Publicly listed companies operating in developed equity markets face a potential threat of becoming targeted by a specialised short-seller. The activity of short-selling is a very old practice which, in its most basic form, is based on borrowing the stock from an actual shareholder, selling it in the market with a hope of buying it back later at a lower price and returning to the lender.

Short-seller makes a profit if the sale price exceeds the purchase price (i.e. sell high – buy low). The necessary condition for the trade to be successful is the stock price to decline after the short-seller sells it in the market. That in turn requires some new negative information about the company to emerge and push down the price of its shares. This article first discusses the evolving nature of short sellers and then moves on to conceptualise the emerging model of hacktivist shorts.

Though the analysis is made form short-selling perspective its logic can be largely applied to a strategy seeking to inflict damage on the targeted company for strategic rather than financial reasons. Naturally one does not exclude the other. The attack may for example be driven by political rationale but still be executed in a way to financially benefit the perpetrator.

Gentleman Short Seller

The Gentleman Short Seller (GS) gets an honorary mention. It represents the most conventional and least adversarial type of short-seller. The GS analyses the target company to identify a significant negative issue related to its operations which is not recognised by the market, sells its shares short, and then quietly waits for the market to recognise the problem.

The short-seller does not undertake any active public measures to catalyse the negative price reaction (hence being a gentleman). The problem with the GS model is that the market may never notice the problem or notice but fail to produce a satisfactory reaction.

Activist Short Seller

The next step on the adversarial ladder, and short seller evolution path, is represented by the activist short sellers (AS). These actors take an active and often very aggressive approach to targeted companies. After establishing a short-position the AS commences a vigorous information campaign letting the market (and other relevant stakeholders such as the regulator, target’s board) know about the identified problem. This is typically supported by a long in-depth report produced by the AS which covers the details of short selling logic.

The activist campaign, if successful, may catalyse the price decline driven by several factors. First, investors may be genuinely convinced by the AS’ logic. Second, some investors with “weaker hands” may simply sell the stock just to be on a safe side. The impact might be amplified, especially in the short-term by growing presence of text mining trading algorithms which may start executing sell orders after spotting certain key terms (e.g. fraud, impairment) in the news-feed related to the targeted company.

The AS model is exemplified by the Muddy Waters Research LLC. The company has made its name by uncovering fraud at Sino-Forrest, a Canadian-listed Chinese company which eventually ended up in bankruptcy.

The key drawback of the AS model is its openness. The short-seller may face a fierce backlash (e.g. aggressive litigation) from the target (or more precisely the group whose economic interests were negatively affected by the campaign), may be subject to regulatory scrutiny and possibly charged with an attempt at market manipulation, or even experience physical threats.

Anonymous Activist Short Seller

The drawback of operating in an overt fashion resulted in emergence of an Anonymous Activist Short Seller (A2S) model. In such format the short-seller can in principle execute the basic activist campaign while hiding behind a protective veil of anonymity which increases both its security and flexibility. Anonymity might be achieved by operating in a completely informal fashion (i.e. through virtual presence with no actual legal entity being incorporated) or through business operations structured in a way guaranteeing high degree of privacy for the founders.

In principle the modus operandi of an A2S is very much in-line with the AS. The main advantage is the immunity to potential backlash from the target and other parties. It also provides the short-seller with more leeway to engage in a more aggressive, or possibly even illegal, tactics against the target.

However this comes at a price of reduced credibility. Investors, especially the large institutional ones, may be wary of heeding the advice of an anonymous outlet, not to mention engaging in direct communication out of the fear of being complicit in an attempt at market manipulation. Key aspects of the A2S model can be illustrated by e.g.: Iceberg Research and Emerson Analytics.

Hacktivist Short Seller (HS)

Hacktivist Short Seller (HS) represents the most deadly and advanced stage in the evolution of short-sellers. The model can be conceptualised as a hybrid of A2D and a hacking collective. The HS operates in an anonymous fashion but with established virtual presence. It typically performs a thorough fundamental research to produce a detailed investment thesis about the targeted company and then conducts an activist campaign in the media to push its argument across to the investment community.

What sets the HS apart is the character of information on which the investment thesis in built and methods used to acquire it. GS, AS and A2S typically rely in their intelligence collection process on open sources. At times, to gain an extra edge, some more invasive and controversial data collection techniques may be implemented such as e.g. dumpster diving. However by and large the investment thesis is built based on the information which is publicly available.

HS seek to build an edge specifically by trying to access the information which is not public. The threat actor uses its expertise to breach company’s electronic perimeter (naturally attacks may also be conducted against other targets which may contain relevant target-specific data). This gives the HS a unique advantage as the investment thesis is likely to be entirely or to a large extent built on a genuinely sensitive information capable of putting a great pressure on target’s share price.

Public release of the acquired information may result in a multi-pronged impact on the target. It may reveal significant deficiencies and/or wrongdoings related to target’s business operations e.g.: evidence of fraud, examples of gross mismanagement, data showing failed tests of key new product. The HS may also reveal an information which is not directly related to the key tenet of the investment thesis but nevertheless has negative impact on target’s operations e.g.: personally compromising private correspondence of senior managers, selected disclosure of specific compensation arrangements, indications of controversial practices. Finally, the very fact of data breach taking place can be used against the target. It may result in company being subject to litigation, regulatory fines, and loss of trust from clients and business partners.

The HS model combines most advantages of other short-selling models described above while avoiding many of their weaknesses. It compensates for potential loss of credibility due to anonymous mode of operations by the ability to build investment thesis based on high-impact sensitive information which can result in significant and lasting damage to the target. At the same time the HS may conduct an aggressive activist campaign to push its message through to investors in the same fashion as an A2S would.

A fully-fledged HS model remains still at conceptual stage. However some real life examples illustrating some of its key aspects already exists. One of them is the Anonymous Analytics (AA) – the “investment advisory arm” of the international hacker network the Anonymous. The AA has an established Internet presence and a multi-year track record of targeting companies. It has been focusing mostly on Chinese companies but its operations targeted also American businesses (e.g. Western Union, Corrections Corporation). Arguably the AA represents the best currently existing illustration of what a potential HS may look like.

Another real-life example illustrating specific aspect of HS model is the case of St. Jude’s Medical Inc. A team of hackers working for a cyber-security company MedSec discovered that some models of the medical equipment made by St. Jude had security vulnerabilities. After identifying the issue the hackers contacted the activist short seller (Muddy Waters Capital LLC) with a business proposal of monetising the discovery via a short-selling campaign.

Both examples can be used as a proof of concept and a starting point to speculate about how a developed HS model may look like in the future. One can imagine that its operations might be conducted in much more adversarial fashion with stolen information being used be used to inflict maximum punishment on the targeted company.

If the model proves profitable it may become implemented on a broader scale by sophisticated organised crime groups. The development of the HS model will be supported by growing digitisation of the global economy which continues to increase potential attack surface. It will also benefit from the tumultuous changes experienced by the financial industry which result in many professionals with specialist investment research skills being under- or unemployed. Such people may provide a great recruitment pool for entrepreneurial criminals seeking to source financial talent to cooperate with the hacking talent to join ranks in a profitable venture.