In what might have been an act of cyber war, hackers broke into the Twitter account of the Associated Press (AP) on 23 April this year spreading a false report that saw close on $140 billion being wiped off the US stock market. Although losses were rapidly recovered, the incident exposed some disturbing vulnerabilities in the global financial system.
The false report claimed that two bombs had exploded at the White House, injuring Barack Obama. It took several minutes before it became clear it was an act of malicious cyber mischief, enough time for the Dow Jones industrial average to plummet 140 points in the space of two minutes, as automated algorithms dumped stock in anticipation of a US national crisis.
The Syria Electronic Army (SEA), a group that is reported to have the tacit support of Syrian president Bashar al-Assad, claimed responsibility for the cyber attack on AP’s system. To date this claim has not been independently confirmed and might just have been an opportunistic propaganda stunt.
However, if SEA was not responsible, it poses the question of who was responsible and to what purpose. If not an act of cyber war, were some commercial or other, technological astute interests making a killing in the world of split-second computer automated share trading?
Commissioner Daniel Gallagher of the US Securities and Exchange Commission (SEC) said, "You can rest assured we're looking into it. I can't tell you exactly what the facts are at this point or what we're looking for, but for sure we want to understand major swings like that, however short it was."
The incident, in which the Twitter account of probably America’s most trusted news source with nearly two million followers was manipulated, not only highlighted the risks associated with inaccurate information being distributed via social media networks, but also the risks associated with algorithm-based automated share trading. In this environment of split-second transactions, billions could have been made as well.
The incident comes at a time when cyber security and hacking have become top security concerns around the world. Twitter and its reach to hundreds of millions of users is coming under growing scrutiny for the risk of privacy breaches on the site.
SEA has in the past also claimed it was behind hacks into the Twitter accounts of National Public Radio CBS's 60 Minutes programme, the Soccer World Cup and FIFA president Sepp Blatter.
Both the @AP and @AP_Mobile Twitter accounts were suspended shortly after the fake tweet, and the news organisation later reported that the tweet came after hackers made repeated attempts to steal the passwords of AP journalists.
One of the questions that remains unanswered, however, is whether the attack on the AP Twitter account was indeed designed and executed for financial gain. If so, it is unlikely that the perpetrators will ever be cornered.
That the hacking of Twitter accounts is at times used for commercial purposes is borne out by reportsthat earlier this year, hackers also hijacked Twitter accounts of Chrysler's Jeep brand and fast-food chain Burger King.
Bloomberg's professional trading platform started incorporating tweets earlier this year. After last week’s AP attack, Bloomberg’s spokeswoman, Sabrina Briefel, said the fake tweet appeared on the Bloomberg terminal but the company was not reconsidering its decision to include tweets.
Despite the reaction from Bloomberg, the fact remains that the AP incident has again exposed a huge risk factor in automated electronic share trading. In recent years a revolution has occurred in the financial sector with the rise of trading algorithms and high-frequency trading firms.
At the heart of the problem is the fact that human analysts cannot keep pace with the speed of the market dominated by computer-placed orders. Professor Michael Hudson estimates in his book The Bubble and Beyond that the average length of time a stock was held in 2011 was 22 seconds.
This creates two huge problems:
The whole essence of stock trading, that is to say, investing in a business because you think it is a good business, has broken down and
as again illustrated by the AP incident, this type of trading brings immense volatility.
The latest incident is also not the first warning of the risks associated with this kind of trading and that tighter monitoring and regulation might be needed. In 2010, a 'flash crash' caused by a rogue algorithm wiped off nearly a trillion dollars and the shares of some of the biggest corporations in the world were being sold for mere cents per share.
What might have saved the day, at least to some extent, in the AP incident is that the US the SEC after the 2010 experience mandated some 'circuit breakers' in algorithms-based trading of individual stocks on American exchanges.
It is however, a scary thought that several exchanges around the world, including the Johannesburg Stock Exchange, still run without protection, creating the potential for the kind of hacking seen at AP, on the back of which a killing worth billions off selling stocks short, if properly timed, could be made.