We're living in the age of the hacker

Hack or be hacked.

Never in the history of written communication could 140 characters have the impact that they can have now

Two weeks ago, after gaining access to the Associated Press’s main Twitter account (@AP), the Syrian Electronic Army (SEA) posted a fake tweet reporting two explosions in the White House and the injury of President Barack Obama. Within seconds, US financial markets dropped by about 1%.

Minutes later, Twitter was abuzz with refutations. Reporters at the White House tweeted that they felt no explosion, and AP reporters and the AP Politics Twitter account announced that @AP had been hacked. At his afternoon briefing, White House press secretary Jay Carney confirmed that Obama was indeed unharmed. Financial markets returned to their pre-hoax level.

The @AP Twitter hoax represents systemic risk that cannot be eliminated, for it arises from the interaction of highly integrated financial markets and increasingly democratized news delivery. Given strong incentives for malicious parties to perpetrate such hoaxes, we should expect to see an increase in incidents.

Financial markets are vulnerable to manipulation, because they are not in the business of evaluating the truth. Trading often favours first movers, so being fast but wrong can still be profitable.

Imagine that a sophisticated trading firm has invested significant resources to develop an algorithm that quickly evaluates the potential market impact of news, and then automatically sends orders to trade based on that predicted impact. When that algorithm parses a tweet from the AP containing important keywords (explosion, White House, and Obama), it will send orders to sell with the expectation that the market will drop as others – first, slower algorithms, then even slower humans – start to process the same news.

The first mover is happy to make such trades without verifying that the news is true. If it is true, the market will stay down or continue dropping, and the first mover will profit from the sales that it has made. If the story is a hoax, the market will probably return to its earlier, fairly valued level, and the first mover will break even on its sales, and possibly profit from any position purchased as a hedge when the market was down. The first mover’s algorithm worked, regardless of the story’s veracity.

The likely losers in the @AP Twitter hoax were later movers who did not react quickly to the news, but reacted instead to the market’s movement.

These late movers were also likely to have been sophisticated electronic or institutional traders; some were probably using arbitrage-based strategies that relied on the futures market for a calculation of the fair price.

The market’s vulnerability to hoax stories is thus difficult to eliminate, for it is inherent in its structure. It cannot be regulated away or fixed by technology or surveillance.

Even if markets moved more slowly, there would still be a first mover who responded before such a news story was revealed as a hoax. This dynamic is similar to that of an asset bubble, albeit faster. In a bubble, valuations are based on collectively evaluated evidence, and those who enter the market earliest often benefit. Whether evaluating an assumption about the rise of house prices or whether a news story is true, the market does not provide a definitive answer instantaneously.

If protecting against hoaxes is not the market’s purview, can news agencies or new media entities like Twitter prevent such deception? To be sure, they have suffered reputational damage from this fiasco and will likely try to improve. But their efforts will not be enough.

Twitter’s vulnerabilities were technically understood before this event, and the service was already moving toward a more sophisticated authentication model (a password paired with a one-time key from a text message or other device). Twitter will likely implement this soon. It should also consider adding an optional “two-key” system, in which an independent signoff from a separate account is required before a proposed tweet is broadcast. But, while such measures would increase the difficulty of hacking the system, no technological fix can make it impenetrable.

What about the AP’s vulnerabilities? Attackers launched a “phishing” attempt against the AP’s emails shortly before the hoax tweet was sent. Phishing attacks, in which an employee is duped into sending a password to a third party or clicking an untrusted link that installs malicious software, represent a hybrid of cultural and technological failures.

As attackers become more sophisticated, they send better-crafted emails, sometimes impersonating trusted sources that lure unwary users. Crafting a culture of security is difficult and often at odds with the dynamic and decentralised work environment of a fast-moving newsroom.

This story can be read in full at economia

Chris Clearfield is a principal at System Logic, an independent research and consulting firm that focuses on issues of risk and complexity. András Tilcsik is an assistant professor of strategic management at the Rotman School of Management at the University of Toronto.

Photograph: Getty Images

This is a news story from economia.

Getty
Show Hide image

Google’s tax worries, Oxford’s race dilemma and the left-wing case for leaving Europe

The truth is that many black students looking at the white, middle-class Oxford would justifiably conclude that they don’t belong.

As a Gmail user and a Google searcher, am I morally compromised by using the services of a serial tax avoider? Surely not. Google gets roughly 95 per cent of its revenues from advertising and much of that from clicks on the ads that surround its offerings. I have long observed a rule never to click on any of these, even when they advertise something that I need urgently. Instead, I check the seller’s website address and type it directly into my browser.

