Thursday, August 27, 2015

Lessons from the Ashley Madison Hack


Ashley Madison (AM), a worldwide dating site for nearly 40 million married people looking for things on the side, was hit by a massive hack where gigabytes of user data are leaked to the public.  36 million email addresses and activity history are in the wild, and Avid Life Media (ALM), the owner of the site, insisted that the data may not be genuine.  So naturally, the hacker dumped another (larger) set of data -- 13GB worth -- containing even more sensitive information (internal emails, source code for the website and mobile apps, etc), taunting ALM's CEO to admit that the hack is real.

Here are some of the things we've learned:

1.  Most "hacks" are not really so 

I hate to bring up CSI:Cyber all the time,  but the kinds of "brute force attack"-type hacks (like you see on TV) are terribly slow and heavy on computing resources, and they are rarely successful.  Moreover, the typical hacking methods of SQL injection and buffer overflow attacks are well-documented, and good IT specialists know how to prevent them.  "Hacked" companies are more likely to be victims of one of the following:
  • social engineering: along the lines of me calling Microsoft's support hotline, telling them I'm Bill Gates and I've lost my password,  
  • a rogue employee (or ex-employee, contractor, vendor) stealing and dumping data they have/had privilege to (this even has a technical term 'doxing').  

Sadly, victimized companies probably won't admit they screwed up their customer service or internal HR policies, they'd rather say some criminals spent tons of money to break into their system.  So the general public will continue to think they are more vulnerable than they really are.


2. People are super-lazy with their passwords

I can explain this: perhaps these people think they just want to try the website once, so they just use stupid passwords like "123456" or "password".  I do the same on sites that I wouldn't give real personal information, like news sites or software companies' download pages.


3.  Dating sites like AM are sleazy, probably stuff their database with fake (female) profiles 

They do it in order to attract new members, even going to lengths to hire an army of "angels" to manually write fake profiles in multiple languages and post image sets stolen from Facebook.  These fake profiles are then "reanimated" by software, programmed to talk dirty to men and induce them to pay up.

Is it ethical? Nope (although accusing an extramarital hookup site of acting unethically is a bit redundant).  But illegal? Unlikely (i.e. somewhere in the legalese it will say the site is purely for "entertainment purposes").  Is it acceptable because all other sites do it? Maybe.  The fact that these kinds of sites are full of fake women and real scammers seeking to steal from unsuspecting men? Not surprising at all.

John C Dvorak of PC Magazine:
"What our researcher discovered in 2003 [from various dating sites] was that you sign up for these operations and then get inundated with messages from women who are just itching to meet you. But you must pay for more information. And surprise: once you join, you never hear from anyone ever again."


4.  It seems fair to say most men are probably not cheaters

We men are probably just curious, want to see what's out there.  If something happens, well great.  But (more likely) if not, well, it's only a few bucks, we can just move on and call women bitches.   If anything, us men, we are just retarded.


5.  People are less concerned about "financial information" than they are about "personal data"

Who cares about my credit card info? Needless to say, people who actually have secrets, are panicking.


6.  The vultures have come out and they stand to benefit the most from the debacle

I'm talking about divorce lawyers, ambulance chaserslitigation lawyers, and extortion artists.


7.  Hell hath no fury like a woman scorned

John McAfee -- billionaire cybersecurity expert, real-life Tony Stark and world-renowned connoisseur of cocaine, guns and prostitutes -- combed through the massive data dump and concluded the AM leak was done by one single female insider -- probably a disgruntled former employee, and that the so-called "Impact Team" hacker group does not exist.  You may agree or disagree, but read McAfee's article and tell me it doesn't seem plausible.  If you want to have fun, read it out loud as Oscar Winner™ Patricia Arquette explaining to Ally McBeal's befuddled boss.  As if things are not crazy enough, the key to identifying the real perpetrator may be legendary hard rock band AC/DC.

Head of FBI Cybercrime Division: "Ooh, is that the new angry birds?"




8.  This leak will be a game-changer

We only get real-life data dumps of this magnitude once every few years.  The silver lining is that this "hack" would provide a massive corpus for analysis by data scientists (in addition to showing the naked truth about these kinds of sites, of course).  It would, hopefully, change how companies view security and the importance of safeguarding customer information.  Just hope the impact would be as definitive as the 2009 "Rockyou" hack and how it changed cyber security forever.



