In this video, InvestorIntel panelists rare earths experts Jack Lifton, Tracy Weslosky and Christopher Ecclestone express their skepticism at a report released yesterday that alleges a co-ordinated social media campaign out of China targeted the Australian rare earths mining company, Lynas Rare Earths Ltd. (ASX: LYC), with tweets and Facebook posts criticizing its alleged environmental record and calling for protests of its planned rare earths processing facility in Texas.

While the story has been picked up by mainstream and industry media, a deeper dive makes it look increasingly unlikely that this “campaign” was, as claimed, part of a Chinese effort to undermine foreign attempts to develop a rare earths processing capability outside of China and maintain China’s current dominance. While China makes a good James Bond villain in western politics and the popular press, a look at the evidence doesn’t necessarily point in their direction as the main movers in this case. For people familiar with online campaigns, this one attributed to China’s influence campaign known as DRAGONBRIDGE seems particularly weak and unfocused. The campaign and its associated hashtags never trended on Twitter, which is unfortunately all too easy to do with modern botfarms and technology.

Some tweets came out of China or were posted in Chinese, but that doesn’t a conspiracy make. A look at the tweets indicates some of them came from newly-created, zero-follower accounts, which is not the way to get something trending. China has much greater cyberwarfare capabilities than shown in this example. If anything, it is more reminiscent of anti-mining environmental activist campaigns that are a part of life for many mining companies. These can be co-ordinated by small but dedicated groups of activists unhappy with a company’s environmental or human rights records, real or perceived. In order to rise above the noise of social media, they often use multiple accounts and contacts with other groups to look larger than they are to increase their influence. The brief online campaign against Lynas – especially tweets from Malaysia where Lynas has a rare earths plant – looks far more like that than it does a co-ordinated attack by the Chinese cybersecurity forces.

Could the Chinese government have paid brief attention and contributed a few gratuitous kicks to a social media campaign that gave Lynas a poke? Possibly. We know that for years Russia has waged a disruptive social media war in the US and other western countries simply to make trouble, often working both sides of an issue to cause instability. The media has breathlessly connected the dots between China and the recent announcement that the US Department of Defense is increasing funding of Lynas’s rare earths facility in Texas. It is hard to believe that the Chinese cyberwarfare establishment thinks that they can undo $120 million in strategic funding by the DoD with a few tweets.

The Mandiant report also says that in June Chinese DRAGONBRIDGE social media accounts began targeting two other rare earths companies – the Canadian rare earths mining company Appia Rare Earths & Uranium Corp. (CSE: API | OTCQB: APAAF) a company well known to InvestorIntel, and the American rare earths supplier USA Rare Earth LLC. One has to wonder about the thinking behind choosing these targets if this is a co-ordinated campaign. Attacking them is hardly going to ensure Chinese dominance in the rare earths space, which makes the whole Chinese conspiracy theory fall apart.

“Cui bono?” – Who benefits? That was the question Roman judge Lucius Cassius asked in difficult cases. The benefit to China is negligible to non-existent. The West will continue to search for domestic rare earths and develop processing facilities. Will some company, analyst or investor group benefit from an attempt at bad press or stock slippage? Or is it a social media campaign by a handful unhappy activists groups that jump on an anti-mining bandwagon that ultimately goes nowhere, even with a couple of half-hearted contributions from China?

And unless you think that I am naïve, I worked on Chinese projects with Chinese partners for over a decade. China has – to say the least – a unique way of doing business. We have seen them attempt to exert influence to gain economic advantage around the world, however I have seen Connecticut hedge funds do the same and worse. But these kinds of campaigns out of China – like the brutal one to release Meng Wanzhou, the CFO for Chinese telecom giant Huawei, that included taking Canadian hostages in addition to a social media campaign – are waged skillfully and with a purpose. It is hard to see any of that skill or purpose in this case.

As the events in Ukraine continue to unfold (#StandWithUkraine), one must keep in mind how this invasion started. Well before Russian troops started pouring over the borders into Ukraine the cyberwar was laying the groundwork. Beginning on February 15^th, a series of distributed denial of service (DDoS) attacks commenced. These attacks impacted Ukrainian government organizations including the Ministry of Defense, Ministry of Foreign Affairs, Armed Forces of Ukraine and the publicly funded broadcaster Ukrainian Radio. Additionally, the attacks targeted two banking institutions, PrivatBank and Oschadbank. On Feb. 18, both the United States and the United Kingdom attributed these DDoS attacks to Russia’s Main Intelligence Directorate (GRU).

These attacks have continued, and on February 23^rd, a new variant of malware named HermeticWiper was discovered in Ukraine. Shortly after, a new round of website defacement attacks were also observed impacting Ukrainian government organizations. Putin and his team of henchmen were trying to shake the resolve of the Ukrainian people with misinformation, while attempting to disrupt, disable or destroy critical infrastructure. But don’t think that the threat ends there. Future attacks may target U.S. and Western European organizations in retaliation for increased sanctions or other political measures against the Russian government.

I don’t know if it is related or not but today Toyota Motor Corp. (NYSE: TM) will suspend work at all of its Japan factories after a supplier shut down its computer systems over concern about a possible cyberattack. The world’s top auto producer said it will suspend operations at all 14 plants in its home country. The stoppage is linked to Kojima Press Industry Co., which detected an abnormality in its internal server network. The manufacturer of metal, plastic, and electronic components found evidence its network was accessed from outside the company, raising concern about a possible cyberattack and leading Kojima Press to shut down the system. The supplier is trying to restore the system for March 2^nd but I wouldn’t be surprised if it takes a lot longer than that. Regardless, a possible hack at a supplier will shut down the world’s largest car manufacturer for at least 2 days where a one-day stoppage for Toyota’s factories in Japan translates to roughly 13,000 vehicles. This is going to have a material impact on cash flow for a lot more companies in the overall supply and distribution chain than just Toyota and Kojima.

These are just the latest examples of the importance of protecting our digital way of life across clouds, networks, and mobile devices. There is virtually no commerce done on this planet anymore that doesn’t have some sort of digital impact that can be tampered with, hacked or stolen, unless of course you produce local goods or crafts, only accept cash for payment, leave that cash in a safe and don’t report it to the tax authorities. Otherwise, everyone in the developed and even most developing nations has some sort of digital footprint. That’s why cyber security should be paramount for virtually every corporation and potentially every individual out there and why I believe it is a very compelling investment thesis.

Somewhat surprisingly, at least to me, is that a lot of the ETFs and individual cyber security stocks are trading at lower prices than they were when I first visited this subject on October 28, 2021. However, at the time they were trading at fairly rich levels and with most growth stocks being put in the penalty box due to the specter of rising interest rates, a lot of these stocks sold off through to the end of January. Then the whole sector seemed to get caught up in the panic selling last week as Putin began the ground war in Ukraine, despite all the cyber attacks that preceded physical troops crossing the border. This was probably the dip to buy as everything related to cyber security has caught a serious bid the last 3 days.

Granted, one stock has outperformed its peer group and is trading 19% higher than its October 28 close. Palo Alto Networks Inc. (NYSE: PANW) appears to be in a slightly different league than its competitors based on the performance of its share price over the last 4 months. Albeit the stock is up 25% in the last 4 days, which might make someone wonder if now is the time to buy. Technically, it just broke out to a new all-time high yesterday which is considered a bullish move by most technicians and sets the stock apart from its peers. Combine that with the fact that they are in a sector that could be one of the most important businesses going forward and you might want to put Palo Alto Networks on your radar. If nothing else, the Company has a good blog to help keep you up to speed on global cyber threats, which is where I sourced a bunch of the information in this article.