk with his money and resources, what's $10k or $20k to keep knowledge out of the public that you slept with your friend's or some random famous person's wife, or cheated on your girlfriend? The amount of money something like that is worth is relative to available money to the person and what the personal cost is to spend it. How much does it hurt Musk to spend $100k? Would he spend that much to try to keep knowledge of someone woman pregnant with his child getting an abortion? I think probably, if he thought he could keep the fact he paid secret if it came out later, since that would only make any story worse (regardless of how he feels about abortion, paying a lot to keep it secret is just fuel for any criticism while also being worthwhile for anyone that wants privacy).
This assumes they could only access DMs of people that sent out the spam (which includes Biden). In reality they could have pulled Trump and friends' DMs also, who have a history of using twitter for official use and seem to have questionable operational security.
Like I said, you don't need incriminating DMs, you just need the threat of incriminating DMs and enough authenticity proof to cause chaos. I can imagine certain governments who would pay money to have incriminating DMs about Joe Biden be released right before the election.
It's enough proof to convince enough people to cause issues. The media lacks depth and loves click bait stories. Timing is key but there is an election coming up soon and Hilary got hurt when her emails got leaked.
One point I don't see made often: in order to short or long any market, you need _initial_ capital too. This whole "ask 1 BTC to get 2 BTC" requires 0 initial upfront costs from the attacker.
It's a win/win situation, they can't lose. They've invested nothing in their scam to begin with.
Not just any initial capital, clean US dollars in a brokerage account under somebody's real name. You can't use BTC or rubles or drug money or whatever.
If this article is accurate, and the hacker did consider alternative ways to make more money, or legal ways, then this really puts the blame on Twitter. If their bug bounty wasn't absolutely ridiculously low ($7,700 for oauth account takeover), then they could have prevented this. Essentially they're putting the value of security for their entire user base as $7,700. This bounty should be in excess of $1 million easily.
Typically social engineering attacks are excluded. However given the large scale of this attack, there’s an argument to be made that there should be systems in place to limit the damage one rogue (or manipulated) employee can do.
It ultimately depends on how much twitter is responsible for other people getting scammed. And how much future discounted cash they lose from reduced engagement from this blip.
That assumes that the bounty should approximate the expected payout from some lawsuit against twitter plus loss of future cash flow due to the vulnerability.
If that value is still small, then there is no incentive to raise the price of the bounty.
I find it interesting that there were at least 100 people who both had enough money lying about in BitCoin (or at least, where able to figure out how to buy bitcoin on short notice) who intersect with the group of people who will fall for something which has all of the hallmarks of a scam.
I would have avoided the obvious doubling scam and gone for "donate bitcoin to this charity". Maybe with an explanation of how bitcoin can make it directly to the country where it is needed immediately.
That's actually a pretty good idea. Your idea is the first one I've read out of hundreds that I think could've possibly been a more optimal strategy.
It's tough to know for sure if it would've made more, though. Given the limited time window, I think I slightly lean towards exploiting greed vs. exploiting altruism. If they could somehow keep he tweets up for over 24 hours, I think your idea would likely win, but given they may have thought they might have about an hour, I think the scam route might've been more reliable.
Probably the most effective strategy would have been to diversify by posting various kinds of messages, some of which would be more effective and some of which would be less effective. Also would have been less likely to seem coordinated.
But the general sloppiness of the stratagem points towards not having the time / resources to do that.
Someone else suggested posting different BTC addresses per account and framing it as a quick charity drive contest. Which is a better version of this, IMO.
As for which one would win, I don't know. I can see the argument of immediacy with the scam. The charity scam I think would draw in a lot more smaller donors but I can't see them feeling the need to immediately send.
Personally I would have gone with the bounty, then shamed Twitter for the (probably) low payout in an effort to promote my brand.
>Personally I would have gone with the bounty, then shamed Twitter for the (probably) low payout in an effort to promote my brand.
The problem is that the attack requires active social engineering to pull off, so it probably wouldn't have been eligible for a bounty. "I could trick your employees and gain access to user accounts" isn't really covered.
The reason why (I think) this was less likely to work was because of haste.
The hackers knew their tweets would be pulled down in a few minutes or so, so they had to put out tweets saying "in the next 30 mins" for people to send money immediately.
This works well in what they tried, but asking people to donate in the next 30 mins would certainly have made it look suspicious.
Honestly, it isn't awfully surprising. Bitcoin is seen by many as a get rich quick scheme on the same level as penny stocks or OTM options expiring this Friday. It doesn't surprise me that those people are holding bitcoin (in a misguided attempt to double their money) and are ignorant enough to fall for something like this (in a misguided attempt to double their money).
I once sent an insignificant amount of bitcoin to one of those "honest Ponzi schemes" - that is websites which promise a quick return of 1+x% of your capital while declaring upfront that they will become insolvent, that they are ponzis. Just for the fun of it. I got my 1+x% back. The website shut down very quickly, the authors got scared by how many people decided to play this idiotic game.
