Security Horror Stories: Why Hackers Are Influencers
Okta sponsored this podcast.
On Wall Street, there’s a bit of a panic. The hedge funds have been hacked by influence: The influence comes from a subreddit, which is a group within the Reddit social messaging board, who are using their stimulus checks to buy up stocks that the hedge funds were shorting.
What’s a short? It’s betting the company’s stock price will go down. What did the subreddit influencers do? They bought the stocks that the Wall Street barons were shorting. The result: hedge funds facing big losses on their short bets.
Welcome to our new series “Security @ Scale” on The New Stack Makers with Okta that explores security in modern environments with stories from the trenches including security horror stories and fantastic failures.
In this episode, co-hosts Alex Williams, founder and publisher of The New Stack, and Randall Degges, head of developer advocacy at security services provider Okta, speak with guest Marc Rogers, vice president, cybersecurity of Okta, and co-founder of the CTI League, a global volunteer emergency response center, to discuss the anatomy of what will likely be considered to be one of the most disruptive hacks in the history of Wall Street. It could also change how institutional and individual investors buy, sell — and short — stocks in the future that are traded on U.S. exchanges.
Rogers, who is also head of security for the fabled hacking conference DEF CON, also said he gets to ”see a lot of crazy stuff going on,” he said.
One of the interesting things about the subreddit influence hack is how it serves as a prime example of “what influence operations are capable of” today, Rogers said.
“The world has changed,” he explained. “In the old days, it used to be that specific leaders or specific organizations held the power and influence — but now that’s distributed.”
The GameStop influencer hack reflects how “folks in Reddit have gone together and have decided that they’re going to squeeze companies that are essentially investing against the success of other companies,” Rogers said. He described how companies hold positions before shorting the stocks they purchase on a large scale. By applying simple supply and demand principles and exercising market influence, a stock price can rise, while “these companies are betting that the price is going to go down,” Rogers explained.
The institutional investors “keep putting the pressure on by buying more,” said Rogers. “And what’s happening is you’re getting these Wall Street giants who hold billion-dollar funds that are being squeezed by kids with their stimulus checks — and that’s the power of influence.”
Germane to security in the DevOps world, Layer 7 denial-of-service (DoS) attacks serve as a potential analogy to help describe the subreddit forum influence hack.
“They use more resources than just hitting everything — with a traditional denial service, you just throw garbage at the machine until it gets swamped, which has gotten harder and harder to do with defensive systems,” said Rogers. “But if you go after specifically, weak spots, where functions are exposed, that use up a lot of resources, and you hammer them for relatively small amounts of investment, you can cause quite a huge amount of resource debt at the other end.”
However, at the same time, the subreddit forum Wall Street influence hack should not be equated, either, with a Denial-of-Service (DoS) attack, “because this isn’t really seeking to break, [but instead], this is actually seeking to create a profit scenario for those people who are participating, Rogers explained.
“The difference is they’re doing it in a way that’s going to be at the disadvantage of the more traditional folks — and this is really a classic of old meets new,” said Rogers. “And I think we’re going to be learning about this and the effects of this in economics textbooks and university classes for decades to come.”