Hello, all you doomed humans. I had a miserable COVID situation last week and couldn’t publish the newsletter. But thankfully, that’s behind me, for now, until I die soon? Probably? I hope not! but? So, this week’s issue became a little big given that I had a lot of weird and interesting ways to share in which you can make money and become richer.
Moved this to Substack from Revue because editing in Revue is a pain in thass. Substack’s editor is super good.
I hope you enjoy getting rich as much as I enjoyed writing about how you can be rich.
Top of the news
🤑 Ransoming your way to riches
One recurring theme of this blogletter is scams and frauds. Like I had written in the previous issue, this is a golden age of fraud, and there’s so much talent that it would make Bernie Madoff and Charles Ponzi blush. All these guys committing these amazing scams and frauds deserve the limelight, and we need to encourage all the hard work they put in. If you’re a naive, cosseted prude shocked at my naked admiration for frauds, do you want to make money or look at me with disgust from your 24th-floor Apartment?
I had also written briefly about a few scam ideas in the order of their difficulty. But I had missed writing about a new and lucrative way of scamming, scratch that, making money. If you went back 50-60 years, there was no easy way to make quick money. You could always get a job and get paid every month, but that was stupidity. Probably the easiest way to make quick money was to ransom someone. To do this, you had to find someone rich, kidnap them, hold a kerchief to their mouth, call the head of the kidnapped person’s family and demand money.
And more importantly, you always risked getting caught when you went to collect the money. And you couldn’t even be sure if the money was real. Take the case of Arno Funke, an aspiring cartoonist who lived in Germany. By 1988, Funke’s cartoonist dreams had gotten him nowhere. He was 38, divorced and broke, so he decided to start an income redistribution scheme (some people call it robbing or thievery). His targets were fancy stores and showrooms that catered to the rich. He used to plant a bomb and threaten to blow it up if he wasn’t paid. He used to set the drop-off locations near train stations so that he could hide easily.
On August 14th, he again waited near the train tracks, wearing gloves, black glasses, and a gray wig. This time, the package eventually detached and crashed against the tracks. As Funke ran to pick it up, the train stopped and police officers jumped out. “Stand still or I’ll shoot!” an officer cried, firing his weapon into the air.
During one money handoff, officers ambushed Dagobert on a grassy embankment in Berlin. One officer tried to grab him but slipped and fell, and Funke managed to escape on a bike. The media reported that the officer had slipped on dog poop.
At 11:07 P.M., though no one had come to the box, the motion detector squealed. When the officers opened the box, they found a gaping hole that fell deep into the sewers below. Funke had built an exact replica of a city grit box and placed it over a manhole cover, then opened the cover to retrieve the package. When he realized it didn’t contain any money, he left the bag and escaped through the sewer system.
But this was hard work and risky, as you can saw, and you had to be okay with escaping through a smelly sewer. You had to scout the targets. If the target were human, you had to learn about their routines, waste money on fuel, find the right partners and then you had to do the hard work of kidnapping that person. If the kidnapee was a Salman Khan fan, you ran the risk of getting kicked in the cradle of life. If the target was human, the important and the hardest step in all this was to hold the kerchief to the target’s mouth the right way. Otherwise, you’d get punched, likely in an undesirable place.
But you don’t have to do all this hard work anymore. Today, thanks to the internet, everything, everyone and their secrets are online. The world is quite literally your playground. Today, you can ransom anyone and anything on the internet. You don’t have to physically kidnap anymore. All you need are some okay…ish computer, coding and technology skillz and
Okay. So the new way to make big money that I want to talk about is cybercrime and, more specifically, ransomware. If you don’t know what ransomware is, watch this video.
Up until the early 2000s, all you could do was ransom people or their secrets like photos. For example, if your neighbour LIC uncle loved wearing women’s lingerie, you could take some photos and ransom them. But today, thanks to the internet, you can ransom not just people but companies and even entire cities. Being a cybercriminal is a lucrative career path—fintech my ass.
But before that, some basics for all you budding cybercriminals. Like digital ransoming (ransomware), there are various cybercrime opportunities. You can hack and steal data or destroy networks for money. Use phishing to steal data, create and sell malware, steal people’s identity, engage in cyberstalking and so on. But one of the most popular career paths for wannabe talented cybercriminals is ransomware. It’s a growth area with a 485% YoY growth in 2020.