It's human nature to play games like this. The whole idea of startup "IPO exit" is really just a ponzi play (if you think the company is good - why the heck would you sell it just as soon as the "dumb money" moves in?).
You don't need to send it any actual users. Just set up some transactions between wallets you control and use some sockpuppet accounts to make apparent 'winners'.
Tesla is one of the most heavily shorted stocks, and earning 1 million honestly wouldn't even be such a big deal considering how many instititutional and retail investors are swing trading it. Unless you bought some ridiculously short dated options, in huge amounts and then immediately faked Elon's tweets and cashed out, you could've made 500k easily no one would even think twice about it.
Yeah, with so much trading volume, it doesn't seem hard to blend in with the crowd. Whenever there's a big Musk tweet, there's already tons of news-based traders that immediately react and earn huge profits.
You could set up a plausible history ahead of time by doing innocent TSLA trades. Maybe establish a pattern of regularly scheduled trades. And then it just so happens that the fake tweet comes out right around when your scheduled trade was going to execute.
You still need to keep your cool and explain that to the FBI agent at your door. OPSEC is hard.
Not to mention that this requires a lot of upfront time and capital and depends on no circuit breaker being pulled, which would be quite likely giving the high amount of damage and blatant market manipulation.
You don't even have to trade the stock you attack publicly. You could trade a highly correlated stock. Maybe you wouldn't make quite as much, but you would be much harder to find.
Great point. Bloomberg's Matt Levine has been referenced elsewhere in this discussion, but he had this exact point [1] in today's newsletter regarding market reactions to COVID vaccine news:
"Signs of progress toward a coronavirus vaccine by Moderna propelled most corners of the stock market higher. … Most of the gains followed the release of a new study suggesting Moderna had reached a breakthrough with its coronavirus vaccine, setting the stage for a larger trial at the end of this month. Cruise-ship operators, airliners and other stocks sensitive to the coronavirus crisis led the stock market higher. Shares of Moderna rose $5.18, or 6.9%, to $80.22.
Royal Caribbean Cruises Ltd. was up 21.2%. Norwegian Cruise Line Holdings Ltd. was up 20.7%. Carnival Corp. was up 16.2%. American Airlines Group Inc. was also up 16.2%. United Airlines Holdings was up 14.6%. The biggest gainers were the vaccine-sensitive industries, not Moderna itself."
They're going to heavily investigate everyone that made a half million on a super high volume, widely shorted stock in a time of extreme volatility? To the point of finding a smoking gun that connects them to the hackers? I'm happy to be proven wrong about this but it seems implausible unless they were sloppy.
Why wouldn't they? To me it seems unthinkable they wouldn't invest significant resources into such an investigation, and I could think of plenty of ways they could narrow down suspects. There's a trade-off between potential reward and decreased exposure risk, there. Also, as stated by others, they'd already need to have significant (fiat) capital, and ideally a history of trading (else they'll automatically be near or at the top of the suspects list), which seems unlikely to me.
People with enough money to be investing regularly also probably don't need to orchestrate elaborate smash-and-grab cybercons to make money. People in such a position would already be doing fine and would have the added bonus of never fearing going to jail. I suspect whoever did this likely doesn't have much fiat money, or if they do, it's probably mostly dirty money which wouldn't be feasible to invest with.
Here, there's no risk/reward trade-off like there would be from shorting. It's a much more scalable attack: every additional hijacking results in additional expected value, but no additional risk. With some form of stock betting, the more you scale it up (in terms of reward potential), the more the activity would stand out.
I think the attackers made the smartest possible decision, given what they had/could do, if their goal was purely total profit (plus not getting caught). If their primary goal wasn't money, then it's certainly a squandered opportunity, but most criminals are just in it for the money.
Yes, absolutely. I mean, if you put in years of preparation and are an active trader with a big portfolio, 500k$ is probably getting through the net. But if you're a newer trader, not much invested or not many positions? You're sure as hell getting some questions.
I mean, yeah, there might be a ten or hundred people who match this criteria, but market manipulation is a very serious crime and when people lost many millions, the SEC is going to pour a lot of resources into checking everyone.
EDIT: This is also assuming the hacker is American. I bet you a lot that this matches very few people in, for example, India.
I don't think it's a stretch to assume this hacker group has some member with an active account, or to charitably take "you" to mean someone with (at least) a sporadic day trading history.
I have heard of drug busts that began with detectives going to a university in a town where the drugs (think synthesized drugs) seem to be originating from. Cross-reference all students on financial aid with all students that had taken Organic Chemistry 300. You could count the number on one hand.
Each were watched, one was seen making the handoff....
Sure, that's because America's law enforcement are extremely interested interested in the "war on drugs".
Will they go to those same lengths to find people who profit a few hundred grand or a mil on the stock market, when the consequences of what we're talking about could result in tens or hundreds of millions of dollars of profit/loss?
