July 12, 2021
Hacking for Ransom - A Franchise - When's the IPO?
By Andrew Hecht
- The hackers have been winning
- Companies have been paying- Colonial and JBS
- Cryptocurrencies are untraceable
- The US government says- You’re on your own
- The ramifications are staggering for businesses and markets
My phone constantly rings with solicitations for solar energy, extending the automobile warranty for cars I got rid of years ago, and with dire warnings that charges are pending against me from social security, the IRS, or other agencies. Some are annoying, but many are scams.
A few years ago, I opened an email that locked my entire computer system with a message that I would receive the key if I paid a handsome sum in Bitcoin. I chose to get rid of my hard drive and start all over again. Losing years of files was the price for an education. I have never opened a file from an unknown source since that experience. I am even extra careful with attachments from known sources these days.
Hackers are an ongoing and growing problem for individuals, companies, and even government agencies. Whether they sit in Russia, China, North Korea, or our own backyards, there seems to be no stopping the efforts to extract a ransom. Hackers have been attacking those with insufficient security and have become so technologically sophisticated that they can pierce cyber armor that protects data and the ability to conduct business.
The ransom business is profitable. It has a low overhead and is growing. It is disruptive and dangerous. The nefarious offshoot of technological advances is so successful that a public offering of shares in hacking companies would likely receive a high valuation and lots of interest. After all, it’s a real money maker for the culprits.
The hackers have been winning
Around two years ago, my 91-year-old dad received a phone call from someone saying he was an attorney for his grandson. The caller said my son was involved in a car accident, was in the hospital in Boston, and was under arrest for driving under the influence. He asked my father to send money immediately for his grandson’s defense. Fortunately, he called me, and I immediately called my son, who was sitting at his desk at work in New York City. The call was a scam. I called the FBI, who said they deal with this every day, and there was little they could do as the scammers use networks and phones that are untraceable.
Technology has only made law enforcement’s job more challenging. Savvy criminals have been winning. While we did not fall for the scam, many succumb as they pull on emotional drawstrings. What grandfather would not do anything to help or protect their grandchild? If one out of ten or even one hundred scamming attempts succeeds, the criminal venture is highly profitable.
Meanwhile, hacking computers take scamming to a new level. When a hacker gets inside the systems of a business or a government agency, they can extract valuable data, proprietary corporate information or shut down all business activity. The latter seems to be the most profitable as companies with little choice are paying up and forking over millions, making hackers huge winners.
Companies have been paying- Colonial and JBS
Two hacking instances in 2021 temporarily roiled commodity markets. On May 7, Colonial Pipeline, a US oil pipeline system originating in Houston, Texas that carries gasoline and jet fuel to the Southeastern United States, was the victim of a ransomware cyberattack. The hack impacted computerized equipment that manages the pipeline system.
The move created fuel shortages and caused refining spreads to spike higher in mid-May.
The chart shows the spike in the gasoline crack spread to $27.30 per barrel during the week of May 10. The refining margin moved to the highest level since September 2017 as the market feared shortages and consumers in the Southeast began hoarding gasoline.
Jet fuel is a distillate oil product. The NYMEX heating oil futures contract is a proxy for other distillates like jet fuel.
The chart of the heating oil refining spreads illustrates the rise to $21.28 per barrel during the week of May 10 as the Colonial Pipeline hack created fears of shortages. Colonial Pipeline CEO Joseph Blount told the US Senate Committee on Homeland Security and Governmental Affairs; his company paid a $4.4 million ransom on May 8, the day after the attack. The payment was in Bitcoin, the hacker’s currency of choice.
On June 1, JBS, the world’s leading beef supplier, suffered a hack of its computer networks that briefly shut down operations in the US and Australia. While the Colonial hack caused gasoline and distillate prices to spike higher, the beef markets spiked to the downside.
August feeder cattle futures dropped to a low of $1.4510 on June 1.