If you don’t know what ransomware is, it’s basically hacking individuals, companies or even governments and encrypting their data to lock them out. You then ransom the data for money. To encrypt and ransom data, you need to gain access to a system first. One of the common ways is through phishing or baiting. So what you do is you send a legitimate-looking email to someone within a company with a malware attachment. The email title has to be appealing, like “Congrats, you got a salary hike. Open the attachment for more details”. When the employee opens the attachment, the malware installation on his system is triggered, giving you access to the entire company’s network. You can then encrypt the data, lock everybody out and ransom it back.
The other problem with physical ransom was collecting the money anonymously was hard. But with the rise of Bitcoin and other cryptocurrencies, you can collect money anonymously. There has never been a better time to design and execute ransomware attacks. So, let’s look at an example of an attack.
Recently, Colonial Pipeline was hit with a ransomware attack. Colonial has over 5,500 miles of pipeline and carries 45% of the fuel supplies such as gasoline, heating oil, and jet fuel to the United States East Coast. In response, Colonial shut down its entire pipeline to assess the damage leading to fuel shortages. The notorious cybercriminal gang called Darkside was behind the attack. The company had to pay 75 bitcoin worth $4-5 million or Rs 30+ crores to get its data back. That’s how lucrative ransomware is. To make Rs 30 crores, you would’ve probably had to work honestly for 20-30 years
Darkside is a professional cybercriminal gang. When they went live, they had a neat website and also issued a press release that they were open for business.
The developers behind Darkside first went public with their new ransomware tool on August 10, 2020, when they announced it with a press release. This was three days after the Darkside ransomware struck the U.S. holding company’s systems. “We are a new product on the market, but that does not mean that we have no experience and we came from nowhere,” the person or group behind the ransomware code wrote in their release. “We created Darkside because we didn’t find the perfect product for us. Now we have it.”
Instead of working individually, creating your own cybercriminal gang like the Oceans 11 or joining a gang can be more lucrative. It appears that the Darkside gang lost access to the severs and payment systems due to law enforcement action. But in the 7 months they were active, they reportedly made over $90 million or about Rs 650 crores. Wondering how did they not get caught? Enter Bitcoin, the decentralized anonymous currency. Today, all cybercriminals collect ransoms in crypto like Bitcoin, Ethereum, Tether etc. Because you can’t give your bank details and ask the ransomed party to make an NEFT transfer, you’ll obviously get caught. But Bitcoin is anonymous is a budding criminal’s best friend.
🎯 What targets to choose?
It could be anyone from individuals to entire cities. Last year Pune in India and US cities like Baltimore and New Orleans were hit with ransomware.
Large companies. For example, CNA Financial, one of the large US insurance companies, paid $40 million as ransom to end a ransomware attack. In India, NHAI, Apollo Tyres, Indiabulls etc., have been hit with ransomware attacks.
You can also ransom govt organizations like police departments, public utilities like Telangana and AP Power, govt owned infra companies like NHAI. You can even ransom an entire country’s healthcare infrastructure like it’s currently happening in Ireland.
Or you could ransom an insurance company that offers ransomware insurance. This is what happened to Axa Insurance.
“The announcement from the group comes roughly a week after AXA stated that they would be dropping reimbursement for ransomware extortion payments when underwriting cyber-insurance policies in France.”
Or in my view, one of the most lucrative ransomware opportunities is to use the data to buy and sell stocks, derivatives etc. There are two ways to go about this. You could hack into a listed company on NSE, BSE, or Nasdaq, look at the sensitive data while you are ransoming and trade based on that. Or you could publicly announce that the company isn’t paying the ransom, and you could threaten to release the data publicly. You can then short the stock well in advance because this will undoubtedly cause the stock to fall, and you can make some good money. Thank me later.
In mid-April the ransomware program announced new capability for affiliates to launch distributed denial-of-service (DDoS) attacks against targets whenever added pressure is needed during ransom negotiations. DarkSide also has advertised a willingness to sell information about upcoming victims before their stolen information is published on the DarkSide victim shaming blog, so that enterprising investment scammers can short the company’s stock in advance of the news.
