Not that we need it, but here’s yet another reason to worry about havoc in financial markets: U.S. intelligence officials increasingly fear that computer hackers could wreck banks and large financial institutions, or send stock markets into one more panicked frenzy, by covertly manipulating data and spreading false information.

In interviews and speeches over the past few months, senior counterintelligence and security officials laid out some dire scenarios. They’re all predicated on a determined individual or small group fabricating information in such a way that the public sees a different picture of financial health than exists, either at a particular company or in broad markets.

For example, imagine a large brokerage finds itself suddenly saddled with huge losses because a disgruntled employee falsified information in the company’s accounting systems, thus ensuring that billions of dollars in losses never show up on the books. Or think about the tumult that would ensue if someone hacked into a stock exchange and changed individual share prices, unleashing a flood of buy and sell orders.

These kinds of nightmare events shape the thinking of the senior Bush administration officials in charge of protecting the nation’s computer infrastructure. They’re concerned that financial institutions, while aware of the risks posed by lax information security, haven’t taken bold enough steps to tighten up their own defenses and thus are imperiling a global system that is utterly dependent on accurate information.

The current crisis in mortgage-backed securities underscores the consequences of inaccurate information. Analysts often labeled those investments safe because they relied on outdated mortgage-default rates to assess the loans’ riskiness. Their flawed calculus was presumably unintentional.

But imagine the damage that intentionally feeding the market bad information could cause. “Let’s say instead of bringing down the systems at the New York Stock Exchange, you were able to corrupt the data in the exchange’s system,” Joel Brenner, the government’s top counterintelligence officer, posited in an interview with National Journal in May. “If that happened, the market would lose confidence in the prices. ‘Gee, I thought I bought a million shares at X, not X plus 10 cents.’ What would happen to trading? The clearing mechanism would grind to a halt at the end of the day.”

It may sound improbable, and Brenner stressed that the security on stock exchanges is “very, very good.” But he and other senior officials say that the financial system as a whole is not sufficiently protected. The economic damages from massive fraud, they note, could exceed those caused by an act of terrorism. And at a time when the global financial system is teetering on collapse, financial networks are becoming more interlinked and hackers are perfecting their techniques.

Officials don’t base their hypotheses on unfounded fears. Indeed, the world has already seen that one person, with a reasonable level of technical skill, can make whole economies shudder.

In January, Societe Generale, one of France’s largest financial services companies, discovered that a midlevel trader had made a series of complex and bogus futures transactions by hacking into the bank’s security and trading systems. Jerome Kerviel disabled an automatic-alert mechanism that should have flagged his reckless transactions. And he stole passwords that gave him access to accounting records, which he falsified to cover his tracks. He even constructed fake e-mails about fictitious trades to make his activities seem real. When the trader’s managers discovered Kerviel’s fraud, they spent a weekend trying to reconcile the trades in the open market. The bank’s losses totaled more than $7 billion.

“The unwinding of such a massive position put immense pressure on the futures market,” according to Eben Esterhuizen, an investment analyst who covered the story for The Panelist, a financial news blog. “Other traders saw the plunge in futures amid massive and mysterious selling … and they started selling everything else.”

U.S. markets were closed the following Monday, on January 21, for the Martin Luther King Jr. holiday. But world stock markets dipped dramatically. Kerviel’s fraudulent transactions had not yet been publicly revealed, so no one could point to a specific cause for the drop. To fend off a spreading panic, Federal Reserve Board Chairman Ben Bernanke cut the interest rate that the Fed charges banks for overnight loans by 0.75 percent. It was the Fed’s biggest ever emergency cut, and it was precipitated in large part by Kerviel’s massive disinformation campaign.

Rogue traders like Kerviel have caused big losses before, but never this big. In 1995, trader Nick Leeson brought down Britain’s Barings Bank by causing approximately $1 billion in losses. Leeson, however, worked in the area of the company that also oversaw his activities. Kerviel, on the other hand, was a back-office employee and technophile who learned how to circumvent Societe Generale’s computer systems.

