5 min read

Frequency Analysis #9: Casinos, IPOs and hacking woes

Sorry for the delay this week. I had an infection and getting out the piece on risk aversion (please do read it and let me know what you think!) was about all I could handle. Still, it has been a massive week for risk news, so I have been stockpiling some great updates for you. As Livy said 2050 years ago, better late than never!


The break-away region Nagoro-Karabakh in the south Caucuses experienced war between Azerbaijan and Armenia as recently as 2020, and last week Azeri forced attempted to gain ground in a fresh offensive that was quickly halted with the intervention of Russian forces. The region's local leader of the Armenian ethnic group, living inside the Azerbaijani border, has criticized his Russian protectors. It's always a tenuous position when you are more suspicious of your friends than your enemies. At least you can be sure about the motive and goal of your enemies.

In other tension between allies, Poland, which has been a staunch supporter of Ukraine, is withholding weapons shipments due a conflict over grain imports. Grain is a critical export for Ukraine and an important source of revenue. With the Black Sea bottled up by threat of Russian attacks, westward land shipments are one of the few ways Ukraine can export grain. Places like Africa and the Middle East rely this Ukrainian grain to avoid famine. Poland's internal politics appear to be playing a role as Polish farmers would prefer higher prices for their output, and rerouting Ukrainian wheat through the Polish market may have a detrimental effect on their prices.

On the other side of the continent, the United States is balancing South Korean and Japanese interests in the U.S. vs China space race. South Korea and Japan have an uncomfortable history, with repeated invasions and subjection of the peninsula by the former island empire. With South Korea's rapid rise in wealth and power, they are now a peer of Japan's and one of America's closest allies in the region. Japan's own alliance with the U.S. is one of the strongest in the world, which puts South Korea and Japan in an awkward alliance of their own, mediated by a love triangle with the U.S. Now Japan has it's own American space base, after South Korea began using an old air base from the Cold War as a space facility in late 2022.

Speaking of the Korean peninsula, the FBI recently blamed North Korea for the $41M hack of Stake.com an online casino. Casinos have been the target of a major hacking spree all summer. This hack, however, is more in line with the North Korean tradition of attacking cryptocurrency wallets, a strategy that has already netted them $200M in 2023 alone. One of the strengths of cryptocurrency is collapsing the abstractions of finance and technology into one form. No humans in the loop, faster transfers, less bureaucracy, all fintech innovations that emerged out of a desire for a world without permissions from centralized authorities. Unfortunately, those centralized authorities often provide security and extra-legal dispute resolution as well. It would have been good to figure this out and develop technologies to replace those features before, but the next best time is now.


Another time that has come is the time for testing the IPO window. With Arm's IPO the week before and Instacart and Klayvio this past week, it's clear that some investors have no choice but to get liquid through public markets, however unattractive that prospect might be. Still, companies like Amazon and LoudCloud (of Marc Andreessen and Ben Horowitz) turned to public markets under less than ideal conditions. So, again, better late than never.

On the private acquisition and fundraising side there's a whole slew of news as companies try to forestall the fate of an IPO in a skeptical market. The biggest story is Cisco acquiring Splunk for $28B. Cisco has been chasing Splunk for a number of years, so it's not unexpected, but the choice of banker is a bit of a curveball. People are speculating that the acquisition is all about AI and the massive reams of data Splunk ingests, but that feels a bit like fitting the deal into today's narrative. More realistically, anytime you hear customer complain about pricing, you know that means there's pricing power, otherwise, they would just switch. So Cisco is basically betting that Splunk has even more room to raise prices, especially at the high end.

For a couple of very different types of transactions, look at Palo Alto acquiring Talon, a startup that created a secure enterprise browser, and Crowdstrike acquiring Bionic, a CNAPP (cloud-native application protection platform). Crowdstrike, the leader in endpoint protection enabled by the cloud, is expanding to application security through the cloud. Both acquisitions feel like opportunistic strategies that are scooping up talent and adjacent technologies more than customers, but time will tell. On the venture side, industrial security firm Dragos and AI security startup Hidden Layer both raised in the double digit millions (disclaimer my previous employer is a Dragos investor). These firms are at opposite ends of the maturity spectrum, and raising at very different valuations, but both trying to extend 12-18 months of runway. Take from that what you will.

Finally, here's a fun piece looking back at risk management by one of the leaders at LTCM, the famed hedge fund that imploded in 1998. After 25 years, it's nice to get a public glimpse at some introspection, but blaming the decision to return capital to investors rather than a strategy that ignored tail risk, doesn't strike me as the correct final assessment. This could be the exception that proves the rule and maybe never is better than late in this case.


Some technology risks are more catastrophic than others. While attacks on casinos and cryptocurrency wallets are lucrative and get a lot of attention, the scarier attacks are the ones that are closer to cyberwar than cybercrime. These attacks often target critical infrastructure, such as the power supply. A Chinese hacking group, named by RedFly by U.S. researchers, has been busy breaking into power grid networks in India and now an undisclosed Asian country. Despite no evidence that the threat group intended cause any cyber-physical damage, the breach is very worrying for two reasons. First, targeting highly sensitive infrastructure is a signal of greater risk appetite and second, because much cyber-physical infrastructure is not designed to be secure in response to malicious misuse.

Here's a great interview from Dale Peterson of the S4 conference, with Ukrainian cyber-physical expert Marina Krotofil explaining a lot of the underlying issues. You can check out the full white paper in all its gory detail here. Marina's uses her extensive knowledge of control engineering and cybersecurity to demonstrate that while these systems may not have been designed to be internet connected and secure, there are limits imposed by physics to what an attack can achieve. This means planning an effective cyber-physical attack often requires access to more obscure configurations, devices and protocols. In other words, only a determined and well resourced adversary would be capable of such an attack. Overreacting and defending critical infrastructure as you might a cryptocurrency wallet would do more harm than good. In this case, an attack is better late and never.

The U.S. has, for its part, been more noisy about its government hacking programs lately. China has gone public with claims that the NSA hacked the corporate networks of Huawei. The revelations are neither terribly surprising nor that new (the Snowden leaks suggested as much). What is interesting is the decision by Chinese leadership to admit to the breach and blame the U.S. rather than the usual policy of burying it.

On the heels of these events, the Pentagon published its Cyber Strategy 2023, which includes a fair amount of "defend forward" the government's phrase for disrupting adversary cyber infrastructure, of which Huawei is likely the top target in China. In addition to a more aggressive and public cyber stance, the strategy also highlights the DoD's efforts to coordinate with allies, particularly NATO and Asian countries that wish to counter Russia and China respectively.