Wednesday, August 26, 2015

Blast from the Past Movie Review: "Lagaan" (2001)


Highly recommended watch, if you can withstand 4 hours of hilarious acting and equally laughable dancing.  Starring Aamir Khan and a bunch of folks I've never heard of, 2001 hit Lagaan is described as an Indian epic sports-drama comedy, which basically sums it up.

Set in a small Indian village during the time of the British Raj, the first two hours shows the plight and daily lives of local villagers as the colonial officers impose high taxes ("lagaan" means tax, I think), even charging punitive rates when the villagers try to organize.  The head honcho challenges local leader Aamir Khan to a game of cricket, where if the villagers win there will be no taxes for a year, but if they lose they would have to pay more tax (double and triple lagaan!!)

--Intermission--

The second half shows the villagers learning a game they've never seen before while singing and dancing.  They learn by peeking at the other team's practice -- kinda like the New England Patriots.  Funniest moment when the pitcher (bowler? quarterback? no idea what they're called) discovers top spin, everybody thinks it's the greatest thing in the world.  I'll not spoil the ending, but you're free to guess (or just watch the clip below).

In sum, 2 hours of fiscal policy discourse + 2 hours of singing, dancing, and cricket = box office smash hit!  (it literally earned two megazillion crores)




Saturday, August 15, 2015

On parenting


David Roberts on Vox.com:
"Life is just a series of moments, and it's amazing how many of them we miss, rush past, or disrupt because our minds are elsewhere... Be aware of those moments, and never turn one down. If you face a choice — a moment or a chore, a moment or bedtime, a moment or work obligations, a moment or your damn iPhone — always choose the moment. They seem abundant, sometimes too abundant, in those early years. But childhood isn't linear; it seems to accelerate faster and faster as it progresses, and when it's over that set of memories will be all too finite."



Thursday, August 13, 2015

Random thoughts on China's stock market collapse

In China, red means a stock price is up

1.  The stock market was red hot ... (then it turned green) 

So hot, in fact the Chinese stock markets created US$6.5 trillions of value in just 12 months – the Shenzen Composite was up 158% year-on-year as of early June 2015.    Then it went down crashing to everybody’s hysteria and confusion – except everybody outside of China saw a massive bubble from far away.  Between June and July, Shenzen lost 40% of its market value before some multi-pronged government intervention stopped the bleeding (basically by stopping trading for half the stocks).


2.  In the beginning there was easy money

The bubble was fueled by the People’s Bank of China (PBOC) multiple rate cuts.  Four reductions in the reference rate since November 2014, as well as the RMB peg to the USD (which was just recently lifted this past week), form the pillars of the “Chinese QE” policy to boost growth.  Low interest rates were intended to drive consumption as well as investment.

Unfortunately the Chinese economy is not driven by consumption; its people are avid savers, unlike Americans who regularly max out their credit cards to buy everybody Christmas gifts, or the latest Iphones.  China’s savings rate (51% of GDP) is triple that of the US.

The Chinese used to put their life savings into bank deposits.  But after the rate cuts, bank account yields became unattractive, so they all moved on to buying property.  This worked for some time (i.e. many years), but after terrible cases of oversupply in many markets, property prices came down and the government promptly told the public that property was no longer safe haven.  So people went into the stock market in droves.


3.  China has more trading accounts than Indonesia has population(!)  

Credit Suisse estimates there are 258m trading accounts in SH and SZ stock market.

Some analysts point out that the Chinese stock markets are actually quite small (as % of GDP) compared to the markets in US/Japan, or even compared to the Chinese bond markets.  I think this is probably more telling about the sheer size of the economy, than a commentary of the stock market, which is indeed still fledgling.

Green means down

4.  About 2/3 of Chinese investors don't have a high school education

...some are even illiterate.  Inexperienced investors don’t have a clue about portfolio risk.  Even Chinese farmers were giving up tending their fields in order to tend their stocks.  Many investors are young -- about 1/3 are age 30 or below.  Uninformed investors tend to be on the hook for losses, as more experienced players readily cash out of the market.

