Speaking at the ASIS International/(ISC)² Congress in Chicago today, the director and chief economist of the U.S. Cyber Consequences Unit – a non-profit think tank – revealed his latest forecast for the world of cybercrime during a panel discussion on offensive cybersecurity.
“There is a limit to how much money you can steal by credit card fraud and improper account withdrawals. There’s no limit to the amount of money you can make by manipulating a financial market”, Borg told the audience. He explained that if a cybercriminal or group takes a particular position on a stock, commodity or financial derivative, and then executes a cyber-attack to alter the price of the financial instrument, then the money-making possibilities are almost endless.
“If you short a company’s stock, and you run a barrage of attacks that discredits the company’s websites and drives business away from it – and that stock begins to fall – then you can make 100% profit for every dollar it falls, and you can reinvest on the way down and multiply your investment by 50 to 100 times”, Borg outlined.
The noted cybersecurity expert said there is little in the way of current measures to prevent such manipulation, explaining “if someone identifies who actually pocketed the profit – which itself is unlikely or very hard – then you can say ‘I hear a rumor this company was going to be attacked, so I shorted its stock’.” In short, he argued, there is nearly impossible to prevent such a cyber-based financial attack from occurring.
“The possibilities here are just so enormous, and the ramifications”, Borg said, adding “this will transform the field of cybersecurity.”
Fellow panelist, Adam Meyers of CrowdStrike, supported this claim, pointing to the Syrian Electronic Army’s hack of the AP’s Twitter account in July. The VP of intelligence at the cybersecurity start-up recalled how the pro-Assad hacktivist group compromised the AP’s Twitter feed, and then issued a false tweet claiming an explosion at the White House had injured President Obama. The errant tweet led to a brief plunge in the Dow Jones Industrial Average, which temporarily erased more than $136 billion from the indexes value.
Borg told Infosecurity that it’s not the first time he has made this prediction, but has only done so in more private forums over the last several months. Now the public assertion has come, he said, to raise awareness about the dangers of what he described as a “pending long-term trend of concern”.
“We’re already seeing cyber-attacks to steal information to anticipate market movements, starting three to four years ago with big attacks on the IMF and World Bank”, Borg said during the panel discussion. “All of the agencies in the world that compile financial and economic statistics for their country are being attacked like crazy. That’s why we are saying this now in public.”
As early as 2002, Borg predicted a Stuxnet-style attack was likely, telling the Economist in 2010 that Israel has long had the capability to develop such a cyber-weapon as a more effective means than military strikes to derail the Iranian nuclear program.