When you imagine a team of highly skilled hackers attempting to make money, most people will probably think of some criminal exercise of exploitation, cyber crime or extortion. You certainly wouldn’t think of the stock market or investment firms profiting directly from this sort of enterprise – yet it seems this is exactly what is happening.
Hacking is going mainstream and it looks likely that there will be a lot more profit going legitimate than through the standard ransom or blackmailing routes. Others will perhaps argue that these new methods are pretty much the same as the criminals use.
The story arises from the tactics of a company called MedSec a cyber security firm which has recently started up. They investigated a range of hospitals and medical hardware for potential security issues and identified one medical devices company to be at particular risk – St Jude Medical Incorporated, more specifically the pacemakers and defibrillators they make.
At this point MedSec faced a classic, traditional ‘hackers dilemma’ – you find a serious vulnerability – what do you do? For the ethical hacker it often represented a difficult choice particularly if a little digital trespassing was involved. Many individuals have found themselves behind bars after attempting to inform a company or organisation about a vulnerability in their software or network, while some have been praised and rewarded. The MedSec guys though have a plan to inform and profit at the same time, although the ethics seem fairly dubious to many.
They approached an investment firm run by Carson Block called Muddy Waters Capital LLC with their money making initiative. The idea was unusual, MedSec team would prepare all the evidence demonstrating the problems with the medical devices, however before making this public the investment company would take out a short position on the parent company of St Jude Medical. Basically they would both make money if the share price fell in response to the negative news.
Sounds like insider dealing? Perhaps, although it is assumed legal advice was taken before this unusual tactic – here’s a MedSec representative justifying their tactics.
Convinced? Nope me neither, I suspect they may be in trouble for using this tactic. Where will it end ? The false concern about patients using these medical devices to try and justify their money making scheme was particularly hard to believe. Currently the tactic seems to have paid off though with the share price falling significantly and presumably making the ‘short’ position profitable.