The Death of Money

■ Trading in Plain Sight

“No one trades alone.” An axiom of financial markets, this truism means that every trade leaves transaction records there to be seen. If one knows where to look and how to examine the history and data, much can be learned not only about quotidian sales of stock by the obvious players, large and small, but about more troubling truths and trends. The market evidence surrounding 9/11—most of which is little understood by the public—is a case in point.

The secure meeting rooms at the CIA’s Langley headquarters—windowless, quiet, and cramped—are called “vaults” by those who use them. On September 26, 2003, John Mulheren and I were seated side by side in a fourth-floor vault in the headquarters complex. Mulheren was one of the most legendary stock traders in Wall Street history. I was responsible for modeling terrorist trading for the CIA, part of a broad inquiry into stock trading on advance knowledge of the 9/11 attacks.

I looked in his eyes and asked if he believed there was insider trading in American Airlines stock immediately prior to 9/11. His answer was chilling: “It was the most blatant case of insider trading I’ve ever seen.”

Mulheren started his stock trading career in the early 1970s and, at age twenty-five, became one of the youngest managing directors ever appointed at Merrill Lynch. He was found guilty of insider trading in 1990 as part of the trading scandals of the 1980s, but the verdict was overturned on appeal. His conviction was based on testimony provided by Ivan Boesky, himself a notorious insider trader. During the case, Mulheren had been apprehended by police at his Rumson, New Jersey, estate as he set out with a loaded assault rifle in his car to kill Boesky in broad daylight.

Mulheren was expert in options trading and the mathematical connections between the prices of options and the prices of the underlying stocks on which the options were written. He was also a seasoned trader in takeover stocks and knew that deal information was often leaked in advance, an open invitation to insider trading. No one knew more about the linkage between insider trading and telltale price signals than Mulheren.

When we met at Langley, Mulheren was CEO of Bear Wagner, one of seven New York Stock Exchange specialist firms at the time. Recently, specialist firms have faded in importance, but on 9/11 they were the most important link between buyers and sellers. Their job was to make a market and stabilize prices. Specialists used options markets to lay off the risk they took in their market making. They were a crucial link between New York stock trading and Chicago options trading.

Mulheren’s firm was the designated market maker in American Airlines stock at the time of the 9/11 attacks. When the planes hit the twin towers, Mulheren saw the smoke and flames from his office near the World Trade Center and understood immediately what had happened. While others speculated about a “small plane, off-course,” Mulheren furiously sold S&P 500 futures. In the ninety minutes between the time of the attack and the time the futures exchange closed, Mulheren made $7 million shorting stocks. He later donated all the gains to charity.

Mulheren was an eyewitness: he watched both the unfolding of the 9/11 attack and the insider trading that preceded it. His presence at Langley in 2003 was part of a CIA project whose roots reached back to a time before the attack itself.

■ The Terror Trade

September 5, 2001, was the day Osama bin Laden learned that the attacks on New York and Washington would take place on 9/11. The countdown to terror had begun. There were four trading days left before the streets around the New York Stock Exchange would be choked with death and debris. Terrorist traders with inside information on the attack had only those few days to execute strategies to profit from the terror. Insider trading on advance knowledge of the 9/11 plot was in full swing by September 6.

Bin Laden was financially sophisticated, having been raised in one of the wealthiest families in Saudi Arabia. The other leaders of Al Qaeda, including the 9/11 hijackers, were not drawn from the ranks of the ignorant and impoverished; they were doctors and engineers. Many lived in developed countries such as Germany and the United States. Al Qaeda was financially backed by wealthy Saudis who traded stocks on a regular basis.

Al Qaeda’s familiarity with the workings of the New York Stock Exchange is well known. In an interview with a Pakistani journalist just weeks after the 9/11 attacks, Bin Laden made the following comments, which show how closely he drew the connection between terror and trading:

American Airlines and United Airlines, the operators of the four flights that were hijacked on 9/11, are public companies whose stock is traded on the New York Stock Exchange. In 2001 American Airlines traded with the ticker symbol AMR, and United Airlines with the ticker UAL.

An investigator looking for evidence of insider trading usually starts with the options markets, closely linked to the stock market. Decades of insider trading cases have shown that options are the insider trader’s tool of choice. The reason is obvious: options offer much greater leverage for the same amount of cash than regular stock trading. What makes sense for Wall Street crooks also makes sense for terrorists. When one is betting on a sure thing, leverage amplifies the expected profits, and the terrorists were betting on a sure thing—the panic that would follow their attack.

While the operational details of the 9/11 terror attacks were known in advance to only a small cadre of operatives, the coming of an attack on September 11, 2001, was known to a larger circle. This group included immediate associates of the hijackers, housemates, and financial backers, as well as family and friends. Those who learned of the coming attacks from the terrorists told others, and the information spread through a social network in much the same way a video goes viral.

Advance knowledge of an attack communicated in social networks does not help intelligence agencies unless the messages are intercepted. Interception presents challenges both in directing collection resources at the right channels and in separating signals from noise. But at least one channel was blinking red before 9/11, telling the world that disastrous events involving airlines were imminent. That channel was the pinnacle of the U.S. financial establishment—the New York Stock Exchange.

As the terror clock ticked away, market signals rolled in like a tsunami. A normal ratio of bets that a stock will fall to bets it will rise is 1 to 1. On September 6 and 7, option bets that United Airlines stock would fall outnumbered bets it would rise by 12 to 1. Exchanges were closed on September 8 and 9 for the weekend. The last trading session before the attack was September 10, and that day option bets that American Airlines stock would fall outnumbered bets it would rise by 6 to 1. On September 11, 2001, United Airlines and American Airlines flights struck the World Trade Center and Pentagon. The first trading day after the attacks, United Airlines stock fell 43 percent and American Airlines stock fell 40 percent from where they had last closed. Thousands of Americans were dead. The options traders had made millions.

One-sided trading, involving more bearish than bullish bets of the kind seen just prior to 9/11, would not be unusual if there were negative news about the stocks. But there was no news on airlines on those days. The stocks of other major airlines, such as Southwest and US Airways, did not exhibit the massively bearish trading that affected American and United.

All that appeared was a huge one-way bet on a decline in the stock prices of American and United Airlines in the last four trading days before 9/11. Seasoned traders and sophisticated computer programs recognize this pattern for what it is—insider trading in advance of adverse news. Only the terrorists themselves and their social network knew that the news would be the most deadly terrorist attack in U.S. history.

The trading records are not the only evidence of a terrorist connection to insider trading in advance of the attacks. Yet notwithstanding such evidence, the official 9/11 Commission concluded:

This language used in the 9/11 Commission Report is a lawyer’s dodge. Saying that agencies uncovered no evidence does not mean there is no evidence, merely that they failed to find it. The conclusion that no one profited does not mean that transactions did not take place, merely that the profits could not be ascertained. Perhaps the perpetrators failed to collect their winnings, like a bank robber who drops a satchel of stolen cash in flight. The inside terrorist traders may not have known the exchange would be closed for days after the attack, making it impossible to settle trades and collect winnings.

Despite the official denial, proof of the terrorist trading connection is found through a deeper dive into the world of forensics and the phenomenon of signal amplification. The unusual options trading in advance of 9/11 has been closely studied by academics. The literature, most of it published after the 9/11 Commission completed its work, is emphatically of the view that the pre-9/11 options trading was based on inside information.

The leading academic study of terrorist insider trading connected to 9/11 was done over four years, from 2002 to 2006, by Allen M. Poteshman, then at the University of Illinois at Urbana-Champaign. His conclusions were published by the University of Chicago in 2006.

These conclusions were based on strong statistical techniques. This is like using DNA to prove a crime when there was no eyewitness. In murder cases, prosecutors compare a defendant’s DNA to samples found at the crime scene. A DNA match might implicate a defendant in error, but the chance is so slight, so exceedingly remote, that juries routinely convict. Certain statistical correlations are so strong that the obvious conclusion must be drawn despite a microscopic chance of error.

Academics like Poteshman take large sets of data and establish the normal behavior of stocks, called the baseline. Researchers then compare actual trading in a target period to the baseline to see if the target period represents normal or extreme activity. Explanatory variables are tested to account for extreme activity. These techniques have proved reliable in many investigatory and enforcement contexts. During the dot-com bubble, for example, they were used to uncover widespread illegal backdating of options by technology companies.

Poteshman’s data for the purposes of establishing a baseline included a daily record of options trades on all stocks in the S&P Index from 1990 through September 20, 2001, shortly after the 9/11 attacks. He focused on several relevant ratios before turning to the one most likely to be used by terrorists—the simple purchase of put options on AMR and UAL. A put option on a stock is a bet that the stock’s price will fall.

He arranged the data in decimal brackets from 0.0 to 1.0, with 0.0 representing extremely low activity in put options and 1.0 representing extremely high activity. He discovered that in the four trading days prior to 9/11, the maximum daily value for either hijacked airline was 0.99 and the maximum value over the entire four-day window was 0.96. In the absence of any news that would explain such an extreme skew, the inescapable conclusion is that this activity represents insider trading. Poteshman writes:

Another leading study, conducted by the Swiss Finance Institute, reached the same conclusion. This study covered the period 1996 to 2009 and analyzed over 9.6 million options trades in thirty-one selected companies, including American Airlines. With respect to 9/11, the study concluded:

The 9/11 Commission was aware of the trading records used by subsequent scholars, and it was familiar with media reports that insider trading by terrorists had taken place. Yet the 9/11 Commission denied any connection between the options trading and terrorists. Its failure to conclude that terrorist insider trading took place is due to its failure to understand signal amplification.

Signal amplification in stock trading describes a situation where a small amount of illegal trading based on inside information leads to a much greater amount of legal trading based on the view that “someone knows something I don’t.” It is a case of legitimate traders piggybacking on the initial illegal trade without knowing of the illegality.