> They're going to heavily investigate everyone that made a half million on a super high volume, widely shorted stock in a time of extreme volatility?
These arguments all seem to be operating on the assumption that there would be a large number of day/swing traders who would exit their positions with perfect timing, but this is unlikely because they wouldn't have the knowledge that the price move was ephemeral and driven by a false rumor. The number of people who made a half million off it would be a lot smaller than you think.
Well, don't ever assume lack of sloppiness. ;) But to the large question: markets are built on trust, and the SEC has the job of ensuring the trust bedrock of the US markets via enforcement. A high-profile move like the one we're describing here, manipulating the US markets so brazenly, is worth spending more money than exchanged hands in the fraud to find the perpetrators, just so they can put heads on pikes and make everyone feel better that the system works (because the net loss of value if market trust breaks down is much, much higher).
I think what the parent is saying that the original post definitely misses is that the trading volume in short expiry options on Tesla is so high that it would be impossible to detect one trade in a sea of hundreds of thousands.
Why short at all? That is asking for trouble.
Buy some stock, then make some incredibly positive claims on Elon’s Twitter (l4 self driving perfected, coming next week to all customers after a lengthy secret testing. New battery chemistry wildly better than anticipated, twice the power density and a life of 25000 charge cycles - and it even costs less to make, without needing any cobalt or rare earths).
Watch stock go up, sell before the whole thing is clarified.
Trading the stock directly would probably not maximize gains. I'm saying you could buy short expiry call options and make far more money (or puts if you're trying to move the price the other way). Part of the reason people trade options is because you can make (and lose) far more money with less capital than you can by just trading the underlying security. In many cases it's higher risk, higher reward.
Here's a scenario demonstrating the idea:
Let's say I spend $92,300 to buy 61 shares of TSLA at its current price of $1,512.18. Then I post my Tweet causing TSLA to jump to $1600.00 on the same day and sell my 61 for $97,600. My total profit is only $5,300.
But what if instead I buy $92,300 of 7/17 TSLA call options at $1600? They cost only $9.23 per contract for 10,000 contracts. Now the same price movement to $1,600.00 today causes the value of my options to increase to $39.16 per contact. I can sell them for $391,600 netting me a total of $299,300 for the same starting capital. If you have access to margin then you're talking millions in profit with even a small price movement (though at that point you probably have to start worrying about the SEC).
As Matt Levine (who's twitter account is referenced in the article) says though, short-dated out-of-the-money call options are a good way to get the attention of the SEC.
In general though I agree with you - I think a person absolutely could make more than $100k on the market with not a lot of capital and get away with it.
Of course, "not a lot of capital" is still more than no capital.
I think you vastly overestimate the SEC's ability to catch these things. It's searching for a needle in a haystack.
The only time where the SEC has a really easy chance of catching you is with very out of the money puts purchased only days before the attack. The volume is much lower there and that's a much more common way to make money on this stuff (since with put options you don't need to short massive amounts of the stock).
> They managed to run off with a little over $100,000 before Twitter got the situation under control.
Not quite, I believe most major exchanges banning the address probably did a lot more to control the situation. Twitter took way way too long to react and their best course of action was just blocking all tweets from verified users...
It is since a decent chunk'o people be on that convenient Coinbase Wallet-aaS and if CB be like "hold up this a scam hunny" all that sweet koin finna stop rollin' in
The point about how you couldn't make money on the stock market is that the SEC has tools to catch insider trading? You could as easily say you couldn't hack Twitter because the FBI has tools to catch hackers.
Many people, hundreds if not thousands, have long positions on Hertz. They may be able to find something suspicious, but not anything that could differentiate you from "I read on wallstreetbets that buying these Hertz calls was a good idea." Especially if you seed your account with a few similar bets first.
Yes, but for that you first need a lot of money (especially if you're buying other positions as 'cover') and a lot of preparation time (as going deep into puts just before the hack is extremely suspicious).
And then you're still in hell, because instead of having a total damage amount of 120k$ plus some vague twitter downtime you now have cost investors millions of dollars and are in the highly illegal territory of stock market manipulation, instead of a rather simple scam with modest damage.
Also, saying "I've read that on WSB" is nice, but the FBI is still going to take your equipment for a nice inspection. No fun, I can tell you that.
Hundreds of thousands may have long positions on HTZ, but the vast majority are all day trading punters with relatively small positions that wouldn't net all that much money. The intersection of those with large enough positions to yield a large profit and those who perfectly timed their sale at the very peak before the market realized it was a fake rumor would be a lot smaller than you might think.
To trade you need to open an account with your name, social security number, address, occupation, and other details. Your broker will have to verify most of these details under federal anti-money laundering regulations. Immediately following the hack, your brokerage will be asked to provide a list of people who traded around the hack and benefited. All of your personal information will be in the hands of the SEC and FBI within a few days, and you will be one of very few people with no trading history who made a million dollars out of no where.
