The Death of Money (6 page)

As it was, the day came and went, and the day after that, and there was no news of
any terrorist threat. The signal started to look like a false positive.

On the third day after the signal, Thursday, August 10, I was writing in my library
at two a.m., not an unusual hour for me to work. A small television on a bookshelf
a few feet from my desk was tuned to CNN with the sound muted. I glanced over and
noticed a breaking news scroll across the bottom of the screen, together with images
of London bobbies taking suspects into detention and exiting buildings with boxes
of documents and computers. The scroll said that a terrorist plot to blow up airplanes
was being taken down by New Scotland Yard.

I quickly turned up the sound to take in the few details that were available. It was
daylight in London, and the takedown of the planes operation had been proceeding for
some time and was now being widely reported. It became apparent that the plot involved
transatlantic airlines flying from London to the United States and targeted those
with the most American citizens likely to be aboard. American Airlines was a prime
target, although apparently a large number of planes had been threatened.

I knew Chris was a night owl like me, and despite the hour, I called her at home.
She was awake. “Chris,” I quickly said, “turn on your TV—you won’t believe what’s
going on.” She did and grasped the significance immediately. A terrorist plot to bomb
American Airlines was being broken up less than seventy-two hours after we had detected
the insider trading on AMR shares. Making it all the more spooky, we realized that
the plot was unfolding in exactly the time frame that our behavioral modeling had
estimated.

Of course, our signal had had nothing to do with foiling the plot. British intelligence
agencies MI5 and MI6, with help from the CIA and the ISI, the Pakistani intelligence
service, had had the plot under
surveillance for months. President Bush was briefed on the plot at his ranch in Crawford,
Texas, on August 5. On August 9 the plot mastermind, Rashid Rauf, was arrested in
Pakistan. Rauf escaped prison in 2007 and was believed killed in a 2008 CIA drone
attack, although reports of his death are disputed by some to this day.

The terrorists sent an encrypted “go” signal to commence the operation on August 6.
This message was intercepted by MI6 and relayed to Eliza Manningham-Buller, the head
of MI5. It was this go signal that led MI5 and New Scotland Yard to commence the arrests
we watched on CNN on August 10.

Just as Chris and I did not know of plot details in advance, the plotters did not
know they were about to be arrested. Instead, one of the terrorist associates in the
London social network woke up on Monday, August 7, and started the trading in American
Airlines that snowballed into the highly unusual pattern that had triggered the red
light on our threat board. Someone had been betting on a sure thing, exactly as our
behavioral modeling had predicted.

The fact that our signal engine had generated a warning, loud and clear
and
ahead of the U.K. planes plot, soon attracted attention from the highest levels of
the U.S. intelligence community. On February 2, 2007, I received an e-mail from Randy
Tauss saying the CIA’s executive director, Mike Morell, wanted to see Chris and me
to discuss the signal engine and the status of MARKINT. The meeting would take place
on February 14, which gave us time to prepare the briefing.

Morell had been with the CIA since 1980 and had a storied career. He was most famous
for having been at George Bush’s side during 9/11 as the president hopped around the
country in Air Force One while Dick Cheney, George Tenet, and others manned the command
centers in Washington and Langley. Morell was also with President Obama in May 2011
monitoring the operation that killed Osama bin Laden. He twice served as acting director
of Central Intelligence, including a stint after the abrupt resignation of David Petraeus
in 2012, before retiring from the agency in 2013.

At the time of our meeting in 2007, Morell reported to Director Michael Hayden. Other
senior intelligence officials had been invited to join our MARKINT briefing in Morell’s
office. This would be the highest-ranking audience the project had ever received.

Randy’s e-mail also noted that someone from the CIA general counsel’s office would
attend. There was no doubt that our project had legal issues, including privacy concerns,
and full implementation would require coordination with the FBI, since the CIA was
not a domestic law enforcement agency. We had spent an enormous amount of time on
these issues and knew how sensitive they were. Still, it was not obvious why Morell
wanted his lawyers on hand for a preliminary briefing on a new counterterrorist system.

Morell’s office was capacious by CIA standards, with bright windows, a large desk
near the back wall, and a meeting table just inside the door. A ubiquitous feature
of Washington offices is framed photographs of the occupant together with powerful
figures. Morell had his, but these were different. Instead of the typical two-shot
taken at a name-tag event, Morell had large, somber black-and-white photos of himself
in the Oval Office with the president leaning over documents in intense discussion,
possibly taken during the President’s Daily Brief, in which the most sensitive and
highly classified information in the world is imparted. If these were meant to impress
the visitor, they worked.