The Kerviel case got the attention of senior security officials in the Bush administration. In a public address in September, Melissa Hathaway, who manages the cyber-security portfolio for the director of national intelligence, described it as a prime example of how an insider hacker can, with relative ease, shake the global economy.

Hathaway said that the case is one of several hacking incidents that have informed the policy behind the Bush White House’s national cyber-security initiative, an ambitious and largely classified plan that officials are rolling out in the administration’s final months. The insider threat ranked “first and foremost” among the so-called attack vectors that officials have reviewed, she said. The cyber-plan is aimed primarily at government networks, but Hathaway, like Brenner and other experts in government, has spent much of her time discussing unaddressed risks to private networks, particularly in the financial sector.

To get a sense of just how susceptible financial markets are to disinformation, consider how wildly stock prices fluctuate because of a rumor. Earlier this month, Apple’s share price tumbled by more than 10 percent moments after a post on a CNN website claimed that paramedics had rushed Steve Jobs, the company’s CEO, from his home after an apparent heart attack. The site solicits “user-generated content,” but CNN does not verify it. The poster claimed that an anonymous source with firsthand information had supplied the tip about Jobs, and the report seemed real enough to spark a panic. (Jobs had pancreatic cancer, and his health has been a constant source of worry for investors.)

The company quickly denied the report, and Apple’s stock rebounded, but not before dipping under $100 a share for the first time in nearly a year and a half. CNN removed the fake report from its site.

This wasn’t the first time that bad information has shaken the markets. In January 2006, an error in NASDAQ’s reporting system prompted several websites and online brokers to display incorrect price shifts on various stocks. The prices were correct, but the scale of price changes was not. Some stocks seemed to be up when they were really down, and some seemed to be falling when their share price was actually on the rise. In Japan, trading was halted, and investors found themselves unable to sell losing stocks or to buy up new ones at a discount.

“When you have this kind of problem, it calls into question the entire system,” Yakov Amihud, a finance professor at New York University’s Stern School of Business, told the Associated Press at the time. “As an investor, you question whether the liquidity in that market is there, whether you can buy or sell exactly when you want to. And maybe you decide to sell off your stocks if you don’t trust the system.”

These mishaps were also inadvertent. But for financial institutions, officials say, the lesson is clear: Companies must address the safety and soundness of their information systems in the face of all kinds of potential threats. “This is not happening. And this needs to happen,” says Tom Kellermann, who was the senior data-risk management specialist at the financial division of the World Bank Group and who now sits on a bipartisan commission writing a comprehensive cyber-security assessment for the next U.S. administration. The threat to financial networks has been a key area of concern for the commission.

“The reality is, we’ve been building our vaults out of wood in cyberspace for too long,” Kellermann says.

The ODNI has a transcript of Kerr’s remarks. I was struck by a few remarks. First, Kerr talked about a recent two-week trip to Latin America. He wasn’t clear about why he had gone, but he shared some observations. “Of course there you see the conjunction of narcotics trafficking and terrorism and there may be a nexus forming between them,” Kerr said. He continued:

They share the need for money laundering. In fact in Latin America you have a real presence of Hezbollah. Hezbollah, after al-Qaida, is the terrorist organization that has the most American blood on its hands. So if you need to worry about something you might think about our hemisphere where a terrorist organization is involved in money laundering, narco-trafficking, and very close to other criminal enterprise. That to me is the kind of thing that we need to worry about looking forward, not just fixating on the East/West prospects we have for the conflicts we’re in today.

To be fair, I think one should emphasize the word “may” in this connection between narco-traffickers and terrorists, particularly in the context of Hezbollah, because there is a fair amount of debate over this connection and its significance in the counterterrorism community. I’m not dismissing it. But that aside, Kerr really wanted to draw the attention of the audience–mostly intelligence professionals, past and present–to threats that exist “in our backyard.”