Yes, the FBI can do much more with having all your personal and financial information handed directly to them then they can with the IP address of a VPN exit node in a server log. There is no comparison.
I would not target stocks - that requires too much capital. Rather target currencies. A retail investor can leverage currency transactions 100 to 1 -- and such speculators are numerous. Also, Forex runs 24x7.
What if the US Federal Reserve had tweeted out a link to fake economic data suggesting an enormous fall in the USD was around the corner? Algorithmic trading could shift the USD by $0.01, which when multiplied 100x could have a pretty large impact on your USD/EUR play.
With my experience at running technology and security at a large fintech. It would relatively easy to purchase stock anonymously with a stolen identify. KYC(Know your customer) checks that online financial firms use to verify identity revolve around credit report data that can easily be bought or hacked. Think of all the online companies that offer access to your credit report.
Any foreign actor could get a brokerage account with relative ease compared to hacking a major social network. For the SEC to investigate, they would have to go through multiple companies to find the account. First would be the exchanges to search for suspicious trades. Next the clearing brokerage firms which online fintechs use to do the trades and then lastly the the fintech that stolen account was created on. Much longer to investigate than it takes for the money to settle from the trade and to get money out of the account.
Also there is a good change that you wouldn't trip any of the online FI's monitoring. If the money went out to the same account it came in on, that isn't that suspicious and happens all the time. The cash transfers would generate SAR(suspicious activity report) but still that would take a while for government to process and investigate.
Authentication of a person is broken in the US and needs to be fixed. We can't rely on credit report data and SSN.
I think they could have made more with just better ad copy. Send 1 get back 2 just stinks so much like a scam, most people wouldn't do it. What if you just asked for a donation in some good cause, and frame it as a contest between Elon and the other billionaires?
Also use different addresses per account. Should be really easy.
I think the hacker has to be some insider who knew their window was closing quickly, because the ad copy does seem incredibly lazy. Like if you had Musk 'crowdfund' the next Tesla, while Biden announces that the USD will be pegged to Monero if he's elected, and Apple takes 'deposits' for the next iPhone, it seems like you could have done much better. Maybe we're overestimating the relative value of the big-name accounts though.
You have total control of 15 Twitter accounts of your choosing for 90 minutes. What do you do?
This Twitter hack could have changed history, could have made some group of insiders fabulously wealthy, could have started a war, etc. Yet they "waste" it on an obvious scam.
My competing hypotheses:
- The hacker got way in over his head and panicked (the wasted opportunity branch)
- The hacker siphoned the DMs from the hacked accounts (and others that did not tweet out the scam), and this is just the beginning
- There are larger forces at work, and this was a demo for a larger client and is part of a longer play
Occam's Razor suggests the likeliest scenario is that the hacker got in way over his head and panicked. Most hackers aren't international criminal masterminds; they're infosec warriors or, fundamentally, bored clever people who enjoy the puzzle of finding out the true limits of what can be done with the technology in front of them.
The name of 2600 magazine is inspired by the story of people who---having discovered the worldwide telecommunications grid could be manipulated by properly-sequenced audio tones---used that knowledge and power to make free long-distance phone calls.
>- There are larger forces at work, and this was a demo for a larger client and is part of a longer play
seems unlikely, considering that the nature of the hack (compromised insider account) would most likely be cut off after detection. That's exactly what happened in this case.
- The hacker intentional choose a rather low-crime way with modest damage amount so that Twitter catches most the heat and he doesn't have all three letter agencies hunting for his head.
- He knows that OP-SEC is hard and choose a way that was simple enough to avoid traps.
Sure, but millions of stock market damages are another league than a bit of chaos on Twitter and 120k$ in scammed money. You can easily find a car which is worth more.
So yes, there's definitely going to be a search, but he could've gotten far more heat.
Not to mention he can literally just sit on the BTC until he decides how to best convert it into cash anonymously. And if he hasn’t already goofed up in a way that will get him caught then there’s basically 0 risk of legal repercussions at this point.
Can we stop with this idiotic "Could have started WW3" comment? I can't believe the amount of "blue checks" who've been repeating that since last night.
How do you start a war on Twitter? Let's say the hacker impersonates Trump and tweet "Missiles heading your way Kim!!", then what? First of all, every develop nation in the world has ways to detect missile launches. Second, there would just be a phone call between embassy asking "Whut??" and the situation would be solved in 15 minutes.
People need to stop pretending that Twitter is the real world.
If, in 2014, President Obama had tweeted something like "I've had it with Kim! Sending the missiles now!" no one would've believed it, as it would've been quite out-of-character and also he didn't go around announcing policies, executive orders and other business using Twitter.
With Trump though, it gets more complicated. He has antagonized and name-called the leader of NK on Twitter. He has announced policies on Twitter that even his cabinet weren't aware of beforehand. If he posted the above tweet (sub out "Kim" for "Little Rocket man") and you were Kim Jong-un, what would you do?