Chris, Randy, and I took our seats at the meeting table. The other senior officials
were already there, and Morell got up from his desk to join the group. The atmosphere
was cordial but businesslike, even intense. Chris and Randy briefed the group on the
history of Project Prophesy and the signal engine capabilities. As the only lawyer
on the MARKINT team, my job was to summarize the legal authority for our efforts and
the privacy safeguards in place.

A few minutes into my presentation, the agency’s counsel interrupted and said, “Look,
we’re concerned about what you guys are doing. You’re going through trading records
and making referrals to the SEC. CIA is not a law enforcement agency. We’re not comfortable
with that.”

I countered that we did not use individual trading records but relied entirely on
open-source market price feeds available to everyone; I told them it was not much
different than watching TV. As for the SEC referrals, I said we were just being responsible
citizens and could stop completely if the agency wanted. The SEC was building similar
systems of its own and would not depend on us in the future anyway. Counsel’s concerns
seemed like red herrings.

Then Morell leaned forward. “What we’re concerned about here is perception,” he said.
“You guys may be doing everything right, but
The New York Times
could spin this as ‘CIA trolls through Americans’ 401(k)’s.’ That is not a risk we
should take right now.”

Morell’s concern was far from imaginary.
The New York Times
had already compromised national security by revealing intelligence community access
to banking transactions in the SWIFT payments system in Belgium. SWIFT is the nerve
center of international banking and had been a rich source of information about terrorist
finance. The
Times
story had sent terrorist financiers underground to word-of-mouth networks called
hawala
and phony front companies.

The CIA was also in the midst of a news frenzy about enhanced interrogation techniques
such as waterboarding. The last thing it needed was another media black eye, even
if our program was effective and legal.

In fact, Morell’s instincts proved prophetic. On November 14, 2013,
The Wall Street Journal
actually did run a headline that said
“CIA’s Financial Spying Bags Data on Americans.” But coming as it did in the midst
of a wave of similar revelations by defector Edward Snowden, this disclosure went
almost unnoticed.

I told Morell that we would end our SEC referrals, and I offered to provide him with
the technical specifications needed to assure the agency that the information we used
was open source and involved no individuals. He thanked me, and with that the meeting
was over. Only later did I realize that MARKINT, at least as far as the CIA was concerned,
had just become a dead letter.

Near the beginning of Project Prophesy, I remarked to Randy Tauss that the team was
doing extraordinary work and a counterterrorist system that could prevent spectacular
attacks seemed within reach. Randy, the thirty-three-year veteran, smiled and said,
“Jim, let me tell you how things work around here. We’ll do a great job, and this
thing will work like a charm. Then it will go nowhere and be put on a shelf. One day
there will be a spectacular attack, and it will be apparent there was advance insider
trading. The agency will pull our work from the shelf, dust it off, and say, ‘See,
we have the solution right here. We have a system that can detect this next time.’
That system will get millions in funding and be built the way we wanted. But it will
be too late to save lives in the next attack.”

Sadly, Randy’s words proved prescient. Sure enough, MARKINT was put on the shelf.
But we still felt that the signal engine had a valuable role to play, even without
the CIA as a home. If the civilian agencies had scant interest, we still had one friend
at court—the Department of Defense. The Pentagon had the greatest resources, the fewest
operational constraints, and the most forward-leaning mind-set. The ranks of senior
military officers are filled with engineers, Ph.D.’s, and many more experts with graduate-level
degrees in history, languages, and strategy. After all, this is the branch of government
that can claim credit for the Defense Advance Research Projects Agency (DARPA), which
invented the systems that led to the Internet and World Wide Web.

As it happened, our contacts with the Pentagon developed in 2007 and 2008 at exactly
the time the civilian intelligence community was backing away from our efforts. But
to grow this relationship, MARKINT itself had to evolve. Chris Ray and I were aware,
from the early stages, that MARKINT was not just a counterterrorist tool. If it could
detect terrorist footprints in capital markets, why couldn’t it also be deployed to
monitor the marketplace actions of dictators, strategic rivals, and other state actors?
All we needed to do was calibrate the signal engine to focus on specially tailored
target sets of securities.

With this broader mission in mind, Chris and I began looking for other phenomena besides
insider stock trading. One that we identified was Venezuela’s conversion of its dollar
reserves into gold; it presaged Hugo Chávez’s war on the dollar and his later demand
that Venezuela’s gold be repatriated from vaults in London.