Again, no one can trade in isolation. For every buyer of put options, there is a seller who sees the transaction take place. Each trade is entered on price reporting systems available to professional traders. A small purchase of put options by a terrorist would not go unnoticed by those professionals. There was no news of any importance on American or United Airlines in the days before 9/11. Anyone seeing a small trade would ask herself why a trader would make a bet that the stock was going down. She would not know who was doing the trading, but would assume the trader knew what he was doing and must have a basis for a bear bet. This pro might buy a much larger amount of put options for her personal account as a piggyback bet on the stranger’s informed trade.

Soon other traders begin to notice the activity and also buy put options. Each trade adds to the total and amplifies the original signal a little more. In extreme cases, the dynamic resembles the chaotic climax of the film Wall Street, in which initial insider trading in Blue Star Airlines by Charlie Sheen’s character cascades out of control amid shouts of “Dump it all!” and “We’re getting out now!”

In the event, 4,516 put options, equivalent to 451,600 shares of American Airlines, were traded on September 10, 2001, the day before the attack. The vast majority of those trades were legitimate. Yet it only takes a small amount of terrorist insider trading to start the ball rolling on a much larger volume of legitimate piggyback trading. The piggyback traders had no inside information about an attack; they were betting that other traders knew negative news on AMR that had not been made public.

They were right.

A standard rejoinder, by many in the intelligence community, to suggestions of terrorist insider trading is that terrorists would never compromise their own operational security by recklessly engaging in insider trading because of the risks of detection. This reasoning is easily rebutted. No one suggests that terrorist hijacker Mohamed Atta bought put options on AMR through an E*Trade account on his way to hijack American Airlines Flight 11 from Logan Airport, Boston. The insider trading was done not by the terrorists themselves but by parties in their social network.

As for operational security, those imperatives are easily overridden by old-fashioned greed. A case in point is home decorating maven Martha Stewart. In 2001 Stewart was one of the richest women in the world due to the success of her publishing and media ventures related to cooking and home decorating. That year she sold stock in ImClone Systems based on a tip from her broker and avoided a loss of about $45,000; that sum was a pittance relative to her fortune. In 2004, however, she was convicted of conspiracy, obstruction of justice, and making false statements in connection with the trade and was sent to prison.

When it comes to betting on a sure thing, greed trumps common sense and makes the bet irresistible. The record of insider trading is replete with such cases. A terrorist associate is not likely to show better judgment than a superrich celebrity when the opportunity arises.

Given the weight of the social network analysis, statistical methods, signal amplification, and expert opinion, why did the 9/11 Commission fail to conclude that terrorists traded in AMR and UAL in advance of the attack? The answer lies in the 9/11 Commission Report itself, in footnote 130 of chapter 5.

Footnote 130 admits that activity in AMR and UAL before 9/11 was “highly suspicious.” It also says, “Some unusual trading did in fact occur, but each such trade proved to have an innocuous explanation.” A closer look at these “innocuous” explanations reveals the flaws in the commission’s reasoning.

For example, the report finds “a single U.S.-based institutional investor with no conceivable ties to al Qaeda purchased 95 percent of the UAL puts on September 6 as part of a trading strategy that also included buying 115,000 shares of American.” This explanation falls down in two ways. First, the fact that a high percentage of the trades were found to be innocent is completely consistent with signal amplification. Only the small initial trade is done by terrorists. The 9/11 Commission Report presented no evidence that it had made any effort to drill down to the small initial signal. Instead, the staff were beguiled by the innocent noise.

Second, the 9/11 Commission relies on the fact that the investor it interviewed said he bought UAL puts as part of a strategy involving the purchase of AMR shares, a kind of long-short trade. This shows naïveté on the part of the commission staff. Large institutional investors have numerous positions that have nothing to do with one another but that can be selected post facto to show innocent motives to investigators. On its face, this investor’s AMR position says nothing about why it so heavily shorted UAL.

The report goes on to say that “much of the seemingly suspicious trading in American on September 10 was traced to a specific U.S.-based options trading newsletter, faxed to its subscribers on Sunday, September 9, which recommended these trades.” This analysis shows that the commission staff had a limited understanding of how Wall Street research works.

There are thousands of trading tip sheets in circulation. On any given day, it is possible to find at least one recommending the purchase or sale of most major companies listed on the New York Stock Exchange. Going back after the fact to find a newsletter that recommended buying puts on American Airlines is a trivial exercise. No doubt there were other newsletters in circulation recommending the opposite. Selecting evidence that fits a theory while ignoring other evidence is an example of confirmation bias, a leading cause of erroneous intelligence analysis.

Another problem with the newsletter rationale is the belief that the recommendation arose independently of the insider trading already going on in AMR. Why treat the newsletter as a signal when it was actually part of the noise? For example, on September 7, trading volume in AMR doubled from the previous day and reached a near three-month high with a declining stock price. This pattern is consistent with insider trading ahead of an attack on September 11. It is more likely that the September 7 put volume caused the September 9 newsletter recommendation than it is that the newsletter caused the September 10 put buying.

The more likely explanation is that the entire sequence from September 6 through 10 was a signal amplification caused by a small initial insider trade. To isolate a single event like the newsletter and give it explanatory power without reference to prior events is poor forensic technique. It is better to take a step back and look at the big picture, to separate signal and noise.

Insider traders and those piggybacking are notorious for retaining research reports to support their activities in case the SEC comes calling. SEC after-the-fact inquiries are routine whenever the SEC identifies suspicious trading related to a market-moving event. Waving a research report at SEC investigators is a standard technique to make them go away. Stock trading criminals have gone so far as to prepare their own research reports for the sole purpose of having a cover story in case their insider trading is ever questioned. Given this well-known technique for foiling investigations, it is unfortunate that the 9/11 Commission Report gave weight to a single newsletter.

Viewed through the lens of signal amplification, the 9/11 Commission’s “large buyer theory” and the “newsletter theory” contained in footnote 130 are more consistent with terrorist trading than a refutation. Moreover, these theories never address the put buying in United Airlines on September 7 and the other suspicious trades.

It is important to disassociate this insider trading analysis from the so-called 9/11 Truth Movement, a collective name for groups and individuals who assert conspiracy theories related to the 9/11 attacks. Many of these theorists claim that agencies and officials of the U.S. government were involved in planning the attacks and that the twin towers collapsed from prepositioned explosives and not from the impact of the hijacked planes. This nonsense is a disservice to the memory of those killed or injured in the attack and in subsequent military responses. The hard evidence that the attacks were planned and executed by Al Qaeda is irrefutable. The 9/11 Commission Report is a monumental and excellent summary, a brilliant work of history despite the inevitable flaws that arise in such a wide-ranging effort. Furthermore, there is nothing inconsistent between the widely accepted narrative of 9/11 and terrorist insider trading. Given the magnitude of the attack and the imperatives of human nature, such trading should have been expected. The statistical, behavioral, and anecdotal evidence for insider trading are overwhelming.

Terrorist insider trading was not a U.S. government plot but a simple extension of the main terrorist plot. It was despicable yet, in the end, banal. Small-time terrorist associates could not resist betting on a sure thing, and signal amplification took care of the rest. Still, the signal was not hidden. On trading screens all over the world, evidence of the coming attacks was visible by watching options trading in American and United Airlines.

In the chilling words of CIA director George Tenet, “The system was blinking red.”

■ Project Prophesy

If the 9/11 Commission was finished with the topic of terrorist insider trading, one government agency was still willing—though initially ill equipped—to dig deeper.

The Central Intelligence Agency had been mobilized before 9/11, based on the volume of reporting that indicated a spectacular attack might be in the works. A body of intelligence concerning reports of unusual trading in airline and other stocks in the days before the attack came to the CIA’s attention immediately after 9/11. But it had a problem pursuing those leads because it had almost no expertise in capital markets and options trading.

This gap in intelligence capabilities at the time is not surprising. Prior to globalization, capital markets were not part of the national security arena. Markets were mostly local, controlled by national champions in each country. Some banks, such as Citibank, were international, but they conducted traditional lending businesses and were not involved in stock trading. The CIA did not have capital markets expertise because it had not been required during the Cold War; markets were not part of the battlespace.

As a result, when reports of possible terrorist insider trading rolled in after 9/11, practically no one at the agency had the experience necessary to evaluate how it might have occurred and its implications for national security. Fortunately, one senior intelligence analyst understood the implications quite well.

Randy Tauss lives quietly in the upscale Washington, D.C., suburb of McLean, Virginia, not far from CIA headquarters. He retired from the CIA in 2008 after a thirty-seven-year career, mostly in the agency’s Directorate of Intelligence, the analytic branch. He is a brilliant physicist and mathematician who won numerous medals from the agency for his technical and deductive work. Although most of his work involved complex weapons systems, he won fame both inside and outside the agency for his role in solving the mystery of the 1996 midair explosion of TWA Flight 800.

Tauss had another avocation, one not required in his day job but to which he applied the same passion he showed while working with weapons and technology. He was an avid stock and options trader who used his mathematics skills to look for small anomalies in options prices that could be traded to advantage in his personal accounts. He pursued this options trading with such vigor and over such a long period of time that he was almost as well known for it among his colleagues as he was for his intelligence analyses. When the story of insider trading surfaced in the aftermath of 9/11, it was no surprise that Tauss’s name came to the attention of CIA senior management.

In October 2001, just weeks after the attacks, the CIA’s Office of Terrorism Analysis asked Tauss to serve as director of a project to consider whether terrorists might use advance knowledge of their actions to profit in financial markets, and whether the intelligence community could identify such efforts and possibly thwart the attack. Thus began one of the longest and most unusual analytic projects in CIA history.

The effort was dubbed “Project Prophesy.” By the time the project wound down in 2004, almost two hundred finance professionals—including stock exchange executives, hedge fund managers, Nobel Prize winners, and floor traders, along with technologists and systems analysts—would be tapped to contribute their time and effort. Tauss led a massive undertaking that simultaneously modeled the mind of the terrorist and the mind of the Wall Street trader. He found that the two domains had more than a few things in common.

