We're living in the age of the hacker

Hack or be hacked.

Never in the history of written communication could 140 characters have the impact that they can have now

Two weeks ago, after gaining access to the Associated Press’s main Twitter account (@AP), the Syrian Electronic Army (SEA) posted a fake tweet reporting two explosions in the White House and the injury of President Barack Obama. Within seconds, US financial markets dropped by about 1%.

Minutes later, Twitter was abuzz with refutations. Reporters at the White House tweeted that they felt no explosion, and AP reporters and the AP Politics Twitter account announced that @AP had been hacked. At his afternoon briefing, White House press secretary Jay Carney confirmed that Obama was indeed unharmed. Financial markets returned to their pre-hoax level.

The @AP Twitter hoax represents systemic risk that cannot be eliminated, for it arises from the interaction of highly integrated financial markets and increasingly democratized news delivery. Given strong incentives for malicious parties to perpetrate such hoaxes, we should expect to see an increase in incidents.

Financial markets are vulnerable to manipulation, because they are not in the business of evaluating the truth. Trading often favours first movers, so being fast but wrong can still be profitable.

Imagine that a sophisticated trading firm has invested significant resources to develop an algorithm that quickly evaluates the potential market impact of news, and then automatically sends orders to trade based on that predicted impact. When that algorithm parses a tweet from the AP containing important keywords (explosion, White House, and Obama), it will send orders to sell with the expectation that the market will drop as others – first, slower algorithms, then even slower humans – start to process the same news.

The first mover is happy to make such trades without verifying that the news is true. If it is true, the market will stay down or continue dropping, and the first mover will profit from the sales that it has made. If the story is a hoax, the market will probably return to its earlier, fairly valued level, and the first mover will break even on its sales, and possibly profit from any position purchased as a hedge when the market was down. The first mover’s algorithm worked, regardless of the story’s veracity.

The likely losers in the @AP Twitter hoax were later movers who did not react quickly to the news, but reacted instead to the market’s movement.

These late movers were also likely to have been sophisticated electronic or institutional traders; some were probably using arbitrage-based strategies that relied on the futures market for a calculation of the fair price.

The market’s vulnerability to hoax stories is thus difficult to eliminate, for it is inherent in its structure. It cannot be regulated away or fixed by technology or surveillance.

Even if markets moved more slowly, there would still be a first mover who responded before such a news story was revealed as a hoax. This dynamic is similar to that of an asset bubble, albeit faster. In a bubble, valuations are based on collectively evaluated evidence, and those who enter the market earliest often benefit. Whether evaluating an assumption about the rise of house prices or whether a news story is true, the market does not provide a definitive answer instantaneously.

If protecting against hoaxes is not the market’s purview, can news agencies or new media entities like Twitter prevent such deception? To be sure, they have suffered reputational damage from this fiasco and will likely try to improve. But their efforts will not be enough.

Twitter’s vulnerabilities were technically understood before this event, and the service was already moving toward a more sophisticated authentication model (a password paired with a one-time key from a text message or other device). Twitter will likely implement this soon. It should also consider adding an optional “two-key” system, in which an independent signoff from a separate account is required before a proposed tweet is broadcast. But, while such measures would increase the difficulty of hacking the system, no technological fix can make it impenetrable.

What about the AP’s vulnerabilities? Attackers launched a “phishing” attempt against the AP’s emails shortly before the hoax tweet was sent. Phishing attacks, in which an employee is duped into sending a password to a third party or clicking an untrusted link that installs malicious software, represent a hybrid of cultural and technological failures.

As attackers become more sophisticated, they send better-crafted emails, sometimes impersonating trusted sources that lure unwary users. Crafting a culture of security is difficult and often at odds with the dynamic and decentralised work environment of a fast-moving newsroom.

This story can be read in full at economia

Chris Clearfield is a principal at System Logic, an independent research and consulting firm that focuses on issues of risk and complexity. András Tilcsik is an assistant professor of strategic management at the Rotman School of Management at the University of Toronto.

Photograph: Getty Images

This is a news story from economia.

Getty
Show Hide image

How the Lib Dems learned to love all-women shortlists

Yes, the sitting Lib Dem MPs are mostly white, middle-aged middle class men. But the party's not taking any chances. 

I can’t tell you who’ll be the Lib Dem candidate in Southport on 8 June, but I do know one thing about them. As they’re replacing a sitting Lib Dem (John Pugh is retiring) - they’ll be female.

The same is true in many of our top 20 target seats, including places like Lewes (Kelly-Marie Blundell), Yeovil (Daisy Benson), Thornbury and Yate (Clare Young), and Sutton and Cheam (Amna Ahmad). There was air punching in Lib Dem offices all over the country on Tuesday when it was announced Jo Swinson was standing again in East Dunbartonshire.

And while every current Lib Dem constituency MP will get showered with love and attention in the campaign, one will get rather more attention than most - it’s no coincidence that Tim Farron’s first stop of the campaign was in Richmond Park, standing side by side with Sarah Olney.

How so?

Because the party membership took a long look at itself after the 2015 election - and a rather longer look at the eight white, middle-aged middle class men (sorry chaps) who now formed the Parliamentary party and said - "we’ve really got to sort this out".

And so after decades of prevarication, we put a policy in place to deliberately increase the diversity of candidates.

Quietly, over the last two years, the Liberal Democrats have been putting candidates into place in key target constituencies . There were more than 300 in total before this week’s general election call, and many of them have been there for a year or more. And they’ve been selected under new procedures adopted at Lib Dem Spring Conference in 2016, designed to deliberately promote the diversity of candidates in winnable seats

This includes mandating all-women shortlists when selecting candidates who are replacing sitting MPs, similar rules in our strongest electoral regions. In our top 10 per cent of constituencies, there is a requirement that at least two candidates are shortlisted from underrepresented groups on every list. We became the first party to reserve spaces on the shortlists of winnable seats for underrepresented candidates including women, BAME, LGBT+ and disabled candidates

It’s not going to be perfect - the hugely welcome return of Lib Dem grandees like Vince Cable, Ed Davey and Julian Huppert to their old stomping grounds will strengthen the party but not our gender imbalance. But excluding those former MPs coming back to the fray, every top 20 target constituency bar one has to date selected a female candidate.

Equality (together with liberty and community) is one of the three key values framed in the preamble to the Lib Dem constitution. It’s a relief that after this election, the Liberal Democratic party in the Commons will reflect that aspiration rather better than it has done in the past.

Richard Morris blogs at A View From Ham Common, which was named Best New Blog at the 2011 Lib Dem Conference

0800 7318496