We got a chance to show our system to a military audience in December 2007, when we
presented the MARKINT signal engine to the U.S. Strategic Command (STRATCOM) in Omaha,
Nebraska. Participants at that meeting included civilian scientists in addition to
uniformed military. We demonstrated how the system could be used for early warning
of attacks on the U.S. dollar and on efforts to crash U.S. markets.

Suddenly the technology was seen in a new light. We weren’t alone, of course, but
we were seeing the future of warfare: not wars with kinetic weapons, but wars fought
on an unrestricted battlefield that included chemical and biological weapons, cyberweapons,
and in our case, financial weapons.

It was becoming apparent to the Pentagon that U.S. dominance in conventional air,
land, and sea battle had caused our rivals to seek new ways to confront us. Future
wars would be fought in an expanded battlespace that included stocks, bonds, currencies,
commodities, and derivatives. Our signal engine was the perfect early warning device.

Remember the truism
No one trades alone
. For every buyer, there is a seller. If one side of a trade is a threat to national
security, it leaves a trace that the enemy did not intend. The enemy trader is like
a fish swimming in the water; it leaves ripples. Even if the fish is invisible, the
ripples can be seen, and the presence of the fish inferred. The forward-thinkers at
that meeting in Omaha recognized that our signal engine could detect the ripples,
that we had devised the perfect early warning device.

MARKINT would have a future after all. It would be not the narrow counterterrorist
tool we had set out to create, but rather a broad-based system, a sort of radar for
the marketplace that was designed to detect incoming financial threats. MARKINT had
grown up. Our team and technology had now entered the new, larger arena of financial
war.

THE WAR GOD’S FACE

If it’s . . . possible to start a war in a computer room or a stock exchange that
will send an enemy country to its doom, then is there non-battlespace anywhere? . . .
If [a] young lad setting out with his orders should ask today, “Where is the battlefield?”
the answer would be, “Everywhere.”

Colonel Qiao Liang and Colonel Wang Xiangsui

People’s Liberation Army, China

1999

Now our enemies are also seeking the ability to sabotage our . . . financial institutions. . . .
We cannot look back years from now and wonder why we did nothing in the face of real
threats to our security and our economy.

President Barack Obama

February 12, 2013

■
Future War

One purpose of war is to degrade the enemy’s will and economic capacity. Surprising
as it may sound, wealth destruction through a market attack can be more effective
than sinking enemy ships, when it comes to disabling an opponent. Financial war is
the future of warfare, and no one works harder to see the future than senior Defense
Department official Andy Marshall.

Seated at a table in a secure Pentagon conference room on a rainy fall morning in
September 2012, Marshall moved forward in his chair. Around the table were three prominent
investment managers, three SEC
officials, and several think-tank experts, along with members of Marshall’s staff.
Our carefully selected group was there to discuss financial war.

“That’s interesting,” Marshall said. What prompted his comment, after an hour of complete
silence on his part, was our discussion of China’s stockpiling of gold and its possible
use as a financial weapon in undermining the dollar’s exchange value.

Andy Marshall is called “Mr. Marshall” even by associates as a sign of respect, and
at ninety-two years of age, he has earned the deference. His official title is Director
of the Office of Net Assessment in the Office of the Secretary of Defense. Unofficially
he is the Pentagon’s chief futurist, the man responsible for looking over the horizon
and assessing threats to U.S. national security long before others even know they
exist. Marshall has held this position since 1973, through eight presidential administrations.

His involvement in national security strategy goes back even further, to 1949, when
he joined the RAND Corporation, the original think tank. The list of his former associates
and protégés includes Herman Kahn, James Schlesinger, Don Rumsfeld, Dick Cheney, Paul
Wolfowitz, and other giants of national security policy over eight decades. Only the
late Paul Nitze is comparable to Marshall in terms of the depth and breadth of his
influence on strategic affairs in the period since World War II.

If Marshall is less known to the general public than the figures to whom he is compared,
that is quite by design. He almost never gives interviews or speeches; nor does he
appear in public, and his writings are mostly classified. In a meeting, he has a sphinxlike
demeanor, listening for long periods in complete silence, occasionally uttering a
few words that show he has absorbed everything and is now thinking three moves ahead.