Project Prophesy was formally launched in April 2002, and the core team assembled by the end of May. The first task was to create a threat board of potential targets for terrorist attacks and link those targets to publicly traded stocks that might provide advance warning through unusual price activity. These stocks included a broad list of airlines, cruise lines, utilities, theme parks, and other companies with symbolically important assets.

By early 2003, the Prophesy team led by Tauss had reached out to Wall Street and other government agencies and assembled teams to participate in targeted panels to flesh out the practical details of Tauss’s theory. It was widely assumed that terrorists would strike again in some spectacular way. Would there be information leakage? Would a terrorist associate engage in insider trading? Could this trading be detected so as to identify the trader and his target? Would there be time to react and stop the attack? These were the problems Prophesy set out to solve.

My involvement with Project Prophesy began at the mountaintop Kaiser estate on the island of St. Croix, a site exotic enough to make the final cut of a James Bond film. The estate is a complex of three mansions connected by private roads on Recovery Hill overlooking the town of Christiansted on the north shore of the island. The centerpiece of the complex is the White House, a sprawling, multitiered, bleach-white International Style home with a large outdoor pool trimmed with the obligatory steel-post-and-Kevlar tenting reminiscent of the Denver Airport.

I was there in the winter of 2003 for a private gathering of top financiers from the institutional, hedge fund, and private equity worlds to discuss the next big thing in alternative investing—a project to blend hedge fund and private equity strategies to optimize risk-adjusted returns.

As typically happens at such gatherings, there was downtime for drinks and getting to know the other guests. During one such break, I chatted with the head of one of the largest institutional portfolios in the world. He asked me about my career, and I recounted my early days at Citibank on assignment in Karachi.

That had been in the 1980s, not long after the shah of Iran had been deposed in the Iranian Revolution. Grand Ayatollah Khomeini became Supreme Leader and declared Iran to be an Islamic Republic guided by principles of sharia or Islamic law. This shift in Iranian governance placed pressure on Pakistan to burnish its own Islamic credentials. Pakistani president Zia-ul-Haq issued religious ordinances, including one that prohibited banks from charging interest on loans, something forbidden by sharia.

Citibank had major operations in Pakistan. The idea of running the bank there without charging interest came as a shock to management. I was assigned to become expert in sharia and assist in the conversion of Citibank’s operations from Western banking to Islamic banking.

I arrived in Karachi in February 1982 and went to work. Citibank’s country head, Shaukat Aziz, later prime minister of Pakistan, would occasionally pick me up at my hotel. In monsoon season, we would barrel through flooded Karachi streets choked with ubiquitous decorated buses and three-wheeled jitneys, speeding past vendors spitting bright red betel nuts they chewed for a buzz.

As I told these tales to the fund manager, I noticed his face became taut and his stare serious. He motioned me to a corner of the deck away from the other guests. He leaned forward and said sotto voce, “Look, it seems you know a lot about Islamic finance and you know your way around Pakistan.” My local knowledge was a little rusty since these things had happened decades before; still, I replied, “Yeah, I worked hard at that. I know Islamic banking.”

He leaned in and said, “I’m helping the CIA on a project related to terrorist finance. They don’t have much expertise, and they’re doing some outreach. They’ve asked me to source whatever talent I can. If someone from the agency contacted you, would you take the call?” I said yes.

For those too young to recall 9/11 and the aftermath, it is difficult to describe the mix of anger and patriotic fervor that gripped the nation, especially in the New York area, where many people lost friends or family members or knew someone who did. We all asked ourselves how we could help. The only advice we got from Washington was “get down to Disney World… take your families and enjoy life.” Here was the chance for me to do more than go shopping.

A few days later the phone rang in my New York office. The caller introduced himself as part of the CIA’s Office of Transnational Issues in the Directorate of Intelligence. He asked if I would be willing to join a team looking at aspects of terrorist finance, specifically insider trading ahead of major terrorist attacks. He would send me a letter outlining the scope of the project. I agreed, the letter was soon received, and by the early summer of 2003, I was on my way to CIA headquarters to meet the rest of the Project Prophesy team.

Joining a project in midstream is never easy, because the rhythm and culture of the team are already established. But I fit right in because I had been on Wall Street longer than many of the volunteers and had more international experience than all but a few. Within months I became a co–project manager under Tauss’s direction.

My first contribution was to point out that the CIA’s objective was already being pursued every day by hedge funds, but for a different reason. The CIA was trying to spot terrorist traders, while hedge funds were trying to spot unannounced takeovers. But the big-data techniques applied to trading patterns were the same.

Spotting suspicious trading is a three-step process. Step one is to establish a baseline for normal trading, using metrics like volatility, average daily volume, put-call ratios, short interest, and momentum. Step two is to monitor trading and spot anomalies relative to the baseline. Step three is to see if there is any public information to explain the move. If a stock spikes because Warren Buffett bought a large position, that’s not an anomaly; it is to be expected. The intriguing case is when a stock spikes on no news. The logical inference is that someone knows something you don’t. A hedge fund might not care about the origin of the hidden information—it can just piggyback on the trade. For the CIA, the observation became a clue. And the stakes were higher.

Like any development project, Prophesy had its geek squad of programmers and systems administrators to design protocols for security, interconnectivity, and the user interface. The team combined the joy of a Silicon Valley garage start-up with the can-do culture of the CIA in a unique effort to preempt terrorism using the same information that viewers see every day on Bloomberg TV.

The climax of Project Prophesy was a red team exercise in September 2003. Red teaming is a classic way of testing hypotheses and models by recruiting a group of experts as the “enemy,” then asking them to role-play scenarios designed to expose flaws in the original assumptions.

Our red team membership was like a Pro Bowl squad, with all-star traders from the biggest banks, hedge funds, and institutional investors in the world along with some noted academics. In addition to John Mulheren, the team included Steve Levitt, a professor at the University of Chicago and an author of Freakonomics; Dave “Davos” Nolan, a hedge fund billionaire; and senior figures from Morgan Stanley, Deutsche Bank, and Goldman Sachs. In the somber days after 9/11, it was inspiring to see the private sector respond to requests for help. Hundreds of calls went out for expert advice, and no one ever refused. There was an awkward moment when one Wall Street CEO asked if he could travel to the CIA by private helicopter and land on the grounds at Langley, but he was politely informed this would not be possible.

The red team was given a terror scenario and asked to think like terrorists and devise a way to trade on the inside information. We wanted to anticipate which markets they would trade in, how long before the attack they would execute the trades, the size they would trade, and how they planned to get away with the money. All this real-world expertise would be lined up against the theoretical results of Project Prophesy to see if we were on the right track and whether our proposed systems could catch what our designated bad guys were actually plotting.

The assignments and plans were handled individually outside the agency like a take-home exam. The results were debriefed in a group session at CIA headquarters on a crisp day in late September 2003. The debriefing lasted all day. The investment mavens relished their chance to be bad guys and attack our models and assumptions.

The most out-of-the-box approach came from John Mulheren. He said he would not trade before the attack but would wait until the moment of the attack and begin his insider trading after. He knew markets can be slow to react and that breaking news is often misreported or sketchy. This produces a window of thirty minutes or so after the attack when the terrorist could engage in insider trading while markets struggled to comprehend events taking place around them. The beauty of trading after the attack was there would be no telltale tape. Authorities might not even investigate that part of the time line. This approach closely mirrored what Mulheren had actually done on 9/11, as he later told us.

Notwithstanding such creativity, the actions of the red team “terrorists” tended to confirm the Prophesy team’s own thinking regarding how real terrorists would behave. We had modeled terrorist trading from start to finish, anticipating that the insider traders would be not the terrorists themselves but rather members of the terrorist social network. We also concluded the insider trade was likely to be executed in the options market less than seventy-two hours before the attack to minimize risk of detection.

We conceived an alarm system, too, compiling a list of the four hundred most likely target stocks. Baseline stock behavior was programmed so that anomalies were well defined. We created an automated threat board interface that broke the markets into sectors and displayed tickers with red, amber, and green lights, indicating the probability of insider trading. The system was complete, from the terrorist order entry to agents breaking down the terrorist’s door with a warrant in hand.

By late 2003, we were nearing the end of the strategic study. It was a bit melancholy because our Wall Street brain trust would be breaking up. Due to the number of people involved and the degree of talent, it seemed unlikely there would be any such group assembling at the CIA for some time to come. The complete records of the red team exercise were compiled and added to our main Project Prophesy archives.

Our job wasn’t quite finished, as by early 2004, Project Prophesy was ready to build a prototype watch center. When integrated with other classified sources, the system, ideally, would have the capability of interpreting, say, a scrap of pocket litter picked up from a suspected terrorist in Pakistan. The words cruise ship scrawled on it would be integrated with a red signal from the watch center on a public company such as Carnival Cruise Lines to bolster the case for a planned attack on a Carnival vessel. Either clue is revealing, but the combination is exponentially more telling.

We found our project’s angel investor in one of the more unusual corners of the CIA’s universe. A firm called In-Q-Tel had been organized in 1999 to allow the CIA to tap into cutting-edge technology incubated in start-ups in Silicon Valley. There’s no faster way to be on the inside of innovation than to show up with a checkbook ready to back the next big thing. In-Q-Tel was conceived as an independent, early-stage venture capital firm—which just happened to be funded by the CIA.

■ MARKINT

With In-Q-Tel funding a scaled-down team, Project Prophesy formally ended, and our group launched into a new phase called MARKINT, for market intelligence. This was a new branch of intelligence gathering to go along with human intelligence (HUMINT), signals intelligence (SIGINT), and a short list of other -INTs. MARKINT was a new milestone in the long history of intelligence collections.

Over the course of 2004 and 2005, the team refined its behavioral models and created the code and network needed for a working prototype. In addition to the CIA’s Randy Tauss, our partners were Lenny Raymond, a visionary technologist, and Chris Ray, a brilliant applied mathematician and causal inference theorist.

