Authored by Jeffrey Miller via Miller’s Market Musings,

So after a long period of basically no volatility, we finally got some – in a hurry.  In case you were out, the S&P 500 (SPX) finally had a down day of more than 1%.  But that’s not the real story.  Look in bankland, where we have been cautious ever since the rip higher on the Trump Trade (lower taxes, higher rates, lower regulations).  The KRX (KBW Regional Bank Index) fell over 5% on Tuesday – yes, the bank index took a dive of 5% in one day.  And it didn’t bounce.  The SPY was up a bit on Wednesday, but marginally, while the dollar continued to weaken versus the Yen and Euro.  The big questions being asked all revolve around whether the dip in the 10-year bond yield to under 2.40% is reflecting a weaker outlook for the Trump Trade, or, if it’s just an unwind of a massive 10-year bond short after the Fed hike last week was perceived as dovish.

All Calvin and Hobbes comics courtesy of Bill Watterson and Go Comics.

The mini-rally in the 10-year bond could be the proximate cause of the banks selling off, but that is a little too old school – that implies that what is driving these stocks right now is a focus on fundamentals.  But as long-time readers know, fundamentals only matter in the very long term – in the short term, positioning, especially among the CTA/trend following/risk parity crowd, can become very important at inflection points.  These funds all tend to been leaning in the same direction at the same time, in size, and are designed to pull down risk and then flip the other way quickly on a steep decline.  In short, they are the embodiment of feedback loops that drove the big sell off in August 2015 and in early 2016.  But…this time I think we could be in for a bigger shock.  Just because the market didn’t follow through to the downside after Tuesday doesn’t mean we’re done.  Instead, this may be a preview of coming attractions, as the KRX falling 5% in a day is a warning sign, not an all clear sign.  Because these funds can be easily spooked – especially on a hike.

The issue isn’t that there are funds that trend-surf.  The issue is that there are now a lot of them, and there has been a recent push into using these funds to “hedge” risk.  The idea is that any downturn will evolve slowly enough for these funds to sell into it – which has happened in the past.  But that was when the group was a lot smaller.  A recent Financial Times article detailed how pervasive this has become. According to the article, clients of Pension Consulting Alliance (PCA) typically allocate 10-20% of their assets to a “CRO program.” What is a CRO program?  “Crisis Risk Offset.” PCA apparently coined the term.  Now, full disclosure: I know a few people who work at PCA and they are all great folks (and neighbors).  This isn’t about them. It’s about allocating to momentum strategies in a size that may be too big to execute properly.  Portfolio insurance anyone?  If you recall, that didn’t work out well (see October 19th, 1987).  Will that (down over 20% in a single day) happen again?  Unlikely.  But we could easily get a situation where a garden-variety 5% pullback in the SPX quickly morphs into a fast 10-15% decline, as funds de-lever their equity longs or flip short.  See these charts of where we are in terms of equity exposure in various trend-following systems, and the size of these funds today.

The problem with everyone leaning in one direction is that they scare easily.  When realized volatility has been near all-time lows, as it has been in recent months, the simpler versions of these strategies view assets as less risky, so they lever them up.  What the models fail to capture is the speed with which volatility can return.  If volatility slowly creeps back up, then the models work fine.  But if it suddenly spikes higher, the models fall apart, other investors quickly de-risk, and everyone is up all night looking for ghosts.  Don’t say you haven’t been warned.

This was one of the weirder weeks I’ve seen in awhile. Various proxies for U.S. interest rates were bouncing around based on each tweet and missive from D.C. about whether or not the new healthcare bill would pass.  When the bill was first pulled on Thursday, U.S. stocks fell, and rate proxies reacted as if all of the Trump agenda was in trouble (Trump policies are viewed as inflationary, so rates move up when he’s doing well and down when he’s not).  Look at the Yen this week – every time the Trump agenda looked vulnerable, it rallied.  And then that relationship quickly fell apart at the end of the day on Friday.  When the healthcare bill got pulled for good Friday, it took about 5 minutes for the narrative to shift from Trump failed to now tax cuts can happen sooner rather than later, and so the Yen fell sharply.  This is the world we live in today – traders are making up new and different reasons to scare themselves daily.  Should we care?  I’d say no, except we’re in unstable times (see the 5% selloff in the KRX on Tuesday for proof), and with lots of money in passive funds, ETFs and trend-following strategies, it won’t take a lot to get the markets heading down fast.

