When Hackers Attack, Feds Yawn

Posted On May 28, 2019 By Dave Gonigam

  • Who’s to blame for Baltimore hack attack? How about the NSA?
  • Time and again, deep-state cyber “exploits” boomerang on Americans
  • The easiest way to play cybersecurity for market-beating returns
  • Success story: Activist investor pounces, everyday investors win
  • Super Bowl commercial in court, and a mind-bending ruling
  • Jeep and Renault reunited?… another (brief) bitcoin milestone… readers respond to our radical First Amendment take on Assange… and more!

If you’re still naive enough to believe the federal government exists to protect you, take a look at Baltimore.

Your editor lived there for nearly a decade; many of my colleagues work at Agora Financial’s headquarters there. And for the last three weeks, they’ve experienced a measure of inconvenience thanks to the federal government’s upside-down priorities.

Some can’t pay their city water bill. Others can’t settle their parking tickets. One — a fellow who does coding for our voluminous emails and web postings — nearly had his home purchase fall through.

My fiancée and I found out the day we were supposed to close that we would not be able to do so,” he tells me.

“Because title companies were unable to perform a final check with the city’s records, they were unable to guarantee interest rates and final closing costs for buyers.

“Fortunately, the title company was able to find a workaround to continue processing real estate payments. But our homebuying process was delayed for about two weeks.”

Three weeks ago today, hackers hit Baltimore city government with a “ransomware” attack.

City workers’ computers froze. On their screens popped up a demand for $100,000 in bitcoin. City leaders have chosen not to give in — uhhh, not that they have a lot of spare cash in the budget, anyway.

And so city workers’ email accounts are inoperable. If you go to the city’s website and try to pay your water bill, you’re greeted with messages like this…

Baltimore City Cyber Attack

The identity of the hackers is unknown. But they’re not the ones who bear ultimate responsibility. No, that lies with the federal government.

Let’s rewind to March 2017. That month, WikiLeaks spilled a trove of CIA documents that came to be known as “Vault 7.”

As we described at the time… the CIA had long ago discovered vulnerabilities in the hardware and software produced by American high-tech companies. But rather than say to those companies, “Hey, we found this stuff — you might want to patch it,” they said to themselves, “Hey, what if we use this stuff to jack around with the Chinese and the Russkies and the Iranians?”

The fact that hackers might discover the same vulnerabilities and use them to jack around with you? The CIA couldn’t care less.

As soon as WikiLeaks published the documents, engineers at Cisco were pulled off other projects to “analyze the means of attack, create fixes and craft a stopgap warning about a security risk affecting more than 300 different products,” as the Reuters newswire reported.

“That a major U.S. company had to rely on WikiLeaks to learn about security problems well-known to U.S. intelligence agencies underscores concerns expressed by dozens of current and former U.S. intelligence and security officials about the government’s approach to cybersecurity.”

But it’s not the CIA’s hacking tools that are blowing back on the city of Baltimore now.

No, it’s different hacking tools from a different tentacle of the national-security octopus — the NSA, headquartered a half-hour’s drive away at Fort Meade, Maryland.

So reported The New York Times over the weekend. “According to three former NSA operators who spoke on the condition of anonymity, analysts spent almost a year finding a flaw in Microsoft’s software and writing the code to target it.”

They gave it the name EternalBlue. Then they began to use it, relying on the same template the CIA did — “in countless intelligence-gathering and counterterrorism missions. EternalBlue was so valuable, former NSA employees said, that the agency never seriously considered alerting Microsoft about the vulnerabilities, and held on to it for more than five years.”

Until a security breach in April 2017. An outfit calling itself the Shadow Brokers dumped the code online. “Years later,” says the Times, “the agency and the Federal Bureau of Investigation still do not know whether the Shadow Brokers are foreign spies or disgruntled insiders.”

In the ensuing two years, online scoundrels have spread EternalBlue worldwide — including to Baltimore.

One of the most notorious incidents was also one of the earliest — the “WannaCry” attack of May 2017, targeting 200,000 Microsoft Windows users in 150 countries. Britain’s National Health Service was briefly paralyzed. Renault auto factories in France shut down. FedEx deliveries were disrupted.

As noted here in The 5, Microsoft President Brad Smith took the extraordinary step of calling out the NSA — and the CIA — for their mischief. “Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.”

Fast-forward two years and the Times tells us Mr. Smith is calling for a “Digital Geneva Convention” in which governments would pledge “to report vulnerabilities to vendors, rather than keeping them secret to exploit for espionage or attacks.”

Yeah, we’re not holding our breath here. Another revelation from the year 2017 we passed along is that for every dollar the federal government spends on cyberdefense… it spends nine dollars on cyber-offense.

“We’re hard-pressed,” we said at the time, “to think of a better example to demolish the civics-class mythology that says the government exists to protect you. No, it exists to wield its own might. It places far greater priority on burrowing into Chinese servers than it does on protecting your data from Chinese hackers.”

Baltimore city government might be too cash-strapped to upgrade its computers and ward off hackers… but many private companies will spare no expense on cyberdefense.

Agora Financial was early to the cybersecurity game — identifying investable plays way back at this time in 2013. By late 2014, the sector had become hot enough to spawn an ETF — the ETFMG Prime Cyber Security ETF, which trades under the appropriate ticker HACK.

It’s up nearly 60% since launch — comfortably outpacing the S&P 500, which itself has been no slouch the last 4½ years.

Cyber Security Chart

We see no reason that outperformance can’t continue. And our editors will keep their eyes peeled for specific names in the sector that can deliver even bigger gains.