My role was to provide the market expertise, behavioral modeling, and target selection. Chris designed the algorithms and the signal engine. Lenny would weave it all together with a cool user interface. Randy ran the traps inside the agency and made sure we got funding and support. Together we had our own capital markets skunk works, after the famous black site in California where highly classified spy planes were designed and built. By early 2006, the system was running, and signals started coming in.

The system performed beyond our expectations. We routinely picked up signals that indicated insider trading. These signals were from regular market players; there was nothing yet to indicate that the insider trading was terror related. Our project had no legal enforcement powers, so we simply referred these cases to the SEC and otherwise ignored them. We called this our catch-and-release policy. We were hunting terrorists and would leave ordinary Wall Street crooks to others.

On Monday, August 7, 2006, the system flashed red on American Airlines at the open of trading. A red light was a way to spot a signal in a sea of sectors on the threat board. The metrics behind the signal showed this one was extremely powerful, something like an 8.0 earthquake on the Richter scale. A quick scan of the news showed absolutely nothing on American Airlines. There was no reason for the stock to behave the way it was—a sure sign of insider trading on news not yet public.

Chris Ray was operating the signal engine that day and sent me an e-mail that said, “There’s a possible terrorist-related event today. We did get a red signal on the open in AMR (American Airlines).” Chris and I were careful to document and time-stamp the signals and analyses in real time. We both knew that if a terror event occurred, it would not be very credible to look at the tape in hindsight and find something suggestive. We wanted to see things in advance and record them to prove the value of the signal engine.

As it was, the day came and went, and the day after that, and there was no news of any terrorist threat. The signal started to look like a false positive.

On the third day after the signal, Thursday, August 10, I was writing in my library at two a.m., not an unusual hour for me to work. A small television on a bookshelf a few feet from my desk was tuned to CNN with the sound muted. I glanced over and noticed a breaking news scroll across the bottom of the screen, together with images of London bobbies taking suspects into detention and exiting buildings with boxes of documents and computers. The scroll said that a terrorist plot to blow up airplanes was being taken down by New Scotland Yard.

I quickly turned up the sound to take in the few details that were available. It was daylight in London, and the takedown of the planes operation had been proceeding for some time and was now being widely reported. It became apparent that the plot involved transatlantic airlines flying from London to the United States and targeted those with the most American citizens likely to be aboard. American Airlines was a prime target, although apparently a large number of planes had been threatened.

I knew Chris was a night owl like me, and despite the hour, I called her at home. She was awake. “Chris,” I quickly said, “turn on your TV—you won’t believe what’s going on.” She did and grasped the significance immediately. A terrorist plot to bomb American Airlines was being broken up less than seventy-two hours after we had detected the insider trading on AMR shares. Making it all the more spooky, we realized that the plot was unfolding in exactly the time frame that our behavioral modeling had estimated.

Of course, our signal had had nothing to do with foiling the plot. British intelligence agencies MI5 and MI6, with help from the CIA and the ISI, the Pakistani intelligence service, had had the plot under surveillance for months. President Bush was briefed on the plot at his ranch in Crawford, Texas, on August 5. On August 9 the plot mastermind, Rashid Rauf, was arrested in Pakistan. Rauf escaped prison in 2007 and was believed killed in a 2008 CIA drone attack, although reports of his death are disputed by some to this day.

The terrorists sent an encrypted “go” signal to commence the operation on August 6. This message was intercepted by MI6 and relayed to Eliza Manningham-Buller, the head of MI5. It was this go signal that led MI5 and New Scotland Yard to commence the arrests we watched on CNN on August 10.

Just as Chris and I did not know of plot details in advance, the plotters did not know they were about to be arrested. Instead, one of the terrorist associates in the London social network woke up on Monday, August 7, and started the trading in American Airlines that snowballed into the highly unusual pattern that had triggered the red light on our threat board. Someone had been betting on a sure thing, exactly as our behavioral modeling had predicted.

The fact that our signal engine had generated a warning, loud and clear and ahead of the U.K. planes plot, soon attracted attention from the highest levels of the U.S. intelligence community. On February 2, 2007, I received an e-mail from Randy Tauss saying the CIA’s executive director, Mike Morell, wanted to see Chris and me to discuss the signal engine and the status of MARKINT. The meeting would take place on February 14, which gave us time to prepare the briefing.

Morell had been with the CIA since 1980 and had a storied career. He was most famous for having been at George Bush’s side during 9/11 as the president hopped around the country in Air Force One while Dick Cheney, George Tenet, and others manned the command centers in Washington and Langley. Morell was also with President Obama in May 2011 monitoring the operation that killed Osama bin Laden. He twice served as acting director of Central Intelligence, including a stint after the abrupt resignation of David Petraeus in 2012, before retiring from the agency in 2013.

At the time of our meeting in 2007, Morell reported to Director Michael Hayden. Other senior intelligence officials had been invited to join our MARKINT briefing in Morell’s office. This would be the highest-ranking audience the project had ever received.

Randy’s e-mail also noted that someone from the CIA general counsel’s office would attend. There was no doubt that our project had legal issues, including privacy concerns, and full implementation would require coordination with the FBI, since the CIA was not a domestic law enforcement agency. We had spent an enormous amount of time on these issues and knew how sensitive they were. Still, it was not obvious why Morell wanted his lawyers on hand for a preliminary briefing on a new counterterrorist system.

Morell’s office was capacious by CIA standards, with bright windows, a large desk near the back wall, and a meeting table just inside the door. A ubiquitous feature of Washington offices is framed photographs of the occupant together with powerful figures. Morell had his, but these were different. Instead of the typical two-shot taken at a name-tag event, Morell had large, somber black-and-white photos of himself in the Oval Office with the president leaning over documents in intense discussion, possibly taken during the President’s Daily Brief, in which the most sensitive and highly classified information in the world is imparted. If these were meant to impress the visitor, they worked.

Chris, Randy, and I took our seats at the meeting table. The other senior officials were already there, and Morell got up from his desk to join the group. The atmosphere was cordial but businesslike, even intense. Chris and Randy briefed the group on the history of Project Prophesy and the signal engine capabilities. As the only lawyer on the MARKINT team, my job was to summarize the legal authority for our efforts and the privacy safeguards in place.

A few minutes into my presentation, the agency’s counsel interrupted and said, “Look, we’re concerned about what you guys are doing. You’re going through trading records and making referrals to the SEC. CIA is not a law enforcement agency. We’re not comfortable with that.”

I countered that we did not use individual trading records but relied entirely on open-source market price feeds available to everyone; I told them it was not much different than watching TV. As for the SEC referrals, I said we were just being responsible citizens and could stop completely if the agency wanted. The SEC was building similar systems of its own and would not depend on us in the future anyway. Counsel’s concerns seemed like red herrings.

Then Morell leaned forward. “What we’re concerned about here is perception,” he said. “You guys may be doing everything right, but The New York Times could spin this as ‘CIA trolls through Americans’ 401(k)’s.’ That is not a risk we should take right now.”

Morell’s concern was far from imaginary. The New York Times had already compromised national security by revealing intelligence community access to banking transactions in the SWIFT payments system in Belgium. SWIFT is the nerve center of international banking and had been a rich source of information about terrorist finance. The Times story had sent terrorist financiers underground to word-of-mouth networks called hawala and phony front companies.

The CIA was also in the midst of a news frenzy about enhanced interrogation techniques such as waterboarding. The last thing it needed was another media black eye, even if our program was effective and legal.

In fact, Morell’s instincts proved prophetic. On November 14, 2013, The Wall Street Journal actually did run a headline that said “CIA’s Financial Spying Bags Data on Americans.” But coming as it did in the midst of a wave of similar revelations by defector Edward Snowden, this disclosure went almost unnoticed.

I told Morell that we would end our SEC referrals, and I offered to provide him with the technical specifications needed to assure the agency that the information we used was open source and involved no individuals. He thanked me, and with that the meeting was over. Only later did I realize that MARKINT, at least as far as the CIA was concerned, had just become a dead letter.

Near the beginning of Project Prophesy, I remarked to Randy Tauss that the team was doing extraordinary work and a counterterrorist system that could prevent spectacular attacks seemed within reach. Randy, the thirty-three-year veteran, smiled and said, “Jim, let me tell you how things work around here. We’ll do a great job, and this thing will work like a charm. Then it will go nowhere and be put on a shelf. One day there will be a spectacular attack, and it will be apparent there was advance insider trading. The agency will pull our work from the shelf, dust it off, and say, ‘See, we have the solution right here. We have a system that can detect this next time.’ That system will get millions in funding and be built the way we wanted. But it will be too late to save lives in the next attack.”

Sadly, Randy’s words proved prescient. Sure enough, MARKINT was put on the shelf. But we still felt that the signal engine had a valuable role to play, even without the CIA as a home. If the civilian agencies had scant interest, we still had one friend at court—the Department of Defense. The Pentagon had the greatest resources, the fewest operational constraints, and the most forward-leaning mind-set. The ranks of senior military officers are filled with engineers, Ph.D.’s, and many more experts with graduate-level degrees in history, languages, and strategy. After all, this is the branch of government that can claim credit for the Defense Advance Research Projects Agency (DARPA), which invented the systems that led to the Internet and World Wide Web.

As it happened, our contacts with the Pentagon developed in 2007 and 2008 at exactly the time the civilian intelligence community was backing away from our efforts. But to grow this relationship, MARKINT itself had to evolve. Chris Ray and I were aware, from the early stages, that MARKINT was not just a counterterrorist tool. If it could detect terrorist footprints in capital markets, why couldn’t it also be deployed to monitor the marketplace actions of dictators, strategic rivals, and other state actors? All we needed to do was calibrate the signal engine to focus on specially tailored target sets of securities.

With this broader mission in mind, Chris and I began looking for other phenomena besides insider stock trading. One that we identified was Venezuela’s conversion of its dollar reserves into gold; it presaged Hugo Chávez’s war on the dollar and his later demand that Venezuela’s gold be repatriated from vaults in London.

