Why the AP hack is likely to happen again

An embarrassing Twitter hack caused a plunge in the markets and revealed the weakness in our reliance on technology. AAP

It has been a bad couple of weeks for social media and Twitter in particular. The degree of misinformation spread by social media sites in the aftermath of the bombings at the Boston marathon has given the world pause to reconsider its ongoing role in breaking news.

If there is wisdom in the crowds, it has been notably absent on Twitter. Following on this, and perhaps taking advantage of the nervousness of the US population in the wake of the bombings, someone hacked the Twitter account of news wire service Associated Press sending out a tweet claiming two explosions had occurred in the White House and that US President Barack Obama had been injured.

The Dow Jones Industrial Average plunged 143 points before recovering after it became obvious that the report was untrue.

Were the machines to blame?

It is not clear whether the crash was due to automated algorithmic trading software that scans social media and news feeds for such events. These systems have been blamed for so-called “flash-crashes” in the past.

Human traders were also to blame however, with some expressing their dismay at how easily the market can be manipulated.

The human traders should have been better than the computer algorithms at picking up the subtle signs that the tweet from the Associated Press account was fake. The capitalisation of the word explosion in the sentence “Two Explosions in the White House and Barack Obama is injured” and the use of the US President’s first name deviate from the Associated Press normal style. More importantly, there was no corroboration of the news from other independent sources.

The challenge presented by algorithmic trading is that the financial opportunity may exist only for a fraction of a second and so they are designed to act ahead of everyone else in the market. In these situations, there is rarely time to validate sources of a story.

The two lessons learned

The hack of the AP Twitter account highlights two things. Firstly, the absolute need for two-factor authentication to prevent accounts like this one from being hacked so easily. Two-factor authentication means that even if a password is compromised, hackers are not able to use it without the device that generates a second token that completes the login process.

Twitter is only now rolling out this functionality. The fact that it has taken this long is puzzling and verging on negligent given the consequences of security breaches of their user’s accounts. The AP account password was probably obtained from phishing emails that had been sent to staff only a few hours before the hacked account was used to tweet the message.

The second lesson from this incident has been to reinforce the need for Twitter users everywhere to treat all information on Twitter with absolute caution until it has been verified by a number of sources.

This is probably more difficult than it sounds as the attraction of Twitter is its immediacy and the belief that you are getting news in real-time. Even when not hacked, media sites have fallen into this trap themselves, either sending out unverified news items or re-tweeting them. Reuters recently sacked a senior web producer Matthew Keys for doing exactly this. Keys had been tweeting information he had picked up off police radio that later turned out to be incorrect.

The hackers behind the hack

As for who actually hacked the @AP account, a group calling itself the Syrian Electronic Army (SEA) has claimed credit.

The SEA are a hacking group formed to support the Syrian government against the Syrian rebels and what it saw as biased media reporting. It has claimed responsibility for a number of hacks of Twitter accounts and websites of media outlets such as NPR, 60 Minutes and the BBC Weather.

The challenge of hearing the signal

At the end of the day, the hack did limited damage and its impact on the stock exchange was likely to be an unforeseen side effect of the fake tweet. It worked because of the heightened sensitivity brought about by the recent Boston bombings.

It is unlikely that media agencies will have learned their lesson from this however and so we are undoubtedly going to see this episode repeated. Eventually however, society will learn the limitations of social media as a mechanism for distributing information and news. An ever-increasing challenge for all of us is being able to distinguish the signal from the noise.