The Hacked Tweet That Took Down Wall Street

I am only surprised it took so long.

Yesterday, a “breaking news” tweet at 1:07 PM EDT from the Associated Press reported that two explosions had occurred at the White House and President Obama had been injured. The news immediately sent the Dow Jones Industrial Average down 143 points, as this graph at the London Telegraph shows. There's also a lovely animated display of the “flash crash” by market research firm Nanex LLC.

It took about three minutes for the tweet to be repudiated, and a bit longer for the AP to acknowledge that its Twitter account had indeed been compromised. According to its own story posted last night, all of the AP's Twitter accounts (including its Mobile Twitter account) were suspended and it was “working to correct the issue.” The AP also stated that the “Syrian Electronic Army claimed responsibility for the hack,” but added that, “This couldn’t be corroborated.”

The SEA, which supports the Syrian Government, has taken credit for a number of recent Twitter account compromises, including the  BBC, National Public Radio, CBS News and the President of FIFA. Last August, there were a number of fake news stories published regarding the Syrian conflict as well. Facebook is also a Syrian conflict social battleground.

A more intriguing statement in the AP story generated lot of speculation: “The attack on AP's Twitter account and the AP Mobile Twitter account was preceded by phishing attempts on AP's corporate network.” This suggests that someone in the AP downloaded a phish email (seemingly confirmed by AP reporter Mike Baker) which led to the compromise of the AP Twitter accounts. However, when asked for clarification, the AP refused any further comment, maybe on the advice of the FBI and the U.S. Securities and Exchange Commission, who are looking into the incident.

Partial blame for the rapid sell-off of stocks is being given to computer-driven trading algorithms that depend on machine readable news (pdf). This is an issue I raised back in 2007 when the Thomas Corporation announced it was pushing hard to deliver such machine readable stories within 0.3 seconds of publication. (Presumably the latency period is much lower by now.) In lieu of an I-told-you-so, I'll just wonder how it is that six years wasn't enough time for the markets to have fixed this problem, and to ask whether it's really a good idea that Twitter has become, as the Financial Times called it earlier this month, the business investor's “social media tool of choice.”

And it's just going to get worse. Bloomberg L.P. recently announced that it was “incorporating tweets into its data service.” The New York Times reported that, “Bloomberg’s new service sorts tweets by company and topic, allowing users to search by key word and to set up alerts for when a particular company is getting an unusual amount of attention.” A Bloomberg spokesperson was quotes as saying, “We were getting requests from customers who were seeing news they wanted to be aware of on Twitter.” There was no mention of a Bloomberg capability to sort out fake tweets.

Facebook, Google, and Microsoft all have two-factor authentication. If a single tweet can roil the stock market in 140 characters and 0.3 seconds or less, shouldn't Twitter as well?

It will be interesting to see whether a lawsuit will be filed against the AP or a trading firm. Of course, when the AP tweets the news of it, maybe that'll be a fake tweet too.

And by the way, according to Bloomberg News, a “normal” flash crash hit Google stock earlier this week, which may have been the result of a fat-finger trade—for not the first time. Between clumsy traders, klutzy reporting agents, and hackable social networks, these days the market is about as secure as a china shop with a bull market roaming the aisles. You can tweet me on that.