So what will be the catalyst to cause more than a 1% sell-off in the SPX?  While everyone is fixated with the non-bill in D.C., I think they are missing the big risk in the market, which is only getting bigger by the day.  Long-time readers can guess where this is going.  That’s right – China.  While we’ve been distracted in the U.S., China has been raising its equivalent of the Fed Funds rate and trying to stem a credit bubble there from ballooning out of control, while at the same time trying to make sure that if they do succeed in popping the bubble, it deflates slowly.  Good luck with that.  I’m not saying they won’t be able to do it.  I’m just saying that no country has ever pulled it off before.  The borrowing rates for their non-bank financial institutions (NBFIs) are rocketing higher (see the chart below) as they scramble for funds.  Evidently, the popular thing for these NBFIs to do is lend very long-term into risky ventures in order to generate higher yields, but borrow very short-term (under a year) because the funding is cheaper.  If this sounds just like our S&L crisis, version 2.0, you’d be correct.  I would have thought there are some things the Chinese may have wanted to avoid copying from the U.S., but apparently they’ll have to learn that lesson for themselves.

Take a look at the charts below.  You’re actually seeing defaults in China occur, and at an increasing rate (albeit from zero, as extend and pretend is the national motto in China, where everything is always awesome – it is always awesome, right?).  Remember, you’re also seeing short-term repo rates spiking.  A sign of renewed growth and inflation fears?   Ah, no.  It’s a sign of stress in the funding markets and increasing counterparty risks.  Put another way, credit is starting to fray in China right after the biggest increase in debt in the history of the world.

How will it end? I think Calvin has it pretty well figured out in the below comic strip.

?So to recap: the question investors need to ask themselves is what will happen if China’s issues start to manifest themselves in global markets (remember August 2015?  Me too.  We’re all in this together). The combination of large risk-parity funds and CTAs being quite long equities at the exact moment that China’s credit bubble is starting to show signs of stress could end quite badly.  The pension funds that have hired CTAs to sell into the next selloff will exacerbate what would have in the past been a normal correction.  And when retail investors who have been relentlessly told to invest their money in long-only index funds or ETFs wake up to a market that is down 10%, 15%, or 20% fast, are they going to hold on, or even buy more, or are they going to realize that their ship is just a plank, and decide to swim for shore while they can?  If history is a guide, we’re going to see lots of investors making a swim for it.

Authored by Justin Raimondo via TheAntiMedia.org,

The allegation – now accepted as incontrovertible fact by the “mainstream” media – that the Russian intelligence services hacked the Democratic National Committee (and John Podesta’s emails) in an effort to help Donald Trump get elected recently suffered a blow from which it may not recover.

Crowdstrike is the cybersecurity company hired by the DNC to determine who hacked their accounts: it took them a single day to determine the identity of the culprits – it was, they said, two groups of hackers which they named “Fancy Bear” and “Cozy Bear,” affiliated respectively with the GRU, which is Russian military intelligence, and the FSB, the Russian security service.

How did they know this?

These alleged “hacker groups” are not associated with any known individuals in any way connected to Russian intelligence: instead, they are identified by the tools they use, the times they do their dirty work, the nature of the targets, and other characteristics based on the history of past intrusions.

Yet as Jeffrey Carr and other cyberwarfare experts have pointed out, this methodology is fatally flawed. “It’s important to know that the process of attributing an attack by a cybersecurity company has nothing to do with the scientific method,” writes Carr:

“Claims of attribution aren’t testable or repeatable because the hypothesis is never proven right or wrong. Neither are claims of attribution admissible in any criminal case, so those who make the claim don’t have to abide by any rules of evidence (i.e., hearsay, relevance, admissibility).”

Likening attribution claims of hacking incidents by cybersecurity companies to intelligence assessments, Carr notes that, unlike government agencies such the CIA, these companies are never held to account for their misses:

“When it comes to cybersecurity estimates of attribution, no one holds the company that makes the claim accountable because there’s no way to prove whether the assignment of attribution is true or false unless (1) there is a criminal conviction, (2) the hacker is caught in the act, or (3) a government employee leaked the evidence.”

