Slashdot Mirror

← Back to Stories (view on slashdot.org)

Can AMD Vulnerabilities Be Used To Game the Stock Market? (vice.com)

Posted by msmash on from the setting-wrong-precedence dept.

Earlier this week, a little-known security firm called CTS Labs reported, what it claimed to be, severe vulnerabilities and backdoors in some AMD processors. While AMD looks into the matter, the story behind the researchers' discovery and the way they made it public has become a talking point in security circles. The researchers, who work for CTS Labs, only reported the flaws to AMD shortly before publishing their report online. Typically, researchers give companies a few weeks or even months to fix the issues before going public with their findings. To make things even stranger, a little bit over 30 minutes after CTS Labs published its report, a controversial financial firm called Viceroy Research published what they called an "obituary" for AMD. Motherboard reports: "We believe AMD is worth $0.00 and will have no choice but to file for Chapter 11 (Bankruptcy) in order to effectively deal with the repercussions of recent discoveries," Viceroy wrote in its report. CTS Labs seemed to hint that it too had a financial interest in the performance of AMD stock. "We may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports," CTS Labs wrote in the legal disclaimer section of its report.

On Twitter, rumors started to swirl. Are the researchers trying to make money by betting that AMD's share price will go down due to the news of the vulnerabilities? Or, in Wall Street jargon, were CTS Labs and Viceroy trying to short sell AMD stock? Security researcher Arrigo Triulzi speculated that Viceroy and CTS Lab were profit sharing for shorting, while Facebook's chief security officer Alex Stamos warned against a future where security research is driven by short selling.

[...] There's no evidence that CTS Labs worked with Viceroy to short AMD. But something like that has happened before. In 2016, security research firm MedSec found vulnerabilities in pacemakers made by St. Jude Medical. In what was likely a first, MedSec partnered with hedge fund Muddy Waters to bet against St. Jude Medical's stock. For Adrian Sanabria, director of research at security firm Threatcare and a former analyst at 451 Research, where he covered the cybersecurity industry, trying to short based on vulnerabilities just doesn't make much sense. While it could work in theory and could become more common in the future, he said in a phone call, "I don't think we've seen enough evidence of security vulnerabilities really moving the stock for it to really become an issue." Further reading: Linus Torvalds slams CTS Labs over AMD vulnerability report (ZDNet).

4 of 106 comments (clear)

  1. Seriously? Peddling the fake propaganda a second t by Anonymous Coward · · Score: 5, Interesting

    The last time this shit was posted, we established that the prerequisites for those "vulnerabilities" were ridiculous, requiring *at least* admin access, or even installing a hacked bios first! We also established that CTS labs were in bed with Intel had created the domain for this only right before publishing it. Apart from the fact that everyone agreed that giving AMD only such a short time to react befor publishing it, was completely unprofessional and a "hit job". (To which I agree.)

    So, do you plan on posting it until people believe it because we have given up on remindig everyone, or have you now brought your sock puppet troll army to silence everyone?

    Seriously, in my world, you need to go to prison over this!

  2. Securities fraud by Bruce+Perens · · Score: 4, Insightful

    Just in case it isn't clear enough to you, buying a security with insider knowledge of an unannounced problem with the company, then announcing the problem in the expectation that the announcement will manipulate the price of the stock, and attempting to profit from that, is securities fraud. It is the kind of thing that should be investigated by the Securities and Exchange Commission, and charges should be filed if appropriate.

    --
    Bruce Perens.
  3. Cuban won by raymorris · · Score: 4, Informative

    The SEC went after Mark Cuban and Cuban won. The Cuban case is an example of what is NOT insider trading.

    Also if you look at the SEC web site it says illegal insider trading is:
    --
      buying or selling a security, in breach of a fiduciary duty or other relationship of trust and confidence,
    --

    The fiduciary duty is the duty that corporate officers, the company's lawyer, etc, have to look out for the interests of the company (stockholders) rather than their own personal gain. I have no "relationship of trust and confidence", no fiduciary duty, with Intel or AMD. Therefore, according to the SEC I can buy and sell AMD or Intel stock based on WHATEVER information I have, as long as I didn't get that information secretly from someone who has a "relationship of trust and confidence" with the company, such as a corporate officer.

  4. Re: Seriously? Peddling the fake propaganda a sec by ShanghaiBill · · Score: 4, Insightful

    Manipulating markets with lies. Actually I thought that *was* grounds for prison.

    They are not lying. They are stating facts and opinions, and mixing them to confuse naive investors. They preface many sentences with "We believe" and "We may". This "obituary" was almost certainly reviewed by lawyers, to ensure that it got as close to "the line" as possible, without crossing it.

    You can fool some of the people some of the time, and for securities manipulation, that is enough.