Total Pageviews

Wednesday, April 24, 2013

Investigations Expand in Hacking of A.P. Twitter Feed

Three federal agencies are now investigating an incident Tuesday in which hackers hijacked the Twitter account for The Associated Press and momentarily erased $136 billion from the stock market after they posted a fake Tweet reporting that there had been explosions at the White House that injured President Obama.

A group calling itself the Syrian Electronic Army claimed responsibility for the attack on Twitter, but the Federal Bureau of Investigation is investigating who was behind the attack, and the Securities and Exchange Commission and the Commodity Futures Trading Commission are investigating the impact of the attacks on the maket.

“We have standard operating procedures whenever there are market developments, and this is no exception,” said John Nester, an S.E.C. spokesman. “These procedures start with getting the facts about what occurred. We do not limit ourselves to looking at the catalyst for an event, but also its repercussions, to determine whether any further inquiries or actions are warranted.”

The A.P.’s account was the fourth prominent Twitter account of a media organization to be hacked in recent months â€" accounts for CBS, NPR and the BBC have all been hijacked by hackers recently â€" but the A.P. incident had the most serious impact. Within seconds of the fake A.P. post, the Dow Jones Industrial Average nosedived, dropping 150 points, before recovering five minutes later. High-frequency trading algorithms that re designed to make trades based on certain headlines served as a catalyst.

The C.F.T.C. is now investigating trading in 28 futures contracts that took place over that five-minute period, according to CNBC. A C.F.T.C. spokesman did not immediately return a request for comment but John Chilton, an commissioner with the agency, told CNBC Wednesday that “We need certain rules of the road for technology and that’s particularly true with the advent of social media.”

Mr. Chilton, who referred to high frequency traders as “cheetahs,” noted that there was no “kill switch” in their technology to prevent them from acting on misinformation. “We need to set up basic rules of the road,” Mr. Chilton said. “We should not just accept technology blindly.”

The timing of the A.P. on Twitter comes just two weeks after Bloomberg announced that it would start incorporating Twitter feeds into its financial information terminals. The new feature allows traders to monitor social media buzz and market-moving news from their Bloomberg terminals. Ironically, Bloomberg introduced the service, in part, to prevent the spread of misinformation on Twitter after an erroneous tweet suggested that Syrian President Bashar al-Assad was dead last August, creating a surge in crude oil prices.

The incident Tuesday also raised questions about security on Twitter. Logging on to Twitter requires the same process for a company as for a consumer â€" just one user name and one password â€" and security experts say Twitter could do more.

Until now, Twitter has resisted incorporating two-factor authentication, a verification approach that can, for example, send a second, one-time password via text message to users’ mobile phones to keep attackers from hijacking their accounts with a single, stolen password. Microsoft rolled out two-factor authentication last week. Apple added it in March. Both Google and Facebook have offered the service for years.

“It’s a very established baseline,” Mark Risher, co-founder of Impermium, an Internet security start-up that aims to help social networks, said Tuesday. “But there are costs, and user friction is introduced. You could put four deadbolts on your front door, but it’s going to be a pain every time you go to the drugstore. That said, why not offer it? I don’t have a good answer for that.”