We're living in the age of the hacker

Hack or be hacked.

Never in the history of written communication could 140 characters have the impact that they can have now

Two weeks ago, after gaining access to the Associated Press’s main Twitter account (@AP), the Syrian Electronic Army (SEA) posted a fake tweet reporting two explosions in the White House and the injury of President Barack Obama. Within seconds, US financial markets dropped by about 1%.

Minutes later, Twitter was abuzz with refutations. Reporters at the White House tweeted that they felt no explosion, and AP reporters and the AP Politics Twitter account announced that @AP had been hacked. At his afternoon briefing, White House press secretary Jay Carney confirmed that Obama was indeed unharmed. Financial markets returned to their pre-hoax level.

The @AP Twitter hoax represents systemic risk that cannot be eliminated, for it arises from the interaction of highly integrated financial markets and increasingly democratized news delivery. Given strong incentives for malicious parties to perpetrate such hoaxes, we should expect to see an increase in incidents.

Financial markets are vulnerable to manipulation, because they are not in the business of evaluating the truth. Trading often favours first movers, so being fast but wrong can still be profitable.

Imagine that a sophisticated trading firm has invested significant resources to develop an algorithm that quickly evaluates the potential market impact of news, and then automatically sends orders to trade based on that predicted impact. When that algorithm parses a tweet from the AP containing important keywords (explosion, White House, and Obama), it will send orders to sell with the expectation that the market will drop as others – first, slower algorithms, then even slower humans – start to process the same news.

The first mover is happy to make such trades without verifying that the news is true. If it is true, the market will stay down or continue dropping, and the first mover will profit from the sales that it has made. If the story is a hoax, the market will probably return to its earlier, fairly valued level, and the first mover will break even on its sales, and possibly profit from any position purchased as a hedge when the market was down. The first mover’s algorithm worked, regardless of the story’s veracity.

The likely losers in the @AP Twitter hoax were later movers who did not react quickly to the news, but reacted instead to the market’s movement.

These late movers were also likely to have been sophisticated electronic or institutional traders; some were probably using arbitrage-based strategies that relied on the futures market for a calculation of the fair price.

The market’s vulnerability to hoax stories is thus difficult to eliminate, for it is inherent in its structure. It cannot be regulated away or fixed by technology or surveillance.

Even if markets moved more slowly, there would still be a first mover who responded before such a news story was revealed as a hoax. This dynamic is similar to that of an asset bubble, albeit faster. In a bubble, valuations are based on collectively evaluated evidence, and those who enter the market earliest often benefit. Whether evaluating an assumption about the rise of house prices or whether a news story is true, the market does not provide a definitive answer instantaneously.

If protecting against hoaxes is not the market’s purview, can news agencies or new media entities like Twitter prevent such deception? To be sure, they have suffered reputational damage from this fiasco and will likely try to improve. But their efforts will not be enough.

Twitter’s vulnerabilities were technically understood before this event, and the service was already moving toward a more sophisticated authentication model (a password paired with a one-time key from a text message or other device). Twitter will likely implement this soon. It should also consider adding an optional “two-key” system, in which an independent signoff from a separate account is required before a proposed tweet is broadcast. But, while such measures would increase the difficulty of hacking the system, no technological fix can make it impenetrable.

What about the AP’s vulnerabilities? Attackers launched a “phishing” attempt against the AP’s emails shortly before the hoax tweet was sent. Phishing attacks, in which an employee is duped into sending a password to a third party or clicking an untrusted link that installs malicious software, represent a hybrid of cultural and technological failures.

As attackers become more sophisticated, they send better-crafted emails, sometimes impersonating trusted sources that lure unwary users. Crafting a culture of security is difficult and often at odds with the dynamic and decentralised work environment of a fast-moving newsroom.

This story can be read in full at economia

Chris Clearfield is a principal at System Logic, an independent research and consulting firm that focuses on issues of risk and complexity. András Tilcsik is an assistant professor of strategic management at the Rotman School of Management at the University of Toronto.

Photograph: Getty Images

This is a news story from economia.

Show Hide image

I am special and I am worthless: inside the mind of a narcissist

There's been a lot of discussion about narcissists this week. But what does the term actually mean?

Since the rise of Donald Trump, the term “narcissistic” has been cropping up with great regularity in certain sections of the