“Now our team and partners encrypt many companies that are trading on NASDAQ and other stock exchanges,” DarkSide explains. “If the company refuses to pay, we are ready to provide information before the publication, so that it would be possible to earn in the reduction price of shares. Write to us in ‘Contact Us’ and we will provide you with detailed information.”
💲 What’s the opportunity set?
By 2025, it’s a $10.5 trillion opportunity.
Cybersecurity Ventures expects global cybercrime costs to grow by 15 percent per year over the next five years, reaching $10.5 trillion USD annually by 2025, up from $3 trillion USD in 2015. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year, and will be more profitable than the global trade of all major illegal drugs combined.
Cybercrime is larger than pretty much all the other popular ways to make money and less risky too. It has the best risk-adjusted returns or Sharpe ratio compared to other ways to make money.
According to McAfee (Our enemy responsible for stopping cybercrime), cybercrime has so far resulted in over $1 trillion of damage.
Since 2018, we estimated that the cost of global cybercrime reached over $1 trillion. We estimated the monetary loss from cybercrime at approximately $945 billion. Added to this was global spending on cybersecurity, which was expected to exceed $145 billion in 2020. Today, this is $1 trillion dollar drag on the global economy.
💰 How much can you make?
The average ransomware payment according to Coveware was $220,298 (Rs 1.6 crores). For most people, that’s 10+ years of salary. This is just ransomware, other types of cybercrime opportunities can be far more lucrative. For large companies, the average payments range between $84,116, $780,000 (Rs 61.3 lakhs to Rs 5.6 crs).
🤔 What if I am not too tech-savvy?
If you’re not as talented as me in AI, ML and AI/ML on Blockchain, there’s no shame. Our fellow cybercriminals have products to help the less technically savvy. Ransomware experts have started offering Ransomware as a Service (RaaS) solutions. It’s like paying for a Netflix subscription. There are platforms with 24/7 support available for you to carry out your ransomware attacks—all you need is to click a few buttons.
A RaaS kit may include 24/7 support, bundled offers, user reviews, forums and other features identical to those offered by legitimate SaaS providers. The price of RaaS kits ranges from $40 per month to several thousand dollars – trivial amounts, considering that the average ransom demand in Q3 2020 was $234,000 (and trending upward). A threat actor doesn’t need every attack to be successful in order to become rich.
A customer simply logs into the RaaS portal, creates an account, pays with Bitcoin, enters details on the type of malware they wish to create and clicks the submit button. Subscribers may have access to support, communities, documentation, feature updates, and other benefits identical to those received by subscribers to legitimate SaaS products. The most sophisticated RaaS operators offer portals that let their subscribers see the status of infections, total payments, total files encrypted and other information about their targets
💸 Why is this an opportunity?
Simply put, this is an opportunity because half the planet still uses 123456 and QWERTY as passwords. Most of the critical digital infrastructure like healthcare, public utilities, and financial services are built on shaky foundations with a generous dose of Fevikwik and cellophane tape.
Quoting Zeynep Tufekci:
Adding security after the fact to a digital system that wasn’t built for it is very hard. And we are also surrounded by “technical debt,” programs that work but were written quickly, sometimes decades ago, and were never meant to scale to the degree that they have. We don’t mess with these rickety layers, because it would be very expensive and difficult, and could cause everything else to crumble. That means there is a lot of duct tape in our code, holding various programs and their constituent parts together, and many parts of it are doing things they weren’t designed for. –
A lot of new code is written very very fast, because that’s what the intersection of the current wave of software development (and the angel investor / venture capital model of funding) in Silicon Valley compels people to do. Funders want companies to scale up, quickly, and become monopolies in their space, if they can, through network effects — a system in which the more people use a platform, the more valuable it is. Software engineers do what they can, as fast as they can. Essentially, there is a lot of equivalent of “duct-tape” in the code, holding things together. –
One of my favourite articles puts this in the best possible words:
The Common Business-Oriented Language was developed nearly 60 years ago and has been gradually replaced by newer, more versatile languages such as Java, C and Python. Although few universities still offer COBOL courses, the language remains crucial to businesses and institutions around the world. In the United States, the financial sector, major corporations and parts of the federal government still largely rely on it because it underpins powerful systems that were built in the 70s or 80s and never fully replaced.