We got a chance to show our system to a military audience in December 2007, when we presented the MARKINT signal engine to the U.S. Strategic Command (STRATCOM) in Omaha, Nebraska. Participants at that meeting included civilian scientists in addition to uniformed military. We demonstrated how the system could be used for early warning of attacks on the U.S. dollar and on efforts to crash U.S. markets.

Suddenly the technology was seen in a new light. We weren’t alone, of course, but we were seeing the future of warfare: not wars with kinetic weapons, but wars fought on an unrestricted battlefield that included chemical and biological weapons, cyberweapons, and in our case, financial weapons.

It was becoming apparent to the Pentagon that U.S. dominance in conventional air, land, and sea battle had caused our rivals to seek new ways to confront us. Future wars would be fought in an expanded battlespace that included stocks, bonds, currencies, commodities, and derivatives. Our signal engine was the perfect early warning device.

Remember the truism No one trades alone. For every buyer, there is a seller. If one side of a trade is a threat to national security, it leaves a trace that the enemy did not intend. The enemy trader is like a fish swimming in the water; it leaves ripples. Even if the fish is invisible, the ripples can be seen, and the presence of the fish inferred. The forward-thinkers at that meeting in Omaha recognized that our signal engine could detect the ripples, that we had devised the perfect early warning device.

MARKINT would have a future after all. It would be not the narrow counterterrorist tool we had set out to create, but rather a broad-based system, a sort of radar for the marketplace that was designed to detect incoming financial threats. MARKINT had grown up. Our team and technology had now entered the new, larger arena of financial war.

■ Future War

One purpose of war is to degrade the enemy’s will and economic capacity. Surprising as it may sound, wealth destruction through a market attack can be more effective than sinking enemy ships, when it comes to disabling an opponent. Financial war is the future of warfare, and no one works harder to see the future than senior Defense Department official Andy Marshall.

Seated at a table in a secure Pentagon conference room on a rainy fall morning in September 2012, Marshall moved forward in his chair. Around the table were three prominent investment managers, three SEC officials, and several think-tank experts, along with members of Marshall’s staff. Our carefully selected group was there to discuss financial war.

“That’s interesting,” Marshall said. What prompted his comment, after an hour of complete silence on his part, was our discussion of China’s stockpiling of gold and its possible use as a financial weapon in undermining the dollar’s exchange value.

Andy Marshall is called “Mr. Marshall” even by associates as a sign of respect, and at ninety-two years of age, he has earned the deference. His official title is Director of the Office of Net Assessment in the Office of the Secretary of Defense. Unofficially he is the Pentagon’s chief futurist, the man responsible for looking over the horizon and assessing threats to U.S. national security long before others even know they exist. Marshall has held this position since 1973, through eight presidential administrations.

His involvement in national security strategy goes back even further, to 1949, when he joined the RAND Corporation, the original think tank. The list of his former associates and protégés includes Herman Kahn, James Schlesinger, Don Rumsfeld, Dick Cheney, Paul Wolfowitz, and other giants of national security policy over eight decades. Only the late Paul Nitze is comparable to Marshall in terms of the depth and breadth of his influence on strategic affairs in the period since World War II.

If Marshall is less known to the general public than the figures to whom he is compared, that is quite by design. He almost never gives interviews or speeches; nor does he appear in public, and his writings are mostly classified. In a meeting, he has a sphinxlike demeanor, listening for long periods in complete silence, occasionally uttering a few words that show he has absorbed everything and is now thinking three moves ahead.

While most Americans have not heard of Andy Marshall, the Chinese military have. Marshall was a leading theorist of the late twentieth-century “revolution in military affairs” or RMA, which presaged radical changes in weaponry and strategy based on massive computing power. Precision-guided munitions, cruise missiles, and drones are all part of RMA. People’s Liberation Army general Chen Zhou, the principal author of several recent Chinese strategic white papers, told The Economist, “We studied RMA exhaustively. Our great hero was Andy Marshall in the Pentagon…. We translated every word he wrote.”

Marshall is no stranger to potential confrontation with China. In fact, he is the principal architect of the main U.S. battle plan for war with China in the western Pacific. This classified plan, called “Air-Sea Battle,” involves blinding China’s surveillance capabilities and precision missiles, followed up with massive air power and naval attacks.

On this occasion, Marshall was not being briefed on kinetic weapons or air-sea tactics. He was hearing about sovereign wealth funds, stealth gold acquisition, and potential threats to national security caused by U.S. Federal Reserve policy.

China has over $3 trillion of investments denominated in U.S. dollars, and every 10 percent devaluation in the dollar engineered by the Fed represents a $300 billion real wealth transfer from China to the United States. It is not clear how long China will tolerate this raid on its accumulated wealth. If China were not able to defeat the United States in the air or on the sea, it could attack through capital markets.

The threats discussed with Andy Marshall that day were entirely consistent with Chinese military doctrine. Unrestricted warfare doctrine, including financial war and cyberwarfare, has roots as far back as 1995. That year Major General Wang Pufeng, former director of strategy at Beijing’s Military Science Academy, published a paper called “The Challenge of Information Warfare.” After paying tribute to Andy Marshall in the paper’s opening lines, Wang went on to write:

The People’s Liberation Army of China made this doctrine even more explicit in a 1999 book entitled Unrestricted Warfare. Unrestricted warfare tactics include numerous ways of attacking an enemy without using kinetic weapons such as missiles, bombs, or torpedoes. Such tactics include the use of weapons of mass destruction that disperse biological, chemical, or radiological elements to cause civilian casualties, and terrorize populations. Other examples of unrestricted warfare include cyberattacks that can ground aviation, open floodgates, cause blackouts, and shut down the Internet.

Recently, financial attacks have been added to the list of asymmetric threats first articulated by Wang and others. Unrestricted Warfare spells this out in a chapter called “The War God’s Face Has Become Indistinct.” It was written not long after the 1997 Asian financial crisis, which cascaded into the global financial panic of 1998. Much of the distress in Asia was caused by Western bankers suddenly pulling hot money out of banks in emerging Asian markets; the distress was compounded by bad economic advice from the Western-dominated IMF. From an Asian perspective, the entire debacle looked like a Western plot to destabilize their economies. The instability was real enough, with riots and bloodshed from Indonesia to South Korea. The ill will escalated to the point of name-calling between Malaysian prime minister Mahathir Mohamad and hedge fund maven George Soros in an infamous confrontation at the IMF annual meeting in Hong Kong in September 1997.

The Chinese were less affected than other Asian nations by the panic, but they studied the situation and began to see how banks, working in conjunction with the IMF, could undermine civil society and possibly force regime change. One of their responses to the crisis was to accumulate massive dollar reserves so they would not be vulnerable to a sudden “run on the bank” by Western lenders. The other response was to develop a doctrine of financial war. The lessons of the 1997–98 crisis were summarized by two Chinese military leaders in a passage both poetic and prophetic:

The Chinese are ahead of us: their doctrine of strategic financial warfare emerged in 1999 in response to the 1997 Asian financial shock. In comparison, U.S. thinking about financial warfare did not take recognizable shape until ten years later, in 2009, in response to an even bigger shock, the global financial panic of 2008. By 2012, both China and the United States had engaged in extensive efforts to develop strategic and tactical financial warfare doctrines. It was in this context that our group was summoned to brief Andy Marshall and his team on the emerging threat.

Financial warfare has both offensive and defensive aspects. Offense includes malicious attacks on an enemy’s financial markets designed to disrupt trading and destroy wealth. Defense involves early detection of an attack and rapid response, such as closing markets or interdicting enemy message traffic. Offense can consist of either first-strike disruption or second-strike retaliation. In game theory, offense and defense converge, since second-strike retaliation can be sufficiently destructive to deter first-strike attacks. This line of reasoning was the same doctrine Andy Marshall helped develop in nuclear-war-fighting scenarios during the Cold War in the early 1960s. The doctrine was called Mutual Assured Destruction (MAD). Now a new doctrine of Mutual Assured Financial Destruction was emerging. To Andy Marshall, financial weapons were new, but deterrence theory was not.

The distinction between offensive and defensive capabilities in financial warfare is not the only dichotomy. There is also a distinction between physical targets, such as exchange computers, and virtual targets, such as business relationships. Virtual targets involve business conduct based on trust. A seemingly honest entity can gain trust through patient, repetitive trading, then suddenly abuse that trust by flooding a trading system with malicious, manipulative orders.

Physical targets consist of a vast network of servers, switches, fiber-optic cable, and other message traffic channels, as well as the exchange premises themselves. It is not difficult for exchange engineers or enemies to see that disrupting one link in this electronic chain through sabotage or hacking can cause chaos and force a market closure, at least temporarily. More extensive attacks can shut down markets for weeks or even months, depending on the extent of the disruption.

The financial meltdown in 2008 was not an act of financial warfare, but it did demonstrate to U.S. officials the complexity and vulnerability of the global financial system. Approximately $60 trillion of wealth was destroyed from the peak in October 2007 to the trough in March 2009. If such a catastrophe could be caused by instruments as innocuous as mortgages, imagine how much more harm could be caused by malicious market manipulation orchestrated by experts who knew exactly how the system behaved.

Thanks to Marshall and others, there’s a growing awareness that a well-orchestrated cyberfinancial attack could be as disruptive as any traditional military assault.

■ The Enemy Hedge Fund Scenario

A hedge fund is the perfect cover for an intelligence operation. A malicious trader does not have to destroy a system physically in order to carry out an attack. If an enemy trader sets up a legal entity such as a hedge fund, it can open accounts with major clearing brokers and commence a pattern of ordinary trading. This trading can continue for years as the entity becomes a sleeper cell in the capital markets. In time, clearing brokers come to see the entity as a prime customer generating huge commissions, and they grant it larger lines of credit.

Hedge funds are also classic intelligence-gathering operations that seek information advantage on a continual basis. The tradecraft that intelligence agencies and hedge funds use to gather information is similar. Attending high-level professional conferences is one way to build an expert network and tap into confidential information about new products and inventions. Investing in a company gives the investor access to management. Both fund traders and intelligence agents seek such access. For hedge funds, the purpose is to acquire a trading advantage, such as an early look at a new product that will affect stock prices. For intelligence services, the purpose is to keep ahead of technological developments that will affect the relative economic power of rival states.

