1 / 31

Stealing Profits from Stock Market Spammers

Stealing Profits from Stock Market Spammers. How I learned to Stop Worrying and Love the Spam. DEFCON 17 ( 2009 ) Grant Jordan, Massachusetts Institute of Technology, MA Kyle Vogt, Massachusetts Institute of Technology, MA. Agenda. About this research… Assumption Some essentials

nell
Download Presentation

Stealing Profits from Stock Market Spammers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Stealing Profits from Stock Market Spammers How I learned to Stop Worrying and Love the Spam DEFCON 17 ( 2009 ) Grant Jordan, Massachusetts Institute of Technology, MA Kyle Vogt, Massachusetts Institute of Technology, MA

  2. Agenda • About this research… • Assumption • Some essentials • What we did? • Conclusion

  3. About this research… • It’s all from researchers’ point • Differ from any other research that based on spam text analysis • How they come up with this?

  4. About this research… (cont.) • It’s all from researchers’ point • Differ from any other research that based on spam text analysis • How they come up with this? • Fig. 1: The epochal stock spam

  5. Assumption

  6. Assumption (cont.) • Lots of guesses

  7. Assumption (cont.) • Lots of guesses • Lots of hypotheses

  8. Assumption (cont.) • Lots of guesses • Lots of hypotheses • But of course, some economic theory

  9. Some essentials Fig. 2: The supply and demand curve

  10. Some essentials (cont.) • But everyone get the spam • What is this spam trying to do? • Send spam • ??? • Get profits • Fig. 2: The supply and demand curve

  11. Some essentials (cont.) Fig. 3: How spammer get profits step 1

  12. Some essentials (cont.) Fig. 4: How spammer get profits step 2

  13. Some essentials (cont.) Fig. 5: How spammer get profits step 3

  14. Some essentials (cont.) Fig. 6: How spammer get profits step 4

  15. Some essentials (cont.) Fig. 7: How spammer get profits step 5

  16. Some essentials (cont.) Fig. 8: How spammer get profits step 6

  17. Some essentials (cont.) Fig. 9: How spammer get profits step 7

  18. Some essentials (cont.) • What kind of stocks are these? • Penny stocks • Over The Counter (OTC) • Not traded on a major exchange • Thinly Traded: Near zero volume most days • High Volatility: Since price is so low (often $1/share), even small changes in price can produce huge % change

  19. Some essentials (cont.) • However, who is dumb enough to trust those spam?

  20. Some essentials (cont.) • However, who is dumb enough to trust those spam? • There are many idiots indeed… • Fig. 10: Evidence of such spam work 1 • Fig. 11: Evidence of such spam work 2

  21. What we did? • Numerous researchers claimed that by Fall 2006, stock spam was dead • But they are wrong!

  22. What we did? (cont.) • Numerous researchers claimed that by Fall 2006, stock spam was dead • But they are wrong! • Because all previous works are based on text-analysis • About 2006, almost 100% of stock spam are graphs • So? How could we analyze those graphs?

  23. What we did? (cont.) Fig. 12: It's easy to sort them by hands

  24. What we did? (cont.) • When you’re looking at every email with your own eyes, it’s easy… • Our data • 14 weeks • More than 50,000 spam emails • 12,168 stock spam • Information extracted from them • Previous results • Relative botnet power • Identify spammer’s unique signature

  25. What we did? (cont.) Fig. 14: Spam size of SRRL Fig. 13: Stock spam of SRRL

  26. What we did? (cont.) Fig. 16: Spam size of MRPG Fig. 15: Stock spam of MRPG

  27. What we did? (cont.) • Jordan-Vogt method • Sort week’s worth of spam by ticker symbol • Identify spammer by email style • Compare each spammer’s past results • Identify top spammer • When first email from top spammer arrives… buy the stock • Sell out • To sum up, choose the successful spammer; when the best spammer sends out his first email about a stock, we know to buy

  28. What we did? (cont.) Fig. 17: Buy it when got first spam from the best spammer

  29. Conclusion • Did it work? • Yes • Method worked for a few weeks

  30. Conclusion (cont.) • Did it work? • Yes, and No! • Method worked for a few weeks, but… • The best spammer had a bad week (lost ~$2M) then disappeared • Major botnet takedowns (?) • Major SEC crackdown (“Operation Spamalot”) • Suspended trading on 35 stocks • Indicted two men in Texas for securities fraud. Eventual $3.8M settlement • Because an SEC attorney was getting the spam

  31. Conclusion (cont.) • Could it work again? • Maybe • Spam goes in cycles… botnet come and go… • Fig. 18: Recent spam in April 2009

More Related