This lack of accountability may be changing, however, because Crowdstrike’s case for attributing the hacking of the DNC to the Russians is falling apart at the seams like a cheap sweater.

To begin with, Crowdstrike initially gauged its certainty as to the identity of the hackers with “medium confidence.” However, a later development, announced in late December and touted by the Washington Post, boosted this to “high confidence.” The reason for this newfound near-certainty was their discovery that “Fancy Bear” had also infected an application used by the Ukrainian military to target separatist artillery in the Ukrainian civil war. As the Post reported:

“While CrowdStrike, which was hired by the DNC to investigate the intrusions and whose findings are described in a new report, had always suspected that one of the two hacker groups that struck the DNC was the GRU, Russia’s military intelligence agency, it had only medium confidence.

“Now, said CrowdStrike co-founder Dmitri Alperovitch, ‘we have high confidence’ it was a unit of the GRU. CrowdStrike had dubbed that unit ‘Fancy Bear.’”

Crowdstrike published an analysis that claimed a malware program supposedly unique to Fancy Bear, X-Agent, had infected a Ukrainian targeting application and, using GPS to geo-locate Ukrainian positions, had turned the application against the Ukrainians, resulting in huge losses:

“Between July and August 2014, Russian-backed forces launched some of the most-decisive attacks against Ukrainian forces, resulting in significant loss of life, weaponry and territory.

“Ukrainian artillery forces have lost over 50% of their weapons in the two years of conflict and over 80% of D-30 howitzers, the highest percentage of loss of any other artillery pieces in Ukraine’s arsenal.”

Alperovitch told the PBS News Hour that “Ukraine’s artillery men were targeted by the same hackers, that we call Fancy Bear, that targeted DNC, but this time they were targeting cell phones to try to understand their location so that the Russian artillery forces can actually target them in the open battle. It was the same variant of the same malicious code that we had seen at the DNC.”

He told NBC News that this proved the DNC hacker “wasn’t a 400-pound guy in his bed,” as Trump had opined during the first presidential debate – it was the Russians.

The only problem with this analysis is that is isn’t true. It turns out that Crowdstrike’s estimate of Ukrainian losses was based on a blog post by a pro-Russian blogger eager to tout Ukrainian losses: the Ukrainians denied it. Furthermore, the hacking attribution was based on the hackers’ use of a malware program called X-Agent, supposedly unique to Fancy Bear. Since the target was the Ukrainian military, Crowdstrike extrapolated from this that the hackers were working for the Russians.

All somewhat plausible, except for two things: To begin with, as Jeffrey Carr pointed out in December, and now others are beginning to realize, X-Agent isn’t unique to Fancy Bear. Citing the findings of ESET, another cybersecurity company, he wrote:

“Unlike Crowdstrike, ESET doesn’t assign APT28/Fancy Bear/Sednit to a Russian Intelligence Service or anyone else for a very simple reason. Once malware is deployed, it is no longer under the control of the hacker who deployed it or the developer who created it. It can be reverse-engineered, copied, modified, shared and redeployed again and again by anyone. In other words? – ?malware deployed is malware enjoyed!

“In fact, the source code for X-Agent, which was used in the DNC, Bundestag, and TV5Monde attacks, was obtained by ESET as part of their investigation!

“During our investigations, we were able to retrieve the complete Xagent source code for the Linux operating system….”

“If ESET could do it, so can others. It is both foolish and baseless to claim, as Crowdstrike does, that X-Agent is used solely by the Russian government when the source code is there for anyone to find and use at will.”

Secondly, the estimate Crowdstrike used to verify the Ukrainian losses was supposedly based on data from the respected International Institute for Strategic Studies (IISS). But now IISS is disavowing and debunking their claims:

“[T]he International Institute for Strategic Studies (IISS) told [Voice of America] that CrowdStrike erroneously used IISS data as proof of the intrusion. IISS disavowed any connection to the CrowdStrike report. Ukraine’s Ministry of Defense also has claimed combat losses and hacking never happened….

“’The CrowdStrike report uses our data, but the inferences and analysis drawn from that data belong solely to the report’s authors,” the IISS said. “The inference they make that reductions in Ukrainian D-30 artillery holdings between 2013 and 2016 were primarily the result of combat losses is not a conclusion that we have ever suggested ourselves, nor one we believe to be accurate.’