The hedge fund sleeper could build close relationships with many brokers around the world so that its buying power was hundreds of times its capital, once all credit lines and the notional value of derivatives were taken into account. On orders from an enemy financial command, the fund network could turn malicious. Orders to sell specific stocks such as Apple, Google, or other widely held names could come flooding in and overwhelm the market makers and buyers. A price decline could start out slowly and gather momentum until it turns into a full-fledged market panic. Circuit breakers could be tripped, but the selling pressure would not abate. Business TV channels would pick up the story, and the panic would spread.

For the enemy traders, there is no tomorrow. They are not worried about paying for their trades in a few days or in the repercussions of mark-to-market losses. Their capital might even be on its way back to banks in Beijing or Moscow, unbeknown to the clearing brokers now handling the orders. Capital markets have certain safeguards against overnight credit risk, but no effective safeguards have ever been devised to insure against losses that arise during the course of a single day. Chinese or Russian covert hedge funds could exploit this weakness while abusing trust and credit built up over years.

The malicious attack need not be confined to cash markets. While the attackers are selling stocks, they could buy put options or short the stock in a dealer swap to add selling pressure. The malicious customer becomes like a virus infecting the dealer’s trading desk, forcing it to add to the mayhem.

Another force multiplier is to begin the attack on a day when markets are already crashing for unrelated reasons. Attackers could wait for a day when major stock indexes are already down 2 percent, then launch the attack in an effort to push markets down 20 percent or more. This might produce a crash comparable to the great two-day crash of 1929, which marked the beginning of the Great Depression.

Financial attackers can also utilize psychological operations, psyops, to increase the attack’s effectiveness. This involves issuing false news stories and starting rumors. Stories that a Fed chairman has been kidnapped or that a prominent financier has suffered a heart attack would be effective. Stories that a top-tier bank has closed its doors or that a hedge fund manager has committed suicide would suffice. These would be followed by stories that major exchanges are having “technical difficulties” and sell orders are not being processed, leaving customers with massive losses. For verisimilitude, stories would be crafted to mimic events that have actually happened in recent years. Mainstream media would echo the stories, and the panic-inducing scenarios would be widespread.

The New York Stock Exchange and the SEC claim they have safeguards designed to prevent this kind of runaway trading. But those safeguards are designed to slow down rational traders who are trying to make money and may be temporarily irrational. They involve time-outs for the markets to allow traders to comprehend the situation and begin to see bargains they might buy. They also involve margin calls designed to cover mark-to-market losses and give the brokers a cushion against customers who default.

Those mitigation techniques do not stop the financial warrior, because he is not looking for bargains or profits. The attacker can use the time-out to pile on additional sell orders in a second wave of attacks. Also, these safety techniques rely heavily on actual performance by the affected parties. When a margin call is made, it applies the brakes to a legitimate trader due to the need to provide cash. But the malicious trader would ignore the margin call and continue trading. For the malicious trader, there is no day of reckoning. The fact that the enemy might be discovered later is also no deterrent. The United States knew the Japanese bombed Pearl Harbor after the attack, but it didn’t see the attack coming until its battleships were sunk or in flames.

A clearing broker could close out the malicious account to prevent more trading, but that moves the open positions from the hedge funds to the brokers. In such circumstances, many brokers would fail, and the cascade of failure would ripple through the financial system and render the clearinghouses insolvent. The entire hierarchy of exchanges, clearinghouses, brokers, and customers could be pushed to the brink of collapse.

Sleeper hedge funds can serve another insidious purpose, acting as intelligence-gathering operations years in advance of an attack. Intelligence analysts today need more than state secrets. Economic intelligence—including plans for natural resource projects, energy discoveries, pipeline routes, and other initiatives—is just as valuable. This information can impact commodity markets, financial stability, economic growth, and the allocation of resources by both the private and the government sectors. Such intelligence is not always known to government officials, but is known to CEOs, engineers, and developers throughout the private sector.

Once a covert hedge fund acquires a material position in a target company, it can arrange to meet that company’s management. Access to management is especially easy at small to medium-size companies that receive less attention from brokerage research departments. Companies like this are often on the cutting edge of new designs in satellites, 3-D applications, and digital imaging. Access is the key. Savvy investors pick up winks and nods and interpret hints to infer the timing and nature of the latest developments. This can continue for years as the covert hedge fund patiently builds trust, churns the account, gathers information, and spots vulnerabilities. Then, like a scorpion, the fund stings, on orders from its sovereign masters.

Skeptics claim that an intelligence or military covert operation in hedge fund form would be easy to detect because of detailed anti-money-laundering and know-your-customer rules, strictly enforced by the brokers. This objection does not withstand scrutiny. The necessary techniques for operating with cover include front companies, so-called cutouts, secret agents, cover stories, and entities layered on top of each other so that the unwitting points of contact cannot see the controlling parties. A covert hedge fund structure involves layers of legal entities in tax-haven countries offering the enemy sponsor a deep cover. Professional assistance is needed from corrupt lawyers or bankers who retain innocent professionals to handle detailed work such as fund administration. Directors are recruited from the advisory companies in offshore jurisdictions that offer administration services to investors. Having innocent parties in the food chain throws counterintelligence agents off the scent.

The covert fund manager would operate in well-appointed quarters in a cosmopolitan center such as Zurich or London. The enemy managers would be highly educated professionals groomed years before by foreign intelligence agencies to perform such tasks, with business degrees from Harvard or Stanford. They would receive experience in large bank training programs at places like Goldman Sachs and HSBC, forming a cadre of sleeper finance professionals who are then given a covert assignment to manage the enemy funds.

Counterintelligence agents might happen upon such sleepers; the interception of targeted communications may reveal something of their doings. But if their operation is structured wisely by the enemy, such hedge fund plotters are almost undetectable by outsiders unless insiders betray them. Then there’s the bigger issue: Is the U.S. national security community on the lookout at all?

■ The World in Financial War

If all this sounds far-fetched, consider that the Chinese—and others—are already perpetrating even subtler forms of financial attack.

In January 2011 The New York Times reported that China had been a net seller of U.S. Treasury securities in 2010 after years of being a net buyer. The Times report found this selling strange because China was still accumulating huge dollar reserves from its trade surpluses and was still buying dollars to manipulate the value of its currency. The implication was that China must still be a large buyer of Treasuries, even though official data showed otherwise. The Times noted that in 2010 Britain had emerged as the world’s largest purchaser of Treasury securities, and it inferred that China had “shifted purchases to accounts managed by British money managers.” In effect, China was using London bankers as a front operation to continue buying U.S. Treasury notes while Beijing officially reported that it was selling.

Another technique China uses to disguise its market intelligence operations was reported on May 20, 2007, in The New York Times when Andrew Ross Sorkin disclosed that the China Investment Corporation (CIC), another sovereign wealth fund, had agreed to purchase $3 billion of stock in Blackstone Group, the powerful and secretive U.S.-based private equity firm.

Blackstone Group was cofounded by former Nixon administration senior official Peter G. Peterson, later chairman of both the Council on Foreign Relations and the Federal Reserve Bank of New York. The other Blackstone cofounder, Stephen A. Schwarzman, is a multibillionaire who became notorious for his sixtieth birthday party held at the New York Park Avenue Armory on February 13, 2007, just a few months before Blackstone’s sale. That party included a thirty-minute performance by Rod Stewart, for which the singer was reportedly paid $1 million. China was now buying its own front-row seat at the Blackstone party, gaining access to top management and the ability to coinvest in pending deals.

In June 2007, shortly before global capital markets began the collapse that culminated in the Panic of 2008, Schwarzman described his deal-making style: “I want war, not a series of skirmishes…. I always think about what will kill off the other bidder.” He was referring to conventional finance; real war was the furthest thing from his mind. Yet he was already a pawn in a financial war greater in scope than his blinkered perspective allowed him to see. Self-styled global citizens like Schwarzman, who treat New York as a pit stop in their travels from Davos to Dalian, may think real war is a thing of the past, even obsolete. Similar views were advanced in the late 1920s, even as events were moving toward the greatest war in history.

Analysts praised the fact that the CIC-Blackstone deal showed that China was willing “to put its vast reserves to work outside of China.” But this emphasis on the outbound money flow ignores the inbound flow of information. It is naïve not to consider that information on America’s most powerful deal machine’s inner workings is being channeled to the political bureaus of the Communist Party of China. The Chinese investment due diligence teams get a look at confidential deal target information, even on deals that do not ultimately get done. The $3 billion sale price may seem like a lot of money to Schwarzman, but it is only one-tenth of one percent of China’s reserves, the equivalent of dropping a dime when you have a hundred-dollar bill. China’s penetration of Schwarzman and Blackstone is a significant step in its advance toward East Asian hegemony and a possible confrontation with the United States. Of course, information channels are a two-way street, and firms such as Blackstone do assist the U.S. intelligence community with insights on Chinese capabilities and intentions.

The United States is not the only potential Chinese financial warfare target. In September 2012 a senior Chinese official, writing in the Communist China Daily, suggested mounting an attack on the Japanese bond market in retaliation for Japanese provocations involving disputed island territories in the East China Sea. On March 10, 2013, China hacked the Reserve Bank of Australia in an effort to obtain intelligence on delicate G20 discussions.

China’s actions in the bond and private equity markets are part of its long-term effort to operate in stealth, infiltrate critical nodes, and acquire valuable corporate information in the process. These financial efforts are proceeding side by side with malicious efforts in cyberspace and attacks on systems that control critical infrastructure, launched by China’s notorious military espionage Unit 61398. These combined efforts will prove useful to China in future confrontations with the United States.

The United States is not supine when it comes to cyberwarfare; in fact, U.S. cybercapabilities probably exceed those of the Chinese. Journalist Matthew Aid reported in 2013 on the most sensitive U.S. cyberoperation of all, inside the National Security Agency:

Spying operations such as TAO are far more sophisticated than the relatively simple sweeps of e-mail and telephone message traffic revealed by Edward Snowden in 2013.

