insider trading to me.
A team of security researchers tipped off an investment firm about alleged software vulnerabilities in life-preserving medical equipment in order to profit from the fallout. Researchers at MedSec Holdings, a cybersecurity startup in Miami, Florida, believed they found numerous holes in pacemakers and defibrillators …
well no... to do insider trading you have to be an "insider", i.e. privy to knowledge only held within the organisation. From a regulatory perspective this is an outsider having done some research and understanding more about the company than it knew itself.
This would be insider trading if the research had been performed in house or if the results had been made known toe SJ and then one of thier management team acted on it.
From a legal perspective this is much closer to "we've looked at firm X and discovered that they have missed out applying for key business licences in half of the countries they operate in"
A loss of objectivity for the MedSec security review team? Since they are shorting the stock of the company whose product safety they are reviewing, it's literally true that the worse their report is going to be, the more money they make. Instead of accepting their findings with a degree of impartiality, their target can simply say, "These safety reports are exaggerated due to a clear financial motive" and, whether or not this is true, use it to delay having to spend money on recalls or updates.
Shorting is ethically and financially right and necessary - otherwise there is no way of the market saying that a company is going down. Only being able to signal that something is going up leads to bubbles.
It's like saying that the media should only be allowed to report good news
~ True! But lets not pretend that this approach works universally. The Reg has reported cases where corporations have merely gagged the messenger or sued them or found another way to bury the truth.
~ For example, the case of the smart meter comes to mind etc: "Seattle Suehawks: Smart meter hush-up launched because, er ... terrorism"....
~ But the real problem here is that the ill gotten gains should have all gone to charity to prove this really was done for all the right reasons...
... if it pushes "security" up the priority list by directly affecting the value of the senior exec's stock options.
In the future, companies like this may well ensure that the security analysis is done up-front, to prevent this happening. Nothing else seems to have worked so far.
(Disclosure, I work at a financial services firm, and I've done three rounds of compliance training in the last 14 months due to changing jobs and whatnot; I just finished the last round last week. I'm just a humble IT droid, with no access to any trading systems or seekrit info, but everyone has to do the compliance training. )
Surely trading on the basis of material, non-public information (MNPI) open and shut insider trading? Whether the info has come from within the medical device vendor or not not is immaterial. No? (Looking for clue from actual finance people, please, not guesses by IT droids.)
AC for obvious security reasons
Nope - this was non-public but wasn't insider.
It's no different from discovering that the brakes in our VW are made from cheese, then finding out that all the other VWs in the parking lot have cheese brakes - and then deciding that the price of VW might go down.
I have to admit, my first thought was that the hackers/profiteers should be in jail. However upon further reflection I think this is exactly the type of approach that needs to be taken.
I don't care if targets medical device manufacturers, cars, mobile phones or IoT light bulbs. Name them, shame them and make a buck in the process. The result is going to be that companies become proactive about security instead of reactive. ( target, Home Depot, khols - I'm thinking of you ).
Upon further reflection on this... there will probably be lawsuits filed by St. Jude Medical. There's a hint of blackmail by the security people. Could it become the new normal... "pay us for these bugs, or we make a big stink in public and short your stock."? The upside it might work this time. St. Jude might just fix the holes and keep their stock growing which will hurt the security guys.
But what about the next time? What about if someone say publicly "you have serious security holes so were shorting your stock?" when they haven't found any holes.
Or go the other way... "we found no holes, we're going long on your stock"...?
There's a lot of room here for abuse and manipulating stock prices.
Biting the hand that feeds IT © 1998–2019