“One of the IISS researchers who produced the data said that while the think tank had dramatically lowered its estimates of Ukrainian artillery assets and howitzers in 2013, it did so as part of a ‘reassessment” and reallocation of units to airborne forces.’

“’No, we have never attributed this reduction to combat losses,” the IISS researcher said, explaining that most of the reallocation occurred prior to the two-year period that CrowdStrike cites in its report.

“’The vast majority of the reduction actually occurs … before Crimea/Donbass,’ he added, referring to the 2014 Russian invasion of Ukraine.”

The definitive “evidence” cited by Alperovitch is now effectively debunked: indeed, it was debunked by Carr late last year, but that was ignored in the media’s rush to “prove” the Russians hacked the DNC in order to further Trump’s presidential ambitions. The exposure by the Voice of America of Crowdstrike’s falsification of Ukrainian battlefield losses – the supposedly solid “proof” of attributing the hack to the GRU – is the final nail in Crowdstrike’s coffin. They didn’t bother to verify their analysis of IISS’s data with IISS – they simply took as gospel the allegations of a pro-Russian blogger. They didn’t contact the Ukrainian military, either: instead, their confirmation bias dictated that they shaped the “facts” to fit their predetermined conclusion.

Now why do you suppose that is? Why were they married so early – after a single day – to the conclusion that it was the Russians who were behind the hacking of the DNC?

Crowdstrike founder Alperovitch is a Nonresident Senior Fellow of the Atlantic Council, and head honcho of its “Cyber Statecraft Initiative” – of which his role in promoting the “Putin did it” scenario is a Exhibit A. James Carden, writing in The Nation, makes the trenchant point that “The connection between Alperovitch and the Atlantic Council has gone largely unremarked upon, but it is relevant given that the Atlantic Council – which is funded in part by the US State Department, NATO, the governments of Latvia and Lithuania, the Ukrainian World Congress, and the Ukrainian oligarch Victor Pinchuk – has been among the loudest voices calling for a new Cold War with Russia.” Adam Johnson, writing on the FAIR blog, adds to our knowledge by noting that the Council’s budget is also supplemented by “a consortium of Western corporations (Qualcomm, Coca-Cola, The Blackstone Group), including weapons manufacturers (Lockheed Martin, Raytheon, Northrop Grumman) and oil companies (ExxonMobil, Shell, Chevron, BP).”

Johnson also notes that CrowdStrike currently has a $150,000 / year, no-bid contract with the FBI for “systems analysis.”

Nice work if you can get it.

This last little tidbit gives us some insight into what is perhaps the most curious aspect of the Russian-hackers-campaign-for-Trump story: the FBI’s complete dependence on Crowdstrike’s analysis. Amazingly, the FBI did no independent forensic work on the DNC servers before Crowdstrike got its hot little hands on them: indeed, the DNC denied the FBI access to the servers, and, as far as anyone knows, the FBI never examined them. BuzzFeed quotes an anonymous “intelligence official” as saying “Crowdstrike is pretty good. There’s no reason to believe that anything they have concluded is not accurate.”

There is now.

Alperovitch is scheduled to testify before the House Intelligence Committee, and one wonders if our clueless – and technically challenged – Republican members of Congress will question him about the debunking of Crowdstrike’s rush to judgment. I tend to doubt it, since the Russia-did-it meme is now the Accepted Narrative and no dissent is permitted – to challenge it would make them “Putin apologists”! (Although maybe Trey Gowdy, the only GOPer on that panel who seems to have any brains, may surprise me.)

As I’ve been saying for months, there is no evidence that the Russians hacked the DNC: none, zilch, nada. Yet this false narrative is the entire basis of a campaign launched by the Democrats, hailed by the Trump-hating media, and fully endorsed by the FBI and the CIA, the purpose of which is to “prove” that Trump is “Putin’s puppet,” as Hillary Clinton put it. Now the investigative powers of the federal government are being deployed to confirm that the Trump campaign “colluded” with the Kremlin in an act the evidence for which is collapsing.

This whole affair is a vicious fraud. If there is any justice in this world – and there may not be – the perpetrators should be charged, tried, and jailed.