Wall Street is also improving its finance-related cyberabilities. On July 18, 2013, a securities industry trade organization sponsored a financial war game, called Quantum Dawn 2, that involved more than five hundred individuals from about fifty entities and government agencies. Quantum Dawn 2 was aimed principally at preventing attacks that would disrupt normal trading. While useful, this goal falls short of preparing for a more sophisticated type of attack that would mimic, rather than disrupt, order-entry systems.

China is not the only major power fighting a financial war. Such warfare is being waged today between the United States and Iran, as the United States seeks to destabilize the Iranian regime by denying it access to critical payments networks. In February 2012 the United States banned Iran from the U.S. dollar payments systems controlled by the Federal Reserve and the U.S. Treasury. This proved inconvenient for Iran, but it was still able to transact business in international markets by converting payments to euros and settling transactions through the Belgium-based SWIFT bank message system. In March 2012 the United States pressured SWIFT to ban Iran from its payments system, too. Iran was then officially cut off from participating in hard-currency payments or receipts with the rest of the world. The United States made no secret of its goals in the financial war with Iran. On June 6, 2013, U.S. Treasury official David Cohen said that the objective of U.S. sanctions was “to cause depreciation of the rial and make it unusable in international commerce.”

The results were catastrophic for the Iranian economy. Iran is a leading oil exporter and requires access to payments systems to receive dollars for the oil it ships abroad. It is also a major importer of refined petroleum products, food, and consumer electronics such as Apple computers and HP printers. Suddenly it had no way to pay for its imports, and its local currency, the rial, collapsed. Merchants sought scarce dollars on the black market at exchange rates that made the rial worth less than half its previous value, the equivalent of 100 percent inflation. A run on the Iranian banking system commenced, as depositors tried to get their rials out to purchase black-market currencies or hard assets to preserve wealth. The government raised interest rates in an effort to stop the run on the banks. The United States had inflicted a currency collapse, hyperinflation, and a bank run and had caused a scarcity of food, gasoline, and consumer goods, through the expedient of cutting Iran out of the global payments system.

Iran fought back, even before the escalation of U.S. efforts, by dumping dollars and buying gold to prevent the United States or its allies from freezing its dollar balances. India is a major Iranian oil importer, and the two trading partners took steps to implement an oil-for-gold swap, whereby India would buy gold on global markets and swap it with Iran for oil shipments. In turn, Iran could swap the gold with Russia or China for food or manufactured goods. In the face of extreme financial sanctions, Iran was once again proving that gold is money, good at all times and in all places.

Turkey quickly became a leading source of gold for Iran. Turkish exports of gold to Iran in March 2013 equaled $381 million, which was more than double those of the previous month. However, gold is not as easy to move as digital dollars, and gold swaps have their own risks. In January 2013 a cargo plane with 1.5 tons of gold on board was impounded by Turkish authorities at the Istanbul airport because the gold was deemed contraband. Various reports said the plane originated in Ghana, a major gold producer, and was heading for Dubai, a notorious transshipment point for gold and currencies from all over the world. Reports from the Voice of Russia speculated that the plane was ultimately headed for Iran. Regardless of the destination, someone, possibly Iran, was missing 1.5 tons of gold.

Another source of gold bound for Iran is Afghanistan. In December 2012 The New York Times reported on a healthy triangular trade among Afghanistan, Dubai, and Iran using both legitimate transportation and illegal smuggling. The Times reported that “passengers flying from Kabul to the Persian Gulf… would be well advised to heed warnings about the danger of bags falling from overhead compartments. One courier… carried nearly 60 pounds of gold bars, each about the size of an iPhone, aboard an early morning flight.”

As Iran expanded its gold trading, the United States was quick to retaliate. The U.S. Treasury announced strict enforcement of a prohibition on gold sales to Iran effective July 1, 2013. This enforcement was aimed at Turkey and the UAE, which had been the principal suppliers to Iran. The United States had already choked off Iran’s access to hard currency; now it was doing the same to gold. It was a tacit recognition by the United States that gold is money, despite public disparagement of gold by U.S. Federal Reserve officials and others.

Gold was not Iran’s only alternative payments strategy. The most convenient was to accept local currency payments in local banks not subject to the embargo. Iran could ship oil to India and receive Indian rupees deposited for its account in Indian banks. The use of those rupees by Iran is limited to purchases in India itself, but Indian agents can quickly adapt to import Western goods with dollars and sell them to Iranians for rupees, at high markups to compensate for the time and trouble of reexporting the Indian imports.

Iran also uses Chinese and Russian banks to act as front operations for illegal payments through sanctioned channels. It arranged large hard-currency deposits in Chinese and Russian banks before the sanctions were in place. Those banks then conducted normal hard-currency wire transfers through SWIFT for Iran, without disclosing that Iran was the beneficial owner, as required by SWIFT rules.

Intelligence reports indicate that the amount of hard currency on deposit by Iran in Chinese banks alone is $27 billion. However, Iran’s ability to move these funds is circumscribed by China’s need to avoid attracting the attention of the United States in making the transfers. In April 2013 Iran requested that China make a “gift” to North Korea of $4 billion as part of China’s normal humanitarian aid flows to the Hermit Kingdom. Iran did not disclose to China that the gift was actually a payment for shipments of nuclear weapons technology from North Korea to Iran.

In late 2012 the United States warned Russia and China about assisting Iran in such end runs around the sanctions, but no penalties were imposed on the Russians or Chinese and none seemed likely. SWIFT also had no appetite for enforcement because it did not want to exclude Iran from its system in the first place; it did so only under U.S. pressure. The United States did not come down hard on Russia or China because she had more important agendas to pursue with both, including Syria and North Korea.

Iran also demonstrated how financial warfare and cyberwarfare could be combined in a hybrid asymmetric attack. In May 2013 Iranian hackers had reportedly gained access to the software systems used by energy companies to control oil and natural gas pipelines around the world. By manipulating this software, Iran could wreak havoc not only on physical supply chains but also on energy derivatives markets that depended on physical supply and demand for price discovery. These probes, described by U.S. officials as reconnaissance missions, are highly dangerous on their own. Neither the Iranian hackers nor the U.S. targets seemed to consider that such activities might accidentally trigger a market panic that even the attacker did not intend.

Iran was not alone in bearing the brunt of U.S. financial warfare capabilities. U.S. financial sanctions aimed at Syria caused the Syrian pound to lose 66 percent of its value in the twelve months from July 2012 to July 2013. Inflation in Syria spiked to an annual rate of 200 percent as a result. The Syrian government was forced to conduct business in the currencies of its three principal allies—Iranian rials, Russian rubles, and Chinese yuan—because the Syrian pound had practically ceased to function as a medium of exchange.

By late 2013, the financial damage in Iran led to an agreement between President Obama and Iranian president Hassan Rouhani, which eased U.S. financial attacks in exchange for Iranian concessions on its uranium enrichment programs. Iran had suffered from the sanctions, but it had not collapsed, and now it had met the United States at the negotiating table. In particular, sanctions on gold purchases by Iran were removed, enabling Iran to stockpile gold using the dollar proceeds from oil sales. President Obama made it clear that although sanctions were eased, they could be reimposed if Iran failed to live up to its promises to scale back its nuclear programs. Still, for the time being, Iran had fought the United States to a standstill in its financial war, despite enormous disruption to the Iranian economy.

The U.S.-Iranian financial war of 2012–13 illustrates how nations that could not stand up to the United States militarily could prove a tough match when the battlefield is financial or electronic. Just as the United States found its allies in Europe and Turkey, Iran found hers in Russia, China, and India. Iran’s allies spoke openly about building new non-dollar-based banking and payments systems. Dubai had carved out a role accommodating both sides in this war not unlike Switzerland in World War II. The United States had wanted to drive Iran out of the dollar payments system, and it succeeded. But in a case of “be careful what you wish for,” an alternative non-dollar-based payment system is now taking shape in Asia, and gold has proved to be an effective financial weapon on its own.

This cat-and-mouse game among China, Russia, Iran, the United States, and North Korea involving cash, gold, weapons, and sanctions illustrates how financial weapons have moved to the fore in strategic affairs.

■ The Cyberfinancial Connection

Interest in financial war is hardly confined to Andy Marshall’s office in the Pentagon. In late September 2012 the Kingdom of Bahrain played host to a private, invitation-only summit of international monetary experts to discuss the geopolitics of currencies and reserves. The three-day exercise included scenarios such as the U.S. dollar’s collapse and the rise of regional reserve currencies such as the Chinese yuan and Russian ruble. Participants included European legislators, think-tank scholars, prominent journalists, and capital markets experts.

On October 12, 2012, the Federation of American Scientists conducted a financial war game in Washington, D.C., involving alternative scenarios of a shooting war between Israel and Iran. Participants were given conventional military scenarios and then asked to assess the financial impact and show how financial weapons might be used as a force multiplier.

On October 25, 2012, the Boeing Corporation conducted a financial war game during an offsite conference in Bretton Woods, New Hampshire. The conference was held at the historic Mount Washington Hotel, famous as the site of the 1944 Bretton Woods conference that established the international monetary system, which prevailed from the end of the Second World War until President Nixon closed the gold window in 1971. Although Boeing is a corporation and not a sovereign state, its interest in financial warfare is hardly surprising. Boeing has employees in seventy countries and customers in 150 countries, and it is one of the world’s largest exporters. Boeing’s Defense, Space and Security division builds and operates the most sensitive, heavily classified platforms for U.S. national security operations. Few if any companies in the world have as large a stake as Boeing in the possibility and implications of financial warfare.

That same month, on October 30, 2012, the National Defense University completed a one-year virtual financial war game involving contributions of six leading experts from academia, think tanks, and major banks. The sponsor for the exercise was the U.S. Pacific Command, and its findings are contained in a highly sensitive 104-page final report.