While most Americans have not heard of Andy Marshall, the Chinese military have. Marshall
was a leading theorist of the late twentieth-century “revolution in military affairs”
or RMA, which presaged radical changes in weaponry and strategy based on massive computing
power. Precision-guided munitions, cruise missiles, and drones are all part of RMA.
People’s Liberation Army general Chen Zhou, the principal author of several recent
Chinese strategic white papers, told
The Economist
,
“
We studied RMA exhaustively. Our great hero was Andy Marshall in the Pentagon. . . .
We translated every word he wrote.”

Marshall is no stranger to potential confrontation with China. In fact, he is the
principal architect of the main U.S. battle plan for war with China in the western
Pacific.
This classified plan, called “Air-Sea Battle,” involves blinding China’s surveillance
capabilities and precision missiles, followed up with massive air power and naval
attacks.

On this occasion, Marshall was not being briefed on kinetic weapons or air-sea tactics.
He was hearing about sovereign wealth funds, stealth gold acquisition, and potential
threats to national security caused by U.S. Federal Reserve policy.

China has over $3 trillion of investments denominated in U.S. dollars, and every 10
percent devaluation in the dollar engineered by the Fed represents a $300 billion
real wealth transfer from China to the United States. It is not clear how long China
will tolerate this raid on its accumulated wealth. If China were not able to defeat
the United States in the air or on the sea, it could attack through capital markets.

The threats discussed with Andy Marshall that day were entirely consistent with Chinese
military doctrine. Unrestricted warfare doctrine, including financial war and cyberwarfare,
has roots as far back as 1995. That year Major General Wang Pufeng, former director
of strategy at Beijing’s Military Science Academy, published a paper called “The Challenge
of Information Warfare.” After paying tribute to Andy Marshall in the paper’s opening
lines, Wang went on to write:

In the near future, information warfare will control the form and future of war. We
recognize this developmental trend of information warfare and see it as a driving
force in the modernization of China’s military and combat readiness. This trend will
be highly critical to achieving victory in future wars.

The People’s Liberation Army of China made this doctrine even more explicit in a 1999
book entitled
Unrestricted Warfare
. Unrestricted warfare tactics include numerous ways of attacking an enemy without
using kinetic weapons such as missiles, bombs, or torpedoes. Such tactics include
the use of weapons of mass destruction that disperse biological,
chemical, or radiological elements to cause civilian casualties, and terrorize populations.
Other examples of unrestricted warfare include cyberattacks that can ground aviation,
open floodgates, cause blackouts, and shut down the Internet.

Recently, financial attacks have been added to the list of asymmetric threats first
articulated by Wang and others.
Unrestricted Warfare
spells this out in a chapter called “The War God’s Face Has Become Indistinct.”
It was written not long after the 1997 Asian financial crisis, which cascaded into
the global financial panic of 1998. Much of the distress in Asia was caused by Western
bankers suddenly pulling hot money out of banks in emerging Asian markets; the distress
was compounded by bad economic advice from the Western-dominated IMF. From an Asian
perspective, the entire debacle looked like a Western plot to destabilize their economies.
The instability was real enough, with riots and bloodshed from Indonesia to South
Korea. The ill will escalated to the point of name-calling between Malaysian prime
minister Mahathir Mohamad and hedge fund maven George Soros in an infamous confrontation
at the IMF annual meeting in Hong Kong in September 1997.

The Chinese were less affected than other Asian nations by the panic, but they studied
the situation and began to see how banks, working in conjunction with the IMF, could
undermine civil society and possibly force regime change. One of their responses to
the crisis was to accumulate massive dollar reserves so they would not be vulnerable
to a sudden “run on the bank” by Western lenders. The other response was to develop
a doctrine of financial war. The lessons of the 1997–98 crisis were summarized by
two Chinese military leaders in a passage both poetic and prophetic:

Economic prosperity that once excited the constant admiration of the Western world
changed to a depression, like the leaves of a tree that are blown away in a single
night by the autumn wind. . . . What is more, such a defeat on the economic front
precipitates a near collapse of the social and political order.

The Chinese are ahead of us: their doctrine of strategic financial warfare emerged
in 1999 in response to the 1997 Asian financial shock. In
comparison, U.S. thinking about financial warfare did not take recognizable shape
until ten years later, in 2009, in response to an even bigger shock, the global financial
panic of 2008. By 2012, both China and the United States had engaged in extensive
efforts to develop strategic and tactical financial warfare doctrines. It was in this
context that our group was summoned to brief Andy Marshall and his team on the emerging
threat.

