Zombie Stocks and Cybercrime

Hong Kong zombie stocks are on the rise, and thanks to hackers they’ve never been more dangerous. Confused? Don’t worry, we will explain.

In all stories involving zombies, the threat begins when a virus turns someone who should be dead into a walking carrier of the virus. The carrier spreads the virus when it tries to eat other people, and before you know it you have a worldwide infection. Usually, the day is saved when a rugged but handsome hero leads a small band of survivors out of danger, but have you ever wondered what would happen if every person on earth was infected? A simple answer is there would be no food for the zombies, they would fall apart, and the virus would die with them.

When a group of criminals pull off a stock pump and dump scheme, they essentially introduce a zombie virus. In most cases, a pump and dump scheme begins when a stock broker finds a penny stock (a small and rarely traded stock that has little public information) and begins selling it as if it was going to jump through the roof. They’ll claim they have insider information or even pull fake news stories to convince the person on the other end of the line to invest in it. Once the fraudulent brokers do convince a few people to invest though, the stock actually starts to look like it’s going up, and the bad brokers have more ammo to convince people to invest with. Like a zombie virus, the stock spreads and grows, infecting minds and eating people’s hard earned money. But remember how a zombie population would collapse if there were no more people for them to infect? The same thing happens here. After they’ve raised enough money the original fraudsters quit feeding people fake information about the stock, sell their shares and run with the money people invested. The stock collapses and the poor people who invested in it learn that it was never valuable to begin with. (This is how Jordan Belfort gets started in The Wolf of Wall Street)

But hackers in Hong Kong are expediting the process thanks to compromised brokerage accounts. Just like a regular pump and dump scheme, the hackers are investing in penny stocks, but instead of enlisting unsuspecting victims to also invest, they’re simply ordering fraudulent trades and running with the money earned before the trades can be canceled. Even though the amount of money being stolen is relatively small, $20 million in 2016, the number of breaches in 2016 was triple the amount in 2015, and Hong Kong authorities are struggling to fight the hacks because of a general lack of cybersecurity and few regulations to make organizations more secure.

For example, simple two-factor authentication (2FA) would be a huge roadblock for hackers, but it is not common enough in Hong Kong to do so. Authorities believe that the majority of the breaches are due to stolen or guessed passwords. 2FA would be a major hurdle to this method because it would require the person trying to access an account to have another form of identification. The second identification token can be as simple as a PIN number or as complex a fingerprint or eye scanner, but it doesn’t matter what it is as long as it slows down hackers.

2FA is so effective that in the United States anyone who handles medical records is practically forced to use it. But even if you and your company don’t handle any medical records or are in no way threatened by the Hong Kong zombie stocks, 2FA is a simple form of security that could be the difference between a debilitating hack and a calm day at the office.