So we need to be watchful, pay attention in fact our back yard and to just Iraq and the Afghan/Pak border. That was one reason I went to Latin America. [I think there's a transcription error here, and that Kerr said, or meant to say, "and not to just Iran and the Afghan/Pakistan border."]

Kerr then turned to a discussion of Colombian President Alvaro Uribe, who’s caught up in a potential regional conflagration after Colombian troops last weekend crossed into Ecuador to kill members of the revolutionary guerrilla group FARC. (The United States is not alone in labeling FARC a terrorist organization.)

“One of the things I’m proud to report to you is that even before last weekend I had the
opportunity to meet with President Uribe,” Kerr said. “This is a leader of a country that’s actually succeeding in his endeavor. The number of FARC are now under 10,000. There was, of course, significant further loss last weekend [the Colombian troops killed FARC leader Raul Reyes and 23 of his cohorts] but I think the important thing for all of us to understand,
this is a leader of a democracy who has an 80 percent support rating from his citizens.”

The rest of Kerr’s remarks, while a bit lengthy, are worth reading. Remember, this is the second-highest-ranking intelligence official in the United States, and he’s expressing a point of view that is not at all at odds with President Bush.

What are his [Uribe's] principles? They’re really simple. Democracy leads to security. He’s trying to provide a climate for investment. And he’s trying to build the institutions that provide social cohesion. That leads to confidence in the electorate and why he has, of course, the 80 percent rating.

He does some other simple things that all of us know how to do but may fail to do. That is, he does town meetings throughout his country. He takes his National Security Council to meet in a different city each week. And so if you want to look for hands-on leadership that’s succeeding you need look no further than Colombia where they’re really taking on this question of narcotrafficking and terrorism and doing it in their own country. I think we need to support that and learn from it.

Now if you think about what I just said, I’ve just talked about something that’s not very different than what we’ve achieved with the surge in Iraq. We provided more troops, provided the security window, the ability to train up the Iraqis. We now have the CLCs, the concerned local citizens, taking back their own communities. What we hope is, of course, that investment and social cohesion will follow. So this is not a lesson that need be learned over and over again. It’s one we simply need to pay attention to and apply as we take responsibilities in different parts of the world.

I can’t speak to the 80 percent approval rating, but this is as strong of an endorsement of Uribe as I’ve seen from any senior intelligence policy official. The Colombia-Ecuador-Venezuela standoff is, of course, still developing, and as I noted the other day, speculation about documents on a FARC laptop are fueling the fire. (Greg Palast has a rebuke of the documents, based on his review of some of them, in Spanish. )

Kerr also made a pitch to intelligence officials to open up more to the press and not be afraid to talk about what spies do for a living.

The last challenge I’d like to talk to you about tonight is the one I have no answer for, but it’s really this. How do we do these things in a way that helps people understand how we in the Intelligence Community operate? Not as political pawns, but as professionals and apolitical experts. How do we pull back the curtain just a little bit for a society that of course automatically distrusts and dislikes secrets without sacrificing our sources and methods?

In the U.S., for example, we talk a lot about trying to support moderate Muslim leaders and dispelling myths about U.S. intentions and goals, and quite frankly, Americans as people. We are not really that good at communicating here at home when it comes to perceptions about the Intelligence Community. No poll has been conducted in recent years asking people about their feelings on the Intelligence Community. We should probably be thankful for that, for the number might be depressingly low.

That’s not because people don’t appreciate what we do or the live we save or the tomorrows we make possible. It’s because they don’t understand what we do. That’s in effect entirely our fault. If you brought in the best PR firm in the nation to diagnose our problem, they would sum it up pretty simply. We’ve allowed our detractors to frame the national debate and cast us as the villains.

We in the Intelligence Community are not winning hearts and minds in the U.S.. We’re not even trying. That’s what bothers me most.