Connectivity

Want to Make a Buck in the Stock Market? Bet Against Companies Likely to Be Hacked

When hackers expose flaws in products, a company’s share price can fall, and traders are getting wise to the pattern.

The next big way to make money might be short-selling the stock of a company that you believe to have a security flaw.

It’s certainly what Carson Block, the founder of research firm Muddy Waters, tried to do when he issued a report announcing that he was shorting shares of the medical device manufacturer St. Jude. He claimed that the company’s pacemakers and defibrillators could be easily hacked—perhaps with fatal consequences.

The move was the result of research conducted by a security firm called MedSec Holdings. Block shorted stock in the company based on the assumption that public knowledge of such a vulnerability would cause the St. Jude share price to fall. It did.

It’s actually unclear whether the claims made by MedSec and Block are totally accurate. St. Jude has called them “false and misleading," while University of Michigan medical device security expert Kevin Fu has also questioned their accuracy.

But facts alone do not shape the financial markets.

So markets moved, while financial experts rushed to speak with medical device cybersecurity consultants and find out if the reports were accurate. Jonathan Butts, one such consultant, told Bloomberg that the situation “is almost like The Big Short—someone saw something that nobody else did."

In fact, also much like The Big Short, this kind of trade is “entirely novel,” according to the Bloomberg piece, and it might have some fairly profound ramifications in the future.

Financial markets can shift quickly, and it’s not clear that analysts at banks are particularly well-placed to determine the veracity of these kinds of security claims. Wall Street, then, may potentially look to identify new expertise to help them move faster in such situations.

Hackers may be able to get in on the profits, too. Rather than quietly announcing vulnerabilities online or at conferences, many security experts might be tempted to follow MedSec in sharing their discoveries with traders. It could be worth their while—though it may add insult to injury for the companies that are affected.

(Read more: Bloomberg, Business Insider, Reuters)