Sure, he's never announced a military attack on Twitter before (I think... although I'm not 100% sure) but given the other things he's done and his general nature, could you be 100% sure it's fake? And if it's not fake, then the rational thing would be to counterattack with whatever capability you have without waiting for confirmation from someone else.
And then, if you're one of the US Joint Chiefs: You see the tweet, you know that it's false, but you consider it from Kim's perspective (see the last paragraph) and have to game out the chance that Kim will see this as a credible attack and launch his rockets, in which case you'd want to launch ours immediately.
It's totally possible that they could get Kim on some sort of "Red Phone Line" and convince him that it's fake before he launches, and that might even be the most likely outcome. But if the hacker timed this right (to some time where the president was asleep or harder than usual to contact) I feel like there is a nontrivial chance it could result in at least one nuclear warhead getting launched.
If something like this came from Trump's account, people would believe that he tweeted it but not that it was actually going to happen. Heck I'm pretty certain he has already tweeted about bombing random countries before.
Certainly a single tweet like that will not start a war .
The tweets would have to be subtle and not something you wouldn’t say or now can back down from easily without damaging your reputation .
Social engineering is not a hammer , it needs find grained understanding of psychology , pressure points and what resonates with the crowds , these are skills which blue checks also need to be well blue checks that’s probably why they are more scared .
manipulating public opinion is their day job after all .
Deep fakes and hacks like this are scary for them coz these attack at the core of their strength - the trust the people have in them and their ability to manipulate it .
You might enjoy The 2020 Commission Report, speculative fiction by a foreign policy PhD specializing in nuclear proliferation.
One of his central interests is how these decisions are made. Where is the conference room? Where are the decision-makers? What does it take to get them assembled? What are their moods and information diets, and how might that influence them in a moment of crisis? What are plausible sequences of "accidental" escalation events that might align the stars for a nuclear launch? And how might Trump's Twitter interact with all of this?
It's fiction, obviously, but if you're interested in the guy's bona fides, this is some really fascinating open source intelligence work [0].
Yes, given that there have been real life incidents where the _missile detection systems_ said there were missiles on the way, and it was all sorted out, the "twitter starting a war" thing seems extremely alarmist. No-one would take a tweet, especially from bloody _Trump_, as sufficient evidence of an attack.
Imagine if you were able to impersonate Trump, and claim China started a war, with ICBMs heading for San Fransisco and Washington. Then, tweet from the Clinton, Obama and Biden accounts that he's actually telling the truth. Add in some international flair (e.g. Boris Johnson) and some celebrity voices, and even if it sounds outlandish, enough social proof from these people and you've got yourself mass panic on your hands. It might not be WW3, but it likely could've resulted in major riots.
Can you provide 2 or 3 examples? And they would have to be in a hyper-connected world like today, where any head of state can directly reach another in less than 1 hour.
I think I could have rotated/edited the BTC addresses faster by editing or deleting/resending tweets and taking over new accounts in a random pattern. The money stopped flowing in pretty quick when the popular exchanges blocked sending to the destination address.
Hey guys, so articles like this are no better than long winded hackernews comments. Which we all debate the semantics of and unceremoniously decide are wrong. So lets treat this article that way:
You absolutely could make money in the stock market instead and it has happened before buy trading the indices. The "problems" with individual companies don't exist when trading indices like the SPX or VIX.
This has already happened before, Associated Press' hacked twitter account sent out something alarming sending the indices in a brief frenzy. Like long enough for trading to react before correcting.
Sure, that is true, if you make a bunch of extra assumptions (resides in an applicable country; has a lot of fiat capital already; has a history of trading; has all the necessary financial knowledge and capabilities), and if you don't factor in the probabilities of getting caught.
On paper, the stock strategy could make more money. In practice, I think it's extremely unlikely it would be the optimal strategy here, or even a decent strategy. The maximum potential reward would be higher, but the expected value would be lower. (Perhaps it'd be negative, even, depending on the probability assigned to imprisonment and asset seizure.)
I think the attackers chose pretty much the best possible strategy if their sole goal was maximizing profit and minimizing risk of getting caught. Someone else suggested maybe setting up a fake call for charity donations, which might have worked even better, but overall I think they picked the smartest plan.
No, the hacker isn’t going to have a hard time cashing out their Bitcoins. All they have to do is pass the coins through a few Bitcoin tumblers before exchanging it for cash.
A $100k windfall income would have to be explained to tax authorities in most places won't it?
Taking it as hard cash sounds risky or laborious. Taking it to a bank account will trigger red flags. A story will have to be told that makes sense and holds up.
Converting it slowly over years is an option, but I'd put that in the 'hard' category especially if you keep doing this and sending the balance up.
Perhaps they couldn't have made more money, but they could have devastated the global market with a few well placed rumors from "verified" tweets. That frightens me more.