*  *  *

Financial warfare has both offensive and defensive aspects. Offense includes malicious
attacks on an enemy’s financial markets designed to disrupt trading and destroy wealth.
Defense involves early detection of an attack and rapid response, such as closing
markets or interdicting enemy message traffic. Offense can consist of either first-strike
disruption or second-strike retaliation. In game theory, offense and defense converge,
since second-strike retaliation can be sufficiently destructive to deter first-strike
attacks. This line of reasoning was the same doctrine Andy Marshall helped develop
in nuclear-war-fighting scenarios during the Cold War in the early 1960s. The doctrine
was called Mutual Assured Destruction (MAD). Now a new doctrine of Mutual Assured
Financial Destruction was emerging. To Andy Marshall, financial weapons were new,
but deterrence theory was not.

The distinction between offensive and defensive capabilities in financial warfare
is not the only dichotomy. There is also a distinction between physical targets, such
as exchange computers, and virtual targets, such as business relationships. Virtual
targets involve business conduct based on trust. A seemingly honest entity can gain
trust through patient, repetitive trading, then suddenly abuse that trust by flooding
a trading system with malicious, manipulative orders.

Physical targets consist of a vast network of servers, switches, fiber-optic cable,
and other message traffic channels, as well as the exchange premises themselves. It
is not difficult for exchange engineers or enemies to see that disrupting one link
in this electronic chain through sabotage or hacking can cause chaos and force a market
closure, at least temporarily. More extensive attacks can shut down markets for weeks
or even months, depending on the extent of the disruption.

The financial meltdown in 2008 was not an act of financial warfare, but it did demonstrate
to U.S. officials the complexity and vulnerability of the global financial system.
Approximately $60 trillion of wealth was destroyed from the peak in October 2007 to
the trough in March 2009. If such a catastrophe could be caused by instruments as
innocuous as mortgages, imagine how much more harm could be caused by malicious market
manipulation orchestrated by experts who knew exactly how the system behaved.

Thanks to Marshall and others, there’s a growing awareness that a well-orchestrated
cyberfinancial attack could be as disruptive as any traditional military assault.

■
The Enemy Hedge Fund Scenario

A hedge fund is the perfect cover for an intelligence operation. A malicious trader
does not have to destroy a system physically in order to carry out an attack. If an
enemy trader sets up a legal entity such as a hedge fund, it can open accounts with
major clearing brokers and commence a pattern of ordinary trading. This trading can
continue for years as the entity becomes a sleeper cell in the capital markets. In
time, clearing brokers come to see the entity as a prime customer generating huge
commissions, and they grant it larger lines of credit.

Hedge funds are also classic intelligence-gathering operations that seek information
advantage on a continual basis. The tradecraft that intelligence agencies and hedge
funds use to gather information is similar. Attending high-level professional conferences
is one way to build an expert network and tap into confidential information about
new products and inventions. Investing in a company gives the investor access to management.
Both fund traders and intelligence agents seek such access. For hedge funds, the purpose
is to acquire a trading advantage, such as an early look at a new product that will
affect stock prices. For intelligence services, the purpose is to keep ahead of technological
developments that will affect the relative economic power of rival states.

The hedge fund sleeper could build close relationships with many
brokers around the world so that its buying power was hundreds of times its capital,
once all credit lines and the notional value of derivatives were taken into account.
On orders from an enemy financial command, the fund network could turn malicious.
Orders to sell specific stocks such as Apple, Google, or other widely held names could
come flooding in and overwhelm the market makers and buyers. A price decline could
start out slowly and gather momentum until it turns into a full-fledged market panic.
Circuit breakers could be tripped, but the selling pressure would not abate. Business
TV channels would pick up the story, and the panic would spread.

For the enemy traders, there is no tomorrow. They are not worried about paying for
their trades in a few days or in the repercussions of mark-to-market losses. Their
capital might even be on its way back to banks in Beijing or Moscow, unbeknown to
the clearing brokers now handling the orders. Capital markets have certain safeguards
against overnight credit risk, but no effective safeguards have ever been devised
to insure against losses that arise during the course of a single day. Chinese or
Russian covert hedge funds could exploit this weakness while abusing trust and credit
built up over years.

The malicious attack need not be confined to cash markets. While the attackers are
selling stocks, they could buy put options or short the stock in a dealer swap to
add selling pressure. The malicious customer becomes like a virus infecting the dealer’s
trading desk, forcing it to add to the mayhem.