Taking full advantage of its services without contributing to its profits strikes me as a very good way of damaging the company. More problematic are pharmaceutical companies such as AstraZeneca (zero UK corporation tax in 2014) and GlaxoSmithKline (UK corporation tax undisclosed but it has subsidiaries in tax havens), which makes many prescription drugs and consumer products such as toothpaste – I chew it to stop me smoking. To boycott all such companies, as well as those that underpay their workers or pollute the planet, one would need, more or less, to drop out from the modern world. Consumer boycotts, though they have a certain feel-good factor, aren’t a substitute for electing governments that will make a concerted effort to tax and regulate big corporations.

 

After EU

David Cameron is finding it hard to get changes to EU rules that he can credibly present as concessions. But the talks that would follow a vote for Brexit would be a hundred times more difficult. Ministers would need to negotiate access to the single market, renegotiate trade deals with 60 other countries and make a deal on the status of Britons living in the EU, as well as EU citizens living here. All this would create immense uncertainty for a fragile economy.

With a current-account trade deficit of 4 per cent, the dangers of a run on sterling would be considerable. (This apocalyptic scenario is not mine; I draw on the wisdom of the Financial Times economics editor, Chris Giles.) But here’s the question. If the UK got into the same pickle as Greece – and George Osborne had to do a Norman Lamont, popping out of No 11 periodically to announce interest-rate rises – Jeremy Corbyn would walk the 2020 election. Should we lefties therefore vote Out?

 

University blues

Hardly a Sunday now passes without David Cameron announcing an “initiative”, either on TV or in the newspapers. The latest concerns the under-representation of black Britons at top universities, notably Oxford, which accepted just 27 black students in 2014 out of an intake of more than 2,500. As usual, Cameron’s proposed “action” is risibly inadequate: a requirement that universities publish “transparent” data on admissions and acceptances, much of which is already available, and a call for schools to teach “character”, whatever that means.

The truth is that many black students looking at the white, middle-class Oxford – with its disproportionate numbers from a handful of fee-charging schools, such as Eton – would justifiably conclude that they don’t belong. Cameron rules out quotas as “politically correct, contrived and unfair”. But quotas in some form may be what is needed if young people from poor white, as well as black, homes are ever to feel that they would be more than interlopers.

In the meantime, Cameron could tell elite universities to stop setting ever-higher barriers to entry. As well as demanding two A*s and an A at A-level, Oxford and Cambridge are introducing tests for “thinking skills” and subject-specific “aptitude”. Whatever the developers of such tests claim, it is possible to coach students for them. State schools don’t have the resources to do so or even to research the complex requirements of the various colleges and subjects. Oxbridge admissions tutors must know this but evidently they don’t care.

 

A fine balance

The latest government figures show that, despite the former education secretary Michael Gove introducing £60 fines for parents who take their children on term-time breaks, the days lost to unsanctioned holidays are up by 50 per cent to three million in four years. This was a predictable result. Previously, the sense of an obligation to respect the law and set their children an example of doing so persuaded most parents to confine absences to school holidays. Now a modest price has been placed on term-time holidays. Parents do the sums and note that they save far more than £60 on cheaper flights and hotels.

A similar outcome emerged in Israel when daycare centres introduced fines for parents who arrived late. Previously, most preferred to avoid the embarrassment of apologising to a carer and explaining why they had been delayed. Once it became just a monetary transaction, many more happily arrived late and paid the price.

 

Minority report

Here in Loughton, Essex, where I live quietly and unfashionably, we are dancing in the streets. Well, not quite, but perhaps we ought to be. According to an analysis by the Policy Exchange think tank, Loughton is the third most integrated community in England and Wales, just behind Sutton Coldfield in the West Midlands and Amersham, Buckinghamshire, but above 157 others that have significant minorities. We are well ahead of fashionable London boroughs such as Islington and Hackney, where residents obviously keep Muslims and eastern Europeans out of their vibrant dinner parties, whereas we have bearded imams, African chiefs in traditional dress and Romanian gypsies dropping in for tea all the time.

Again, not quite. I’m not sure that I have met that many non-indigenous folk around here, or even seen any, except in the local newsagents. Still, I am grateful to Policy Exchange for brushing up Loughton’s public image, which was in need of a facelift after the BNP won four seats on the council a few years ago and a TOWIE actor opened a shop on the high street.

Peter Wilby was editor of the Independent on Sunday from 1995 to 1996 and of the New Statesman from 1998 to 2005. He writes the weekly First Thoughts column for the NS.

This article first appeared in the 05 February 2015 issue of the New Statesman, Putin's war