The major U.S. stock indexes are scratching out small gains to begin this holiday-shortened week.

At last check the Dow has clawed its way back above 25,600. As it stands, the Big Board has registered five straight weeks of losses — something last seen in 2011.

Among the big movers is Fiat Chrysler — up nearly 7% on merger talks with France’s Renault. (Fun fact: A done deal would bring Renault and Jeep back under the same corporate umbrella. During the ’80s, Renault owned a controlling stake in Jeep-maker American Motors — which Renault sold to Chrysler in 1987.)

Gold is losing ground, back to $1,279. Crude is up a few cents at $58.78. Bitcoin jumped above $9,000 in weekend trade but has since slipped back to $8,689.

The data gods delivered two more weak housing numbers this morning. The Case-Shiller home price index rose 0.1% in March, less than expected, and year-over-year growth is now the slowest since 2012. A separate home price measure from the Federal Housing Finance Agency also clocked in below expectations.

Sometimes a stock pick works out even better than you expect — thanks to the intervention of an “activist investor.”

If you’re not familiar with the term, it’s not some sort of social justice warrior thing. Rather, it’s a deep-pocketed investor who sees inefficiencies in the way a company is run. He buys a big enough stake to get a say in the makeup of the board — and force profitable changes.

So it goes with Nestle, which Zach Scheidt recommended to his Lifetime Income Report readers as a safe, slow and steady play in early 2017. “The company’s shares seemed to be trading at a discount to similar American stocks’,” he explained. “Plus Nestle paid a generous annual dividend — with a long history of boosting its payouts every year.”

Less than six months later, along came activist investor Dan Loeb and his Third Point hedge fund — buying $3.5 billion of Nestle.

“Loeb had one key demand when Third Point acquired its stake in Nestle — that the company sell off its noncore brands,” says Zach. Stick with the chocolate and the bottled water and the Gerber baby food; dump the skin-care stuff like L’Oréal.

Took a while, but Nestle found a buyer a few weeks ago willing to pony up $10 billion for its skin-care unit. Nestle closed last Wednesday at $98.91.

Time to sell, Zach said. (Loeb might well do the same, he points out.) “Factoring in the pair of dividends we’ve received while holding our shares, we’re looking at a gain of 50%.” For access to more of Zach’s slow and steady plays that could turn into big gainers, give this a look.

Great moments in advertising litigation: A federal judge has laid out excruciatingly precise guidelines for what Bud Light can say about its rivals’ use of corn syrup.

You might recall it all began with one of the better Super Bowl commercials this year…

Bud Light Commercial

Ah, yes, the misdelivered cask of corn syrup. “We don’t brew Bud Light with corn syrup,” said the Bud King — who led a group who took the cask to its proper destination of the Coors Light castle by way of Miller Lite’s.

Then Anheuser-Busch followed up with billboards touting Bud Light as having “100% less corn syrup” than their rivals.

MillerCoors sued, demanding all advertising yanked if it invoked corn syrup.

On Friday a federal judge in Wisconsin issued a temporary order while the case moves forward: Because there’s no corn syrup in Miller Lite or Coors Light… Bud Light advertising cannot suggest there is. But… the original Super Bowl ad is still fair game since it only refers to the brewing process and not the final product. Got it?

Both sides are claiming victory. Of course, the real winners are the lawyers, right?

“Article on Julian Assange was one of your best ever! Spot on!” a reader enthuses after yesterday’s 5 — which was actually a reprise of an episode from six months ago. “The corruption of our government is beyond the term ‘unbelievable’!”

“Great Information! I agree. Thank you for sharing information I never considered,” says another.

“I appreciate the open and nonpartisan addressing of this critical issues,” adds a third.

No, the approval was not universal.

“Assange should be in jail for many, many years.

“Stole emails from the Democrats and published them. How is that legal? Helped defeat Hillary Clinton. Has us stuck with Trump.”

The 5: And if the shoe had been on the other foot? If they were Trump emails and Clinton won? Would you still feel that way? Be honest…

To be precise we still have no idea who stole the emails from the Democratic National Committee.

Bill Binney, a dissident 30-year veteran of the NSA, is convinced from the publicly available evidence that the emails weren’t even hacked — they were leaked by someone, possibly on the inside, with a thumb drive or similar device. (Please spare us any Seth Rich emails.)

In any event, Assange isn’t charged with anything from 2016. The weird thing — or maybe it’s not — is that the Mueller investigation never interviewed Assange, even though Assange offered to make himself available.

Indeed, The Hill reported in early 2017 — before Mueller was appointed as special counsel — that Assange was close to a deal with the feds. In exchange for limited immunity, he would discuss “technical evidence ruling out certain parties” in the DNC leak.

Then FBI chief James Comey got wind of the potential deal and issued a “stand down” order. Hmmm…

Best regards,

David Gonigam

Dave Gonigam
The 5 Min. Forecast

P.S. “Keep up the great work,” says one more correspondent. “I live in Canada and we are being ‘pecked to death by a duck.’ Slowly but surely we are being strangled.

“Soon we will all be criminals to some degree and could be incarcerated at will.”

Really, we already are: See the now-10-year-old book Three Felonies a Day by Harvey Silverglate.


Other Articles In 5 Min. Forecast

New Daily Issue Posted 5 Days Ago By Dave Gonigam

“The term ‘conspiracy theory’ was invented by elite media and politicians to denigrate questions or critical presumptions about events about which important facts remain unrevealed,” wrote the veteran D.C. journalist Sam Smith.

Read This Daily Issue