Yeah the only way I can imagine that you might have been able to get profits out of the regulated markets without getting caught would be to put on a short position a few weeks in advance and then send out a bunch of fake scary geopolitical items from the verified news accounts like Bloomberg's. And even doing it this way, if that's the only activity in your account the SEC still might find you.
Despite NK's paranoia, I think even they are clever enough to see if Trump's bark/tweet would have a bite. I don't think they would strike before being certain about an attack.
One thing to consider: the $100k gained in this attack is completely random. The attacker(s) had no way of knowing they would get that much. It could just as easily have been $5k or less. People are framing it like the attacker knew they'd be getting that much coin.
Heck, you could even sign a message saying you own the DMs with the private key that corresponds to the address that all the hacked accounts posted if you wanted to sell them / use them for blackmail
He/She might have a fair amount of luck throwing the BTC through scrambler/tumblers. These are services offered to mask your BTC address as other legit customers, making it much more difficult to track.
That being said... There is technology out there the FBI is hopping in bed with that is used to track this exact thing.
I think if they tumbled it an insane amount, they might get away with about 90% of the principal.
The SEC fails to catch or even detect the vast majority of market manipulation and insider trading. A volatile stock like Tesla has so much volume that a large amount of contracts (calls/puts) wouldn't even look unusual.
They most certainly could have gotten away with some form of manipulation using Elon's (or someone else's) account and gotten away with it.
The idea isn't to be anonymous per se, it is to blend in with the crowd. You join a few communities, you can easily, easily pull the Casino Royale short position/puts.
Say that production is halted, that you discovered faulty accounting, immediate recall, etc. Tesla would've plummeted.
And that's if you want to blend in with the crowd of volume and people holding puts, which, are not that expensive, especially if you push out a few weeks.
--
With bitcoin, it is not anonymous. You will have a pain to cashout 100k+ of bitcoin. The address is now literally blacklisted, the coins will be forever tracked, exchanges blocked and whenever there's movement, ironically, twitter threads will appear similar, if not akin to bitmex margin calls.
Any localbitcoin dealer worth their salt, would flag it because even if it's in escrow, it is most likely that small amount would blacklist their own account, especially since most traders are cheap and will send from exchange>localbitcoin escrow.
I think for most people the stock market manipulation would stand out enough to warrant deeper investigation.
- If you never trade in options or short sell, but the first trade you do is a massive windfall, that will stand out.
- To earn a decent amount, you need a lot of exposure to the particular stock. If you're not exposed somewhere else, and only to tesla to maximize this particular great trade, again that stands out.
- The above may narrow the scope, so when investigators look at you particularly, does your personal background include technical capabilities that others in the narrowed group would not have.
I suspect your correct in the sense, that if you had lots of assets, regularly trade in markets, and can be prepared ahead of the hack that you might be able to pull off market manipulating. But if you stumble into this huge hack as the author sort of points out, and were trying to pull this off before someone else discovers the bug or exploit and are unprepared, for many it doesn't seem likely they'd be able to manipulate the markets without standing out.
There's a variety of well known ways to launder bitcoin. Most popular ones being
- You could use a tumbler.
- You could use an exchange without KYC. Not all exchanges are US based.
- You could use websites such as morphtoken (preferably over a VPN, TOR, or i2p proxy) convert to any blockchain (perhaps Dash to create anonymized transactions) then convert back to BTC.
And a few more...
Playing the stock market is a huge risk as the SEC can probably filter down most participants who would've benefitted. It's far riskier.
To earn money by fake news, you need to bet against the crowd that will act on the fake news, and you need to make the bets prior to the fake news. The crowd will lose some money on the act, if you properly blend in with them, you won't earn anything.
And if you want to blend in with trades made by some insider community, then any posts you make there to trigger that crowd (and the timing of these posts) will be useful evidence to separate you from the crowd. I mean, it's just as with the investigation of pump-and-dump schemes with the added benefit that after warrants to sieze and review computers you can also get some evidence of the hack.
> The idea isn't to be anonymous per se, it is to blend in with the crowd. You join a few communities, you can easily, easily pull the Casino Royale short position/puts.
This significantly underestimates effectiveness of market surveillance tools.
Even so, I think that there's enough random idiots making random trades on the market that you could get away with it. You could anonymously post something that sounds vaguely credible on reddit's WSB board and use that as your justification if the SEC asks. If you do a good job, you've just convinced 100 people to be your patsies (and made them a handsome sum in the meantime)
That is predicated on dumb money not trading in patterns that are visible to market surveillance. We know for it not to be the case.
First of all, market surveillance is going to score trades based on profitability and on the expected value of outcomes. If the actor in question does not have a habit of trading options in certain patterns, he will be sticking out of the sea of other bets, significantly reducing the number of actors he can hide in. This will flag money movement. This will flag strange account funding. This will flag strange volume. This will flag strange time the order was placed in compared to the usual trades of this individual.
