Hacking Twitter for Fun and Profit

OK, call us cynical. When the news broke yesterday that the AP news service had been hacked resulting in a false story placed on Twitter about a bomb at the White House - and then the stock market crashed and recovered - our first thought was 'who bought the film rights?'

Because it sounded just like one of those Hollywood plots where the criminal causes mayhem in order to profit from the resultant chaos. Like, for instance the remake of 'Taking of Pelham 1-2-3' (John Travolta and Denzel Washington) or 'Wall Street: Money Never Sleeps' (Michael Douglas and Shia LaBoeuf).

Ironically (there we go again...) the Financial Times had just done an article a week earlier about the growing power of Twitter's effect on financial markets. This, however, is not what they had in mind. They were talking then about how savvy investors were using Twitter commentary to discern trends. Turns out, quite possibly, that someone even cleverer had something a tad more assertive in mind, like causing the market to crash, placing bets, er, investments, to profit from the almost inevitable crash - and its recovery. You'd have to be fast - algorithmic high speed trading fast. Which is to say, these days, a reasonably astute practitioner of the financial arts. But hardly a genius, or even cutting edge.

Knowledge is power. Regulators are hamstrung by the financial industry's determined assault on their authority precisely so that legally and morally dubious attempts to make money quickly and quietly can not be interfered with. Twitter is not to blame. It IS an interesting harbinger of trends and it may one day be harnessed in a manner that makes use of its data safe and fair. But that day is not today. JL

Tim Bradshaw and Arash Massoudi report in the Financial Times:

US markets suffered a brief but sharp sell-off after a news agency’s hacked Twitter account claimed there had been a terrorist attack on the White House.
The incident is the latest sign of the growing influence of Twitter on investor sentiment and the risks associated with inaccurate information being distributed through social media channels.
The bogus tweet from Associated Press’s main account told its millions of followers that Barack Obama had been injured in an explosion.

It comes just weeks after the US stock market regulator gave companies permission to use social media to communicate with investors and news agency Bloomberg’s move to pull selected tweets into its terminals for traders.
AP’s Twitter account, which has 1.9m followers and carries the site’s “verified” stamp of authenticity, posted at 1.07pm Eastern Time: “Breaking: Two Explosions in the White House and Barack Obama is injured.”
Within minutes, @AP’s account was suspended while other accounts associated with the news agency, such as AP reporter Sam Hananel, notified their followers that the inaccurate report was the result of a hacking attack.
“The @AP hack came less than an hour after some of us received an impressively disguised phishing email,” wrote AP reporter Mike Baker on his Twitter profile.
The White House’s press secretary confirmed in a briefing that there had been no attack in Washington.
However, the momentary alarm was enough to knock more than 130 points off the Dow Jones Industrial Average. The index fell just under 1 per cent before recovering all its losses minutes later.
“After the tweet went out, we noticed there was a liquidity gap in the market, where all the buy orders that were out there all of a sudden seemed to be getting cancelled,” said Reginald Browne, managing director of Knight Capital’s exchange traded funds business. “A minute and a half later, when the tweet seemed to be bogus, the market recovered.”
He said traders had discussed after the incident how the Securities and Exchange Commission might react in future amid the growing use of social media as a source of official information. The SEC declined to comment.
A group calling itself the “Syrian Electronic Army”, which has targeted several other Twitter accounts in recent days, claimed responsibility for the hijacking.
Social media sites such as Twitter and Reddit faced criticism from some quarters last week, including the White House, after they played host to rumours and speculation about the hunt for the Boston marathon bombing suspects.
“In this age of instant reporting, tweets and blogs, there’s a temptation to latch on to any bit of information, sometimes to jump to conclusions,” Mr Obama said last week. “But when a tragedy like this happens, with public safety at risk and the stakes so high, it’s important we do this right.”
Mainstream media outlets such as the New York Post and CNN also played a role in amplifying the online speculation in their traditional newspaper and broadcast formats.
AP’s is just the latest in a series of Twitter hijackings, adding to pressure on the social media company to improve its security measures. Hackers claiming to be sympathisers of the Syrian government this week took control of accounts belonging to the BBC, Al Jazeera, World Cup football organisers Fifa and broadcaster CBS’s @60Minutes show.
Brands including Burger King and Jeep have also been affected in recent weeks. Some observers have suggested that such security vulnerabilities could scare advertisers away from Twitter.
Tech companies such as Apple and Microsoft have recently introduced two-factor authentication to provide extra protection to their customers.