These people entered into the stock market because the Communist Party was pushing them to buy buy buy.  As the market crashed and burned, they will likely blame the government -- which is why the government is very fearful of widespread anger and anarchy.


5.  These unsophisticated investors bought shares using borrowed funds

Margin lending skyrocketed; the official amount is RMB2.2 trillion, up five-fold in 2 years.  On top of that, there’s possibly double that amount in unofficial/unrecorded margin lending vehicles, as low interest rates and loose banking policies encouraged such loans to shady lending companies.

Margin lenders even allowed – probably encouraged – using property collateral for stock purchases.  This means is that fickle market movements could (and probably would) result in people losing their homes.


6.  Not just retail investors; even corporations drank the kool-aid

Chinese companies borrowed funds in huge amounts, with stock as collateral – exacerbating volatility.  Even junk companies that should have gone bankrupt, successfully raised capital in the market to stay afloat.


7.  Government is making an all-out effort to bail out the stock market

Because of the sheer number of retail investors, the government is risking social unrest if the stock market collapses without intervention.  Meanwhile, critics say the government’s efforts are fruitless and lacking in coordination and transparency.


8.  China doesn't have an official spokesperson, like Greenspan or Draghi, to calm the markets

Senior officials in the government, usually appointed by the Communist Party, are afraid to say something that may upset their bosses.  So investors dwell in befuddlement as prices continue to collapse.


9.  The Chinese middle class aspires to be wealthy in retirement

...even if the odds are against them.  I call it the mahjongg syndrome™, perhaps driven by the fact that it's a huge country and everybody knows “a friend of a friend” who had made it big time.  That’s why people gamble all their money, invest in junk stocks, and buy Bitcoins.


10.  Critics say the problem is more fundamental

... that the Chinese economy is hugely misdirected.  Over-reliance on investment and exports as part of GDP, wrongly-incentivized local governments, general misallocation of assets and stubbornly low consumer spending could mean the economy is stuck in a “middle income trap”.

However, this is not news; experts have argued for years whether China was about to have a hard or soft landing.

Max Fisher of Vox: "...to be a reliable growth engine, China must recalibrate its entire economy. This will require politically-sensitive reforms to empower small-and-medium-size companies, get off the country's addiction to exports and rein in a massive shadow-banking industry prone to creating debt bubbles."

Ah don't forget about the debt issue. Local governments have been accumulating debt at record pace, with recent estimates putting 2015's debt service burden at 1 trillion yuan (US$156bn) while revenue dwindles due to slumping property sales.  Similarly the private sector is massively indebted -- a large portion in foreign currency (i.e. USD-denominated) loans, making it highly vulnerable to painful deleveraging when the RMB devalues.  According to a 2014 report by the Conference Board:

"Private sector debt, now at almost 200 percent of GDP and up from 117 percent at the end of 2009, is still accruing at 15 percentage points per year [...] This pace of credit creation is unprecedented for China, and the result has been debt levels that are now well in excess of the thresholds that have historically triggered financial crises in other countries.”

11.  What we know for sure is that the Chinese economy is slowing down

... and it will likely start a global recession.  Ray Dalio, a prominent hedge fund manager, writes in his report that the market mayhem will hugely affect consumer spending.

The impact comes from the direct shifts in wealth and the psychological effects of the stock market bubble popping […] Though stock prices are [still] significantly higher than they were two years ago, the average investor in the stock market has lost money because more stocks were bought at higher prices than were bought at lower prices. We now estimate stock market losses in the household sector to be significant—i.e., about 2.2% of household sector income and 1.3% of GDP. However, these losses appear to be concentrated as only 8.8% of the population owns stocks. These are [only] rough estimates.[...]  [But even] those who haven’t lost money in stocks will be affected psychologically by the events, and those effects will have a depressive impact on economic activity.

As the second-largest economy in the world, a hard landing in China will have negative reverberance globally.  Demand for commodities will be adversely affected, which will impact all emerging economies who are dependent on commodity exports like Indonesia, Brazil or Argentina.  Australia, also another resource-rich country, is already bracing for a dramatic slowdown.


12.  There's still a lot of unknowns

Most experts don't believe official numbers coming out of China, so it’s hard to judge the impact in the short-term; we can only assess the complete picture after the fact, perhaps years later.  What we know is that the country is so large, that we can make any argument, no matter how non-sensical, providing China as evidence.