> If you do a good job, you've just convinced 100 people to be your patsies (and made them a handsome sum in the meantime)
This will probably not increase but decrease randomness.
The trick of avoiding being picked up on a market surveillance is not to hide among others who do what one does rather it is to hide a specific action one performs among a pattern of one's typical actions. That is why a hacker who does not normally trade options will most likely get nailed should he win based on a hack.
The transfer happened in fifteen minutes. Unknown how long it took to engineer.
Regardless, you compare things to their alternatives. Here the alternatives are: make much more money, make less money, don't commit crime. The first and last alternative each have logical reasons to recommend them, the middle one doesn't.
The Securities and Exchange Commission is drawing Republican criticism following reports that senior agency staff used government-issued computers to surf pornographic websites, according to the Associated Press.
An internal memo obtained by the AP said the SEC's inspector general has investigated 33 employees for looking at porn in the past five years, and 31 of those probes occurred since the financial turmoil began. This conduct violates governmentwide ethics rules, the memo stated.
This identical scam has been running in full force on YouTube ever since Bitcoin's halving event. I wonder how much this contributed to the lack of success of the Twitter scam.
It could have been a demonstration of power, maybe a state actor was testing their team, and they decided to Runescape meme on Twitter to show they could make a bigger play later.
I think there might have been other options with different risk odds, but at the end we talk about 100k for a massive hack with international attention. In review of that it's just a very small amount and not worth the risk. There are other ways to steal 100k without getting the attention of the whole world, especially if you're a "smart" hacker.
I am just surprised that these tweets actually worked.
It would have made total sense if the hijacked accounts suggested doubling others' donations to certain charities, as we have seen played out in the beginning of June. In fact, the first time I saw those tweets, with their "giving back" theme, I misread them as meaning exactly that, doubling donations to charities. But instead they were proposing to immediately send the money back, doubled. Asking people for money first is hardly a believable "giving back" offer; it should have raised so many eyebrows and red flags. Especially coming from Biden's account — I might almost believe it coming from Elon, but for Biden that would be completely out of character; he wouldn't have the imagination.
I wonder if people are paying more in a patron or only fans way. Supporting it as an attack on their least favorite blue check mark.
Also, I wonder if more of the value of the blackmail could captured with an auction mechanic; as in donate to X for public release or donate to Y to keep it private at a certain time the account with the most money wins. This mechanic could be manipulated behind the scenes for even more money.
Disagree strongly. The main reason is one needs to understand how much leverage you can gain by successfully playing very risky far-out-of-the-money call/put options, but also that the volume on stocks (and derivatives) like $TLSA is insane, and millions are being traded in it every single minute.
$TSLA OTM call/put options with the right tweet could easily make someone millions, and the liquidity and open volume is crazy enough on them that it'd be very hard to be found out. If that isn't good enough, you could post rumors and tweets beforehand to cause many others to also buy in, and there would be no way to reasonably separate who was behind it and who just joined in on it.
For example:
1) Tweet as Elon musk "Very good TSLA news coming up"
2) many more people buy calls, including yourself
3) Tweet as Elon musk "TSLA earning are going to beat by so much"
I disagree with some of the things that this article is saying since there are ways to fundamentally do the same scam, but not make it so incredibly obvious that it's a scam. Or, the user could cause disruption in other markets that are not obvious.
1. Change the order of who they targeted. The hacker started by attacking Elon Musk and a few other high profile celebrities. But, later in the hack, they tweeted from Mr. Beasts profile, a Youtuber who is known for giving away large sums of money. If they had started with Mr Beast, then there would be a lot less skepticism and a lot more confusion, since it would have been a lot more likely to not actually be a scam in users minds.
2. Target poorly regulated markets. Theres a decent amount of Liquidity on the betting market for the US presidential election on betfair. Have Biden tweet something out about him dropping out due to heart problems, have the Reuters/AP tweet a breaking news article confirming it, bada bing bada boom millions of dollars coming your way. Its not like the only liquid markets are well regulated. It looks like a hack thats designed to scare people for political points, but you can make money off it.
Why not combine the methods? Use the BTC stuff to fund the stock stuff, and have different twitter accounts do different things. Biden's for BTC, and Musk's for stock market manipulation. Plus steal the DM's for sale on the dark web.
They didn't mention the most nefarious thing you could do - spring an October surprise and throw a presidential election in the U.S.
I'm basing this on the fact that both the Trump and Biden campaign staffers are probably sending a lot of DM's. Releasing the most embarrassing information at the right time could prove pivotal.
I don't see how one can say "the SEC is good at investigating stock market shenanigans, therefore you couldn't possibly profit that way, end of story." That was a pretty common take in the other thread as well.
This is not insider trading. When an insider tips off an associate, investigators have full information on the pool of insiders. "Who knew about this ahead of time?" is a strong filter. Assuming the attacker had perfect opsec and the attack itself doesn't leave evidence that exposes them, they live in a much larger and murkier pool.