And here lies the problem: if something goes wrong, few people know how to fix it. The stakes are especially high for the financial industry, where an estimated $3 trillion in daily commerce flows through COBOL systems. The language underpins deposit accounts, check-clearing services, card networks, ATMs, mortgage servicing, loan ledgers and other services.
And in countries like India where people still use MS Paint to design websites, the only firewalls companies use are this . Hence companies here make for lucrative targets.
₿ Is crypto a safe way for me to collect payments?
Absolutely, Bitcoin is made for collecting illegal payments anonymously. You can then sell the bitcoin and launder the money through crypto exchanges like Binance easily. No need to hire shady accountants to launder money.
Historically, mainstream exchanges have been the primary destination of illicit cryptocurrency, and that didn’t change in 2020. In fact, the share of all illicit cryptocurrency received by exchanges grew slightly in 2020. We also see significant volume moving from illicit addresses to services we categorize as “risky,” including high-risk exchanges, gambling platforms, mixers, and services headquartered in high-risk jurisdictions. Interesting trends arise when we look at the specific risky services receiving funds from different types of cryptocurrency-based crime
Dive deeper
McAfee threat reports
The Chainalysis 2021 Crypto Crime Report
Science Direct
Zero Day
Krebs on security
Chainlysis
I wish all the best in your ransoming endeavours.
😝 Drugs finger lickin’ good
Speaking of drugs and bitcoin, do you know what the most popular drug of all time is? Nope, not weed or coke or heroin (not the Bollywood kind). It’s food. More specifically, junk or processed food. I think drug cartels should consider diversifying to processed foods. They can make shitloads of money and launder money as well.
One of the hallmarks of addiction that scientists who are studying drug addiction discovered back in the 1990s was that the faster a substance hits the brain, the more apt we are as a result to act compulsively, impulsively. So they sort of speak about tobacco and alcohol and drug products in terms of the speed that they hit the brain. But it turns out that there’s nothing faster than food in … its ability to sort of hit the brain – NPR
And one of the pushbacks, again, from the industry that I had in starting the research was, but wait a minute; if you look at brain scans of people and one person’s on cocaine, another person is on, you know, Hot Pockets, the brain’s not going to be lighting up as brightly for the Hot Pockets as the cocaine. But as drug researchers, drug addiction researchers, who now study food addiction pointed out to me, you know, food doesn’t have to work that hard on us to get us to act compulsively kind of because of the food environment. It’s inexpensive. It’s legal. It’s everywhere – NPR
Food scam
Speaking of junk food, here’s a new potential scam that you can run. Just select some old and popular food items and claim that you invented them. This is what Richard Montanez did, and he made quite a bit of money off it and has a movie deal too.
For more than a decade, Montañez has told his legit rags-to-riches tale of working his way up from sweeping the floors at the Frito-Lay plant in Rancho Cucamonga, California, to becoming a vice-president at Frito-Lay’s parent company, PepsiCo. He’s already published one book about his experiences, and a second one (Flamin’ Hot: The Incredible True Story of One Man’s Rise from Janitor to Top Executive) is coming out this summer.
In the years that followed, Flamin’ Hot Cheetos became a big thing—and then an even bigger thing—and Montañez scored promotion after promotion, eventually becoming a vice-president at PepsiCo. He retired in 2019, more than 40 years after Judy filled out that application for him. In addition to writing two books and selling the film rights to his life, he’s also worked as a motivational speaker, reportedly earning between $10,000 and $50,000 per appearance.
Sidenote
On a side note, I was curious about what the most popular illicit drugs were. Given that they are, well, illicit, it’s notoriously hard to estimate the size, but here are some ballpark numbers.
🐇🕳 Rabbithole
Speaking of drugs, I came across this tweet of Shyam, which linked to this Undark podcast on how decriminalization of drugs in Portugal has worked out so far. Drugs are considered a blight on society, so much so that the US is still running a war on drugs that has reportedly cost $1 trillion and countless lives. It has led to the indiscriminate targeting of black minorities and has also led to mass imprisonment and the rise of the Prison Industrial Complex – private for-profit prisons.
