OSIRIS Brief 0.27.0
Reddit roils the financial markets, while cybersecurity retaliates against major threats.
The Internet Breaks WallStreet
Last week, subreddit r/WallStreetBets rallied the value of GameStop stock, potentially costing short-selling hedge funds billions of dollars. The details of the “GameStop Short Squeeze” lie outside the OSIRIS Brief’s purview. However, the squeeze has caused some serious political “feelings” (like the kids say). While the GameStop short is unlikely to be as good or bad as some might like, the saga is an example of changes the internet is creating throughout sociopolitics.
Markets use and create information, and when the internet democratized information, markets will be affected. In the past, only certain elites could access information necessary to trade stocks profitably. The internet allows everyone better information, and they are using that information to trade online. Furthermore, cheap communications allow disparate groups to coordinate through fora like Reddit. It should not surprise us that people take such opportunities to make small fortunes.
The political battle resulting from the GameStop squeeze is only starting. Hedge funds and technology companies have already taken steps to preserve their primacy, but retail traders are not giving in. I believe attempting to substantially curtail public access to stock markets will damage the markets’ ability to operate efficiently and may harm political stability.
North Korea Attack Cybersecurity Professionals
Google threat analysis identified a campaign believed to come from North Korea targeting security researchers. Microsoft noted similar attacks and attributed them to the North Korean Lazarus Group. Security researchers are the people who probe software for vulnerabilities that can be exploited to steal information. Most of the cybersecurity information I provide comes from security researchers.
Attacking cybersecurity research can serve two purposes. First, researchers may know of exploitable vulnerabilities, and stealing those vulnerabilities will increase cybersecurity capability. Second, researchers are part of the national defense, and degrading research could harm cybersecurity. Either way, cybersecurity researchers are better equipped than most to recognize and repel cyberattacks, and attacking them represents either audacity or recklessness.
Joint Op Takes Down Dangerous Botnet
Both the FBI and European Union police departments announced a successful operation to dismantle the Emotet botnet. The operation involved police across North America and Europe and dismantled one of the largest botnet threats in the world. Emotet had spread widely through corrupted MS Word documents and was largely used for crime.
Botnets are major security threats because they can secretly marshal thousands of computers in service of nefarious ends. Botnet operators may pursue their own objectives, including distributed denial of service (DDoS) attacks, or malware. Emotet, like some other botnets, was also available “for hire,” which allowed other criminal or state-sponsored organizations to use a powerful botnet. Taking down Emotet buys a reprieve from a major threat, if only temporarily.
Noteworthy
The President and the Peloton: A Security Love Story by Simpson
Fake Copyright Violation Notice Aimed at Stealing Facebook Accounts by Dedenok
What Is So Foreign About Foreign Influence Operations? by Ördén and Pamment
How China Detects and Blocks Shadowsocks by Alice, et al.
‘Lebanese Cedar’ APT by ClearSky Research
Cyber Intelligence: HUMINT Operations by Bank Security
David Benson is a Professor of Strategy and National Security focusing on cyberstrategy and international relations. You can reach him at dbenson@osiriscodex.com.
To get more insightful analysis like this in your inbox at no cost please subscribe.
Share this Brief with someone who might appreciate it.
Ask a question! Raise an objection! Leave a comment!