Additionally, the attacker might have known of this vector months ahead of time. This gives them time to lay groundwork, find accomplices, and prepare.
Quick thought experiment:
There is a bar I used to go to pretty often. It was cash only. Aside from cell tower pings, possible Google Maps location history, and N days worth of security footage, there is nothing tying me to that bar. I've known one of the bartenders there for five years now. We grew up in the same town. We're not Facebook friends, we don't talk on the phone, but we've now known each other in this context for quite a while. If you had a perfect "back home" social graph, we're probably ~3-4 degrees of separation. Linking us to one another locally starting from his perspective would involve very invasive investigation (i.e. putting names to faces for everybody on the N days of security footage that bar has archived, a subpeona for bulk subscriber data of people who have been to that bar, etc).
If I try to involve him in my market manipulation scheme, there's the risk he turns me in outright or that he rips me off and keeps the money for himself. Basically, the criminal conspiracy version of counterparty risk. Set that risk aside for a moment. Assume that he's on board with the plan. Also assume that I, as the attacker, leave no digital evidence pointing back to me.
Think about how egregious his trading behavior would have to be to bring enough scrutiny upon himself that the SEC has people reviewing this bar's security footage, building profiles of the randos who have been to that bar, all that. I don't claim that "tipping off the bartender" is the world's most original securities crime, but unearthing that connection is a much more involved process than the cases of "spouse/sibling/college roommate/tennis partner of CEO bought OTM options a week before acquisition was announced."
X people make, say, 1-10 million dollars off of a zany bet on stocks. Imagine how obvious your trade would have to be such that Y years from now, one of those new millionaires moves back to East Bumblef and makes a money-losing real estate transaction with another East Bumblefian (say, moi), and the SEC jumps over a hedge like "ah-HA! We've been watching your accounts this whole time, that other East Bumblefian knows how computers work and lived in an apartment four blocks from your old workplace in 2015, nobody could possibly negotiate this poor of a land deal, checkmate!"
The ocean is not so wide or deep as to guarantee that the FBI treating it as a high-priority case wouldn't find correlation between evidence the hacker left on their Twitter attack and market motion. They have a lot of resources to invest, and are willing to spend more than the short-term value of money changing hands in the fraud.
The suspicion doesn't trigger until the twitter scam happens. Once the scam happens though then a huge amount of scrutiny is triggered on all of the TSLA market activity. Will you still be able to hide? Maybe. But the high profile nature of the Twitter scam guarantees that they will be looking for you.
I am not even sure it would move much in either direction. Some traders would think it's good, some bad. Everyone's bets would cancel each other out and the delta in either direction would be small.
My guess is it would trend downward since my evaluation of $tsla is that it is a personality driven bubble; but my evaluation isn't everyone else's.
Yes, but there's a lot of room between ~$150k (that the defrauded bitcoins are worth) and what counts as "serious money" that will get you caught -- contradicting the clickbait thesis of "you couldn't have made more money" than the hacker. This is especially true in an environment of a stock that's heavily shorted already.
And if you really want to be pedantic, the hacker has made $0 from it so far, since the Bitcoins haven't been transferred anywhere to cash out. Which is pretty easy to beat :-p
The SEC frequently goes after proverbial insider trading dentists who make ill gotten gains in the $100K range. Given the intense focus there would be to catch the market manipulators, a sub-$1 million haul wouldn't be much protection.
Those types are caught because they're people who do virtually no active trading and then buy an individual stock while related (and connected by phone/email contact) to an insider. Not day traders who have joined a massive herd of the world's favorite stock to short.
Yea, but it's been shown that well placed posts on wallstreetbets can cause trading activity. A post like "some of you guys are cool. Don't hold any tesla puts on Wednesday" might be enough to generate a bunch of trades you can hide under.
I mean, maybe if you plan ahead to make it look like you had bought the PUTs anyway as a hedge. Plus then you better hope it actually drops by the amount you think it will. Definitely less guaranteed.
(Also true of 99% of all the topics people debate)
As far as this topic goes: you could prove the argument false by doing a better hack and making a lot more money. Or we could gain confidence in it as years pass and hacks happen but no one makes a lot more money.
> The big issue with all of these is that it’s very difficult to participate in the stock market anonymously. The SEC has all sorts of monitoring in place to catch more common forms of insider trading and fraud and you can guarantee that they would conduct a long, thorough investigation into a hypothetical hack-based market fraud. Unlike Bitcoin transactions, wire transfers and stock purchases can be reversed after the fact, and the exposure and risk go way up when you’re actually working with US dollars.
But this is divorced from reality. In reality you'd be one of thousands of people holding HTZ calls or TSLA puts in your Robinhood account. You could make a huge payday and be indistinguishable from the crowd. With the crypto scam, one person will eventually have to turn this BTC into fiat. With market manipulation, you've made thousands of retail investors indistinguishable from yourself rich. Which one sounds like a better idea?