Slashdot Mirror
SEC Halts Trading on Spam Driven Stocks
goombah99 writes "The SEC has taken action to halt transactions on spam-touted stocks. Presumably this opens an opportunity for denial of service attacks on stocks. However, to be effective spam generally must target penny stocks with historically low volumes and thus the actual capitalized market impact or effect on the companies for a temporary shutdown can be expected to be negligible and transient. One example was given of a touted apparel stock jumping from 6 cents to 45 cents over a period of days before settling down to ten cents a share and near 65,000 or about $6500 in transactions (an eighth of the peak share volume, and a 50th of the peak transaction value). In other words, the market distortion of a brief shutdown, even if it were a DOS attack, would be massively less than the integrated spam surge. The thing I found surprising was that for this to be an effective measure with human oversight then the number of such events must be relatively small in number. From the amount of spam I get I'd have guessed it was a tidal wave."
Because those 'stupid' enough to go out and buy those stocks give the spammers incentive to continue. Spamming people like you and I who don't buy the crap.
I.O.U One Sig.
Presumably this opens an opportunity for denial of service attacks on stocks. However, ... the market distortion of a brief shutdown, even if it were a DOS attack, would be massively less than the integrated spam surge.
Two platitudes:
- In a race between weapons and armor the weapons eventually win.
- To end a war you must defeat the enemy.
My bet: Once this goes into effect the spammers will adapt. Expect the result to be a bigger problem.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
All this does is give bad guys a new way to extort money from companies. "Hey, Mr. CEO! Wire $50k to my egold account by Friday or I'll send pump&dump spam and get trading suspended on yoru company's stock."
The right answer is to unroll these trades and see who is profiting. Then start doing some analysis on the brokerages associated with these trades, because I'm willing to bet we're talking about "less reputable" brokerages. Now pull their securities dealer's license. Do you think that would cause other brokerages to look more carefully at sudden large volume trades on previously thinly-traded stocks? I do.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
Pump and dump violates the securities laws, right? The SEC's own web site calls them "fraudulent".
So why can't they track these guys down and prosecute them? The SEC has a pretty good investigative force. They tracked down Martha Stewart. They subpoenaed her phone records and everything.
You have to buy these stocks from a broker, so that leaves a paper trail. They have to report stock purchases to the IRS, if nothing else. You can't buy stocks with stacks of currency, can you?
The guys who are behind the pump and dump schemes by definition will buy the stock at the beginning, send out 10 million spam to get the suckers buying, dump the stock when the price goes up, and leave the suckers holding the bag.
So why can't the SEC track these guys down through the brokers, and prosecute them for this pattern of buy and sell that is obviously fraudulent?
Will somebody who understands this better than me explain to me why the SEC can't enforce the law?
It's time to stop tolerating ISPs that tolerate infected PCs. Is spam the only thing a zombie can do? No. Will this stop ddos botnets? Not a chance. One thing at a time, and spam leaves a trail. The Heinlein strategy: ~when you don't know how to solve a problem, do any part of it you do understand, then look at it again.~
Get as many as possible of the major email services - gmail, hotmail, yahoo, aol, all their equivalents in other countries - to backtrack inbound spam envelopes to a retail ISP. Crank up the heat on the worst offenders until they shut off zombies. Private warnings, name and shame, SMTP brownouts and blackouts, BGP blackhole.
The ISPs all have AUPs. Seems simple enough: they warn spam sources, point them at instructions and commercial offers of help for a full disinfect, then if they stay infected shut them off until they pay for an ISP-provided (and expensive) brainwipe. That'll make lots of new niches in which the scum who'd otherwise be sending spam can turn a buck, and take the load off everybody but the clueless.
Now, obviously, this is *too* simple somehow, or otherwise somebody'd be doing this already. What is it?
As always, all IMO. Insert "I think" everywhere grammatically possible.
First of all, the fraudsters aren't stupid enough to leave (much) of a paper trail; its common for them to use brokerage accounts compromised by phising. They execute their pump'n'dump via a stolen account, and by the time the dust settles the funds have been transferred.
Secondly, many of these folks operate from abroad and the amounts involved - in any single fraud - just aren't large enough to warrant the intervention of The Feds. Sad but true.
Because the market for these shares is so thin - most of the pink sheets companies will have market caps of less than one million dollars - the criminals can't fraudulently run huge amounts of money. So they perform a large number of smaller transactions.
Short of some organised crime indictment, The Feds won't get involved as the individual amounts are so damn small.
A message from our sponsor
Do you even lift?
These aren't the 'roids you're looking for.