The monetary cost of U.S. domestic drug policy is equally remarkable. Since the War on Drugs began more than 40 years ago, the U.S. government has spent more than $1 trillion on interdiction policies. Spending on the war continues to cost U.S. taxpayers more than $51 billion annually.8
While the domestic impact of the War on Drugs is profound, its consequences do not stop at the border. American‐backed anti‐drug operations in Mexico, for example, have resulted in some of the bloodiest years in Mexican history.9 In fact, since former Mexican president Felipe Calderón began using the military to fight cartels, more than 85,000 people have been killed.10 Efforts by the U.S. government to eradicate opium cultivation in Afghanistan have not only failed to reduce global supply but have also empowered and funded the Taliban.11
It’s the same in India as well.
In India alone, the quantity of illegal drugs seized between 2011 and 2013 rose by 455 percent. A senior doctor I spoke to in Tarn Taran in Punjab said, under the condition of anonymity, that the Indian war on drugs is failing. “It has backfired,” he told me. “We are seeing more drug users; they are put in prison where they use drugs more.”
Currently the demand for rehabilitation still exceeds its supply, which has caused a mushrooming of illegitimate private de-addiction centres that profit from the commercialisation of desperation.
A key battleground in the war on drugs in India is the northern state of Punjab. In 2014, the state received national attention when narcotics became a key issue leading up to the Lok Sabha elections. With Rs 800 crore worth of drugs and liquor seized by election authorities
But what if drug decriminalization or legalization is the way? Although, it hard to attribute Portugal’s policy to a good outcome, the decriminalization of drugs might have made things better.
Are people still using drugs in Portugal? Sure. And are people still dying of overdose in Portugal? Sure. But we managed to reduce a lot those figures. And we also managed to increase a lot of the people that are in treatment because we made that more accessible.
Carl, an American psychologist, neuroscientist and a professor of psychology at Columbia University who is also a regular heroin user says that most of the worries about drugs are systematically overblown. In his book, he argues for drug legalization and regulation.
That’s one of the biggest myths, that the majority of people who use something like heroin or crack cocaine or cocaine in general are addicted—it’s simply not true. It is true that people can become addicted. There are a certain percentage of people who become addicted. But even when they become addicted, the addiction has little to do with the drug itself, and has more to do with these other environmental, psychosocial, and personal factors. People may have co-occurring psychiatric illnesses, co-occurring pain, a wide range of things that’s driving the addiction, if we look past the drug.
One of the reasons I started writing this newsletter was to go down rabbit holes and this is a fascinating one. Here are a few podcasts on my playlist to dive deep into this issue. If you’re wondering wtf do drugs have to do with finance and this newsletter, the sheer cost of keeping drugs illegal is astounding. Moreover, drug legalization or decriminalization affects everything from public policy to the pharma stocks you hold.
🍻 Sometimes, all it takes is free beer
As we all continue waiting to die from this stupid virus, widespread vaccination still remains one of the best hopes of survival. But for supposedly being the most intelligent creatures on the planet, we do surprisingly stupid things. One good thing about the internet is that it gave everyone a voice. But the side effect is that everyone now has a voice. Today any idiot can read 1 or 2 articles about vaccines and become an epidemiological expert on Twitter. And the end result is the rise of these vaccine sceptics, and they’ve become quite influential. These no-vaxxers are a dangerous nuisance.
But, surprisingly, simple things are effective against our unsurprising stupidity. Erie County in New York launched the Shot and a Chaser program where they partnered with local breweries to host vaccination drives and offer free beer to people who got vaccinated.
And it’s working:
Hours after Erie county’s Shot and a Chaser program got under way at Resurgence Brewing Company on Saturday, about 100 people had been vaccinated.
“We’re going to do more people today at our first-dose clinics than most of our first-dose clinics in the last week combined,” Poloncarz said. “It’s been a success. We figured it would be pretty good, but now we’re seeing the results.
Not just beer, the White House is apparently partnering with dating apps like Tinder, OK Cupid etc., to encourage vaccination. Dispensaries in Arizona and Michigan are offering edible cannabis and free joints for people who get their shots. States like Ohio and New York have announced vaccine lotteries. The eligibility for the draw is to get vaccinated.
When it comes to incentives, for example, 57 percent of unvaccinated adults said a big cash payment, such as a $1,000 savings bond, would sway them, while 43 percent said they’d probably or definitely get vaccinated if they were offered a smaller reward, such as a $50 bond. Adults under age 45 were more likely to say a big financial incentive would make them more willing to get a vaccine
This is a fascinating demonstration of how incentives make the world go round.