Tuesday, August 11, 2015

7 thoughts on the crude oil price crash



1. Blame it on the Yankees.  

The crash is mostly caused by the rapid rise in petroleum production in the US and Canada over the past 5 years.  US output is up from 5.3 mmbopd in 2010 to 9.3 mmbopd today, whereas Canada from 2.5 mmbopd to 3.9 mmbopd.  The rapid rise – nearly double the barrels in five years – has thrown a wrench on global supply-demand dynamics, since the US has always been the largest crude oil consumer worldwide by far.


2.  It has caught everybody off guard.  

Back in 2011-12 nobody expected US production to continue rising the way it did. Remember "peak oil"? Or even "energy crisis"? Nobody is talking about these now....

From Ben Casselman: It isn’t just that experts didn’t see the shale boom coming, but they underestimated its impact at virtually every turn. First, they didn’t think natural gas could be produced from shale (it could). Then they thought production would fall quickly if natural gas prices dropped (they did, and it didn’t). They thought the techniques that worked for gas couldn’t be applied to oil (they could). They thought shale couldn’t reverse the overall decline in U.S. oil production (it did). And they thought rising U.S. oil production wouldn’t be enough to affect global oil prices (it was).

3.  Entire (centuries-old) industry dynamics have been completely upended.  

From Business Insider: "... in the past, large integrated oil companies — BP and Exxon Mobil — and state-owned companies have owned the more efficient, low-cost production while smaller oil companies faced higher barriers to entry. In the past, drilling oil necessarily required huge investments in platforms and equipment; massive balance sheets or state backing were virtually required to get into the market.
But with lower-cost fracking technology, this has changed. [...]  as a result, oil supply continues to run into the market as fracking companies are able to produce oil cheaply and shut down wells quickly when they become unusable or unprofitable.  [...] Meanwhile, large oil companies or countries that depend on oil revenue to meet spending commitments have continued pumping oil because they still need to bring in that revenue, regardless of price."

Meanwhile the Saudis also continue to pump despite the glut, partly because their national budget is 90% dependent on petroleum revenue, and also perhaps in attempt to drive out high-cost shale producers.  It hasn't worked.  OPEC is mostly defunct.

4. Africa and Latin America have been hit hard.  

Oil-rich emerging countries such as Angola and Ghana got their economies whupped through budget imbalances and asset misallocation.  Venezuela, well, it has much bigger problems than oil.

5. Russia also fell victim.  

The premise of the 2013 movie Jack Ryan: Shadow Recruit is about how Russia would launch a terror attack on the US if crude falls below US$79/barrel. Well, oil is at $50 in real life now, and surely Russia is in huge economic trouble – with oil is just a small part of the cause.  The country’s economy shrank the most since 2009, with Q2 2015 GDP contracting 4.6% yoy.  The rout on commodities markets has overshadowed the signs of stabilization by hammering the ruble and shaking a country whose budget relies on oil & gas for about 50% of its revenue. Inflation eroded consumer buying power, as sanctions over Ukraine choked access to capital markets.  The country is a bit unique, however, in the way the nation has united in its unwavering adoration for Putin despite the country's freefall towards poverty.

6.  Widespread hit on global commodities -- and countries dependent on them.  

It's not just crude oil, but it's a perfect storm of slower Chinese growth affecting all metals and mining commodities, discovery of substitutes for rare earth minerals, Greek debt crisis, and tapering of QE policies worldwide -- all at once.  Even agri commodities, which continue to see solid demand and no technological disruptions of any significance, have been impacted.

Pretty much all countries dependent on commodity exports, from Australia to Brazil and Argentina, are seeing slowdowns and contractions.  Even worse, net oil importer countries, like my hometown Indonesia, fail to benefit from the drop in oil prices, usually through a lethal cocktail of resource misallocation, sticky prices, inflation, and strong dollar.

7.  So volatility is here to stay... or is it?  

The past 10 years have seen some of the most volatile crude prices in history.


But history is history.  Going forward, there isn't seem to be much volatility going around.  Supply shocks don't have much effect on prices, because traders know that US and Canada can ramp up production quickly whenever prices go up.  If anything, we may not have seen the bottom.  Maybe the market will move again in the long-term.