In August 2013 the Swiss Army carried out one of the most elaborate financial war games of all, called Operation Duplex-Barbara. In this exercise, Swiss troops defended their country against imagined French mobs and militias swarming over their border to recover money allegedly stolen by the Swiss banks.

Even this extensive activity and analysis of financial warfare does not encompass the full extent of the threat. Cyberattacks on U.S. infrastructure, including banks and other financial institutions, are growing and can take many forms. In one troubling instance on Christmas Eve 2011, a computer file containing personal identification information on a senior U.S. government official was hacked, and the information was downloaded. The information was then used in an effort to deplete the official’s personal bank account. The official was Mary Shapiro, then the chief regulator of all U.S. capital markets.

On April 23, 2013, a Twitter account maintained by the Associated Press was hacked and used to distribute a false message that the White House had been the target of a terror attack and that President Obama had been injured. This false message came just days after the Boston Marathon terror bombing and the dramatic manhunt and shootouts with the terror bombers. The Dow Jones Industrial Index immediately plunged more than 140 points, briefly wiping out $136 billion in wealth before recovering once the message was exposed as a fake. A pro-Syrian hacker group backed by Iran called the Syrian Electronic Army claimed credit for the attack. The hackers’ success and the market reaction demonstrated that markets are on a hair trigger and are easily crashed and manipulated by various means. It was an instructive episode for other potential attackers.

These events point toward the most dangerous kind of financial attack, one that combines cyberattacks and financial warfare in the ultimate force multiplier scenario. In this situation, a cyberattack is not used to disable U.S. capital markets; instead the cyberinvaders take control of order-entry software to spoof sell orders by major financial institutions. The intended financial collapse is similar to the rogue hedge fund scenarios, except that no cash or capital is required. The computer is programmed to mimic an out-of-control broker trying to unload trillions of dollars in stocks, bonds, and derivatives.

This scenario is a larger, more targeted version of the August 1, 2012, Knight Capital fiasco, in which a software error caused a computer to go berserk and flood the New York Stock Exchange with phony orders. Knight accumulated $7 billion in unwanted stock positions in a matter of minutes and suffered $440 million in losses to unwind them. While the disaster was taking place, no one at Knight could identify the problem’s source and no one thought to pull the kill switch. Finally the NYSE, in self-defense, blocked Knight from its systems.

An even greater fiasco occurred on August 22, 2013, when the NASDAQ Stock Market was paralyzed for three hours due to computer and communications problems that have never been publicly explained. An attack from Iran’s Cyber-Defense Command has not been ruled out. In August 2012 Iran’s cyberforces destroyed 30,000 computers of oil behemoth Saudi Aramco with the Shamoon digital virus, and Iranian efforts at cyberfinancial warfare are ongoing.

In these financial warfare scenarios, an attack could be so large that the NYSE would be overwhelmed and have to close down entirely. The ensuing panic would produce hundreds of billions of dollars in paper losses.

While thinkers in the national security community have expressed concerns about financial war, officials at the U.S. Treasury and Federal Reserve routinely pour cold water on the threat analysis. Their rejoinder begins with estimates of the market impact of financial war, then concludes that the Chinese or other major powers would never engage in it because it would produce massive losses on their own portfolios. This view reflects a dangerous official naïveté. The Treasury view supposes that the purpose of financial war is financial gain. It is not.

The purpose of financial war is to degrade an enemy’s capabilities and subdue the enemy while seeking geopolitical advantage in targeted areas. Making a portfolio profit has nothing to do with a financial attack. If the attacker can bring an opponent to a state of near collapse and paralysis through a financial catastrophe while advancing on other fronts, then the financial war will be judged a success, even if the attacker incurs large costs. All wars have costs, and many wars are so destructive that recovery takes years or decades. This does not mean wars do not happen or that those initiating them do not find advantage despite the costs.

Consider the following calculations. If China lost 25 percent on the value of its reserves as the result of a financial war with the United States, the cost to China would be about $750 billion. A fleet of twelve state-of-the art Ford-Class aircraft carriers, comparable to the envisioned U.S. carrier force, would cost over $400 billion to build and deploy once all construction, operating, overhaul, and other life-of-the-vessel costs were taken into account. The costs of securing those aircraft carriers with destroyers, submarines, and other support vessels, as well as the land-based systems and staff needed to operate the fleet, raise the costs to a significantly higher level. In short, the economic cost of confronting the United States in financial warfare may not be higher than confronting it at sea and in the air, and the damage inflicted may be even greater. China does not have a fleet of state-of-the-art aircraft carriers, but it does have cash and computers, and it will choose its own battlespace.

China could protect its reserves against asset freezes or devaluation in the event of a financial war by converting its paper wealth to gold—an option it is now pursuing aggressively. Every gold bullion acquisition by China reduces its financial vulnerability and tilts the trade-off between portfolio losses and armament costs in favor of financial war. China’s possible intentions may be inferred from its status as the world’s largest gold buyer.

The U.S. Treasury and Federal Reserve view also fails to account for intertemporal effects. An attack that is costly in the short run can be quite profitable in the long run. Whatever losses China might suffer on its portfolio in a financial war could be quickly reversed during peace talks or in a negotiated settlement. Seized accounts could be unfrozen, and market losses could be turned into gains, once conditions normalized. Meanwhile China’s geopolitical gains in areas like Taiwan or the East China Sea could be permanent, and it is the U.S. economy that might suffer most in such a contest and take years to recover.

Treasury and Fed officials dismiss concerns about financial war due to their misapprehension of the statistical properties of risk and their reliance on erroneous equilibrium models. These models assume efficient markets and rational behavior that have no correspondence to real markets. As applied to financial warfare, their view is that enemy attacks on particular stocks or markets will prove self-defeating because rational investors will jump in to buy bargains once the selling pressure begins. Such behavior exists only in relatively calm, unperturbed markets, but in actual panic situations, selling pressure feeds on itself, and buyers are nowhere to be found. A major panic will spread exponentially and lead to total collapse absent an act of force majeure by government.

This panic dynamic has actually commenced twice in the past sixteen years. In September 1998 global capital markets were hours away from total collapse before the completion of a $4 billion, all-cash bailout of the hedge fund Long-Term Capital Management, orchestrated by the Federal Reserve Bank of New York. In October 2008 global capital markets were days away from the sequential collapse of most major banks when Congress enacted the TARP bailout, while the Fed and Treasury intervened to guarantee money-market funds, prop up AIG, and provide trillions of dollars in market liquidity. In neither panic did the Fed’s imaginary bargain hunters show up to save the day.

In short, the Treasury and Fed view of financial warfare exhibits what intelligence analysts call mirror imaging. They assume that since the United States would not launch a financial attack on China, China would not launch an attack on the United States. Far from preventing war, such myopia is a principal cause of war because it fails to comprehend the enemy’s intentions and capabilities. Where financial warfare is concerned, markets are too important to be left to the Treasury and the Fed.

Nor is it necessary to launch a financial war in order for financial warfare capability to be an effective policy instrument. It is only necessary that the threat be credible. A scenario can arise where the U.S. president stands down from military action to defend Taiwan because China has made it clear than any such action would result in the destruction of a trillion dollars or more in U.S. paper wealth. In this scenario, Taiwan is left to its fate. Andy Marshall’s Air-Sea Battle is deterred by China’s weapons of wealth destruction.

Perhaps the greatest financial threat is that these scenarios might play out by accident. In the mid-1960s, at the height of Cold War hysteria about nuclear attacks and Mutual Assured Destruction, two films, Fail-Safe and Dr. Strangelove, dealt with nuclear-war-fighting scenarios between the United States and the Soviet Union. As portrayed in these films, neither side wanted war, but it was launched nonetheless due to computer glitches and actions of rogue officers.

Capital markets today are anything but fail-safe. In fact, they are increasingly failure-prone, as the Knight Capital incident and the curious May 6, 2010, flash crash demonstrate. A financial attack may be launched by accident during a routine software upgrade or drill. Capital markets almost collapsed in 1998 and 2008 without help from malicious actors, and the risk of a similar collapse in coming years, accidental or malicious, is distressingly high.

In 2011 the National Journal published an article called “The Day After” that described in detail the highly classified plans for continuity of U.S. government operations in the face of invasion, infrastructure collapse, or extreme natural disaster. These plans include landing a helicopter squadron on the Washington Mall, near the Capitol, to swoop up the congressional leadership for evacuation to an emergency operations center called Mount Weather in Virginia. Defense Department officials would then be moved to a hardened bunker deep inside Raven Rock Mountain on the Maryland-Pennsylvania border, not far from Camp David.

Much of Marc Ambinder’s reporting involves the chain of command and what happens if certain officials, possibly including the president, are dead or missing. He points out that these contingency plans failed both during the attempted assassination of President Reagan in 1981 and again on 9/11. Recent years have seen improvement in secure communications, but serious ambiguity can still arise in the chain of command, and Ambinder says more failures can be expected in another national crisis.

However, a financial war would present a different kind of crisis, with little or no physical damage. No officials should be dead or missing, and the chain of command should remain intact. Absent collateral infrastructure attacks, communications would flow normally.

Yet the nation would be traumatized just as surely as if an earthquake had leveled a major city, because trillions of dollars of wealth would be lost. Banks and exchanges would close their doors and liquidity in markets would evaporate. Trust would be gone. The Federal Reserve, having used up its dry powder printing over $3 trillion of new money since 2008, would have no capacity or credibility to do more. Social unrest and riots would soon follow.

Andy Marshall and other futurists in the national security community are taking such threats seriously. They receive little or no support from the Treasury or Federal Reserve; both are captive to mirror imaging.

Ironically, solutions are not hard to devise. These solutions involve breaking big banks into units that are not too big to fail; returning to a system of regional stock exchanges, to provide redundancy; and reintroducing gold into the monetary system, since gold cannot be wiped out in a digital flash. The first-order costs of these changes are more than compensated by increased robustness and second-order benefits. None of these remedial steps is under serious consideration by Congress or the White House. For now, the United States is only dimly aware of the threat and nowhere near a solution.