Hackers attack news agency
Stock markets lose R1.2 trillion after false tweet on White House ‘blasts’
HACKERS took control of the Associated Press Twitter account yesterday and sent a false tweet about explosions in the White House that caused chaos in US financial markets.
A brief alert on the news agency’s @AP account read: “Breaking: Two explosions in the White House and Barack Obama is injured.”
Almost immediately the wire service posted via its corporate communications feed that its @AP Twitter account had been hacked, before suspending the service.
“Advisory: @AP Twitter account has been hacked. Tweet about an attack at the White House is false.
“We will advise more as soon as possible,” @AP_CorpComm posted.
AP spokesman, Paul Colford, later said the wire service had disabled other Twitter accounts after the attack and was working with the micro-blogging site to investigate the breach.
The FBI and the US Securities and Exchange Commission were investigating the incident.
White House spokesman, Jay Carney, said the president was unharmed.
“I can say that the president is fine,” Carney said soon after the fake tweet. “I was just with him.”
Stock markets plunged just as the report came out, with the Dow Jones Industrial Average losing 130 points, or 0.9 percent, and the S&P 500 dropping 12 points, or 0.8 percent.
Just as quickly they rebounded to where they were before the tweet, all within three or four minutes.
Online activists backing the regime of Syrian President Bashar al-Assad later claimed responsibility for the hack – the latest in a series they have orchestrated against high-profile news organisations.
The group – the so-called Syrian Electronic Army – also hacked the Twitter feeds of AFP and CBS News earlier this year.
“Ops! @AP get owned by Syrian Electronic Army! #SEA #Syria #ByeByeObama,” the group posted after yesterday’s hack.
The activists’ group has also previously claimed credit for hacking the websites of Sky News Arabia and Al-Jazeera Mobile.
Within three minutes of yesterday’s tweet, virtually all US markets took a plunge on the false news in what one trader described as “pure chaos”.
Securities and Exchange Commission (SEC) Commissioner Daniel Gallagher said the agency was looking into the bogus tweet’s impact on the markets.
Bounce-back
“I can’t tell you exactly what the facts are at this point or what we are looking for, but for sure we want to understand major swings like that, however short it was,” Gallagher said.
Reuters data showed the tweet briefly wiped out $136.5 billion (R1.2 trillion) of the S&P 500 index’s value before markets recovered. Some traders attributed the sharp fall and bounce-back to automatic electronic trading.
The Syrian Electronic Army had also claimed responsibility for the recent hacking of the Twitter account of world football supremo Sepp Blatter.
Blatter, the president of soccer world body Fifa, was targeted in a series of bogus tweets which announced he was stepping down because of corruption charges.
The group has in the past taken credit for similar invasions into Twitter accounts of National Public Radio, BBC and Reuters News as well.
A Twitter spokesman declined to comment on yesterday’s breach, saying the company did not comment “on individual accounts for privacy and security reasons”.
At a time when cybersecurity and hacking have become top national security concerns, Twitter and its reach to hundreds of millions of users is coming under growing scrutiny for the risk of privacy breaches on the site.
Stewart Baker, a cybersecurity lawyer at Steptoe & Johnson in Washington, said there was plenty of blame to spread around regarding yesterday’s incident.
“AP should have had better passwords, Twitter should have gone to at least optional two-factor authentication months ago, and guys on the street really should be thinking twice before they trade on Twitter reports. That’s risky,” Baker said.
For years, security experts have called on Twitter to introduce a two-factor authentication measure, which requires a two-step process to log in and which they say would greatly reduce such breaches.
In recent months, the San Francisco company has hired security experts and posted job listings for software engineers, who could help the company roll out two-factor authentication.
AP reported that hackers made repeated attacks before yesterday’s incident to steal the passwords of AP journalists.
“It is disturbing that the markets were so easily manipulated by false information,” Democratic Senator Jack Reed of Rhode Island who sits on the Banking Committee, said yesterday.
“Congress and regulators, particularly the SEC, should closely examine this case and social media policies to try to prevent this from recurring.” – Sapa-AFP, Reuters