August live cattle futures plunged to $1.14625 per pound on fears that meat processing plants would not accept animals because of the hack.
JBS CEO Andre Nogueira said the company paid hackers an $11 million ransom “to prevent any further risks for our customers.”
Cryptocurrencies are untraceable
Some market participants and government officials believe that Bitcoin and cryptocurrencies are causing a rise in hacking that holds companies and individuals hostage. Cryptocurrencies are a libertarian form of money that flies beneath the radar of government officials, central banks, and regulators. While the blockchain records transactions, they are anonymous.
Christine Lagarde, the President of the European Central Bank, and Janet Yellen, the US Treasury Secretary, have expressed concerns about the nefarious uses of cryptocurrencies long before the recent hacks.
Passions run high in digital currencies. A few years ago, JP Morgan Chase CEO Jamie Dimon called Bitcoin a “fraud.” At the same time, Warren Buffett, one of the world’s preeminent value investors, said cryptocurrencies are “financial rat poison squared.” Charlie Munger, Mr. Buffet’s 97-year-old partner, doubled down and called cryptocurrencies “disgusting” and a threat to civilization in recent comments.
The lack of regulation and anonymity make Bitcoin and other cryptos a hacker’s dream.
The US government says- You’re on your own
The payment of ransom by companies that are critical parts of the US’s energy and food supply chain infrastructure is a failure of the government to protect the businesses and people they serve. Colonial and JBS pay taxes. The individuals that depend on their products pay taxes. The US government is responsible for a safe environment.
While the Biden administration promised to get to the bottom of the hacking issues, the President said that the businesses were on their own. President Biden told a reporter, “The bottom line is that I cannot dictate that the private companies do certain things relative to cybersecurity. A lot of you are very seasoned reporters; you’ve been covering this debate up on the Capitol Hill for—before I became President—and, unrelated to President Trump, just a debate internally among Senators as to whether or not the government should be assisting. And it gets into privacy issues and a whole range of things.” The ransom payments were a sign that the businesses could not wait or depend on the world’s leading democracy for assistance.
At a recent summit in Geneva, President Biden sought assistance from Russian leader Vladimir Putin as Russia is a leading source of hacking activity. Since the meeting, the hacks continue. Last week, the US leader called his Russian counterpart again to reiterate his displeasure.
The ramifications are staggering for businesses and markets
The ramifications of hacking for ransom are downright scary. If the culprits can hold a critical energy pipeline and the world’s leading beef supplier hostage, what about the US power grid, water supply, farm and logistical networks, and other critical infrastructure? When companies or individuals pay the ransom, there is no guarantee that the hackers will not demand more or refuse to provide the key so systems can operate. Moreover, a hack that takes data or proprietary information could be a gift that keeps on giving to hackers.
It seems that the anonymity of the cryptocurrency asset class only exacerbates the problem. If a hacker cannot receive untraceable payment, they will be less likely to attack. Meanwhile, infrastructure, companies, and individuals remain at risk. With more regulation on the horizon, hackers may use a closing window of opportunity to step up their nefarious activities. A massive hack could impact markets across all asset classes, not only their prices but also their continued operation. Hacking and ransom attacks are a clear and present danger that is growing. They have the potential to disrupt markets and the supply chains for essential products and services.
Trading advice given in this communication, if any, is based on information taken from trades and statistical services and other sources that we believe are reliable. The author does not guarantee that such information is accurate or complete and it should not be relied upon as such. Trading advice reflects the author’s good faith judgment at a specific time and is subject to change without notice. There is no guarantee that the advice the author provides will result in profitable trades. There is risk of loss in all futures and options trading. Any investment involves substantial risks, including, but not limited to, pricing volatility, inadequate liquidity, and the potential complete loss of principal. This article does not in any way constitute an offer or solicitation of an offer to buy or sell any investment, security, or commodity discussed herein, or any security in any jurisdiction in which such an offer would be unlawful under the securities laws of such jurisdiction.