🎧 Playlist
In one of the previous issues, I told you about the massive shortage of semiconductors globally. This conversation will give you more context for the reason behind shortages and just how laughably antiquated global shipping is.
Given that I am a crypto-illiterate, have been reading and listening to a few things. Found this episode to be a good overview of sorts of the crypto landscape.
🧾 7 must-reads
How a Lack of Fear Upends Markets
Fear stabilizes systems because it plays a pivotal role in how animals make decisions. Be it Yellowstone Park or stock markets, an ecosystem can become severely unbalanced from an absence of fear. Market history is filled with brief episodes where any stock price is considered reasonable. The late 1920s, the Nifty-Fifty, the Dot-com Bubble, were all periods where fear of losing seemed to disappear. Optimism abounded. Stock prices soared. Markets became top-heavy. Yet, most participants believed it was normal. It took a widespread realization that prices were excessive — a reminder that losing was possible (inevitable) — to bring it crashing down.
How can we explain momentum returns?
Theissen and Yilanci noted that their findings have important implications, as they document that the apparent profitability of momentum strategies is, to a large extent, compensation for factor exposures (or risk). These strategies may thus be delivering risk premiums rather than abnormal returns. Their findings are also consistent with those of Tarun Gupta and Bryan Kelly, authors of the 2019 paper Factor Momentum Everywhere, and those of Sina Ehsani and Juhani Linnainmaa, authors of the 2020 paper Factor Momentum and the Momentum Factor, who found that momentum in individual stock returns emanates from momentum in factor returns—a factor’s prior returns are informative about its future returns.
Related read: Momo “Rapid-Fire” Momentum
Why Investing Feels Like Astrology
That sentient woodchipper is of course the market. The problem isn’t with markets. It’s with your formative beliefs about markets. Markets are an emergent system where the actors learn, act, and get feedback. Repeat loop. They all do this at the same time. That means that some of their lessons are artifacts of their own behavior. It’s like taking your pulse with your thumb, forgetting that it has a faint pulse of its own. Markets are layers of sedimentary behavior, compressing at an increasing rate, on top of a core finance function. That increasing rate scales with the modern speed of information creation and spread.
Life is Too Short to Save Everything
Enjoy some of your money now. And if you can’t bring yourself to spend your own savings as you age, then enjoy your money with loved ones. Spend it on trips with family or friends. Give it away to family members. Donate money to charity.
Life is unpredictable. You never know when your time will come to an end. Maybe you’ll live to be 100. Or maybe your life will be cut short by an unforgiving virus or other unexpected cause.
Either way, what’s the point of saving your money if you never plan on spending it?
These magazine covers have been a great tell for decades, even centuries. Journalists are historically late to the party. I think this time is no different. Fade their optimism.
The U.S. Is Not Ready For An All-Electric Future
“Building a net-zero America will require immediate, large-scale mobilization of capital, policy and societal commitment, including at least $2.5 trillion in additional capital investment into energy supply, industry, buildings, and vehicles over the next decade relative to business as usual,” Princeton University said in its Net-Zero America report, a two-year research effort charting pathways toward net zero.
“The current power grid took 150 years to build. Now, to get to net-zero emissions by 2050, we have to build that amount of transmission again in the next 15 years and then build that much more again in the 15 years after that.
Big Agriculture Is Leading to Ecological Collapse
If the events in Brazil and India sound familiar to U.S. readers, it is because there are analogous stories in the United States—where industrial agriculture is rendering entire landscapes uninhabitable. The U.S. Corn Belt, which spans the region from Ohio to Nebraska, produces 75 percent of the country’s corn, but around 35 percent of the region has completely lost its topsoil. Industrial agriculture has been pursued with special zeal in Iowa, where there are 25 million hogs and 3 million people. There, water from the Raccoon River enters the state capital of Des Moines—home to 550,000 people—with nitrates, phosphorus, and bacteria that have exceeded federal safe water drinking standards.
Did you like reading this? Share this with your friends and make them slightly less smart than you.
Do you want to let me know about how shitty this post was? Leave a comment.
How can anyone have so much information on such a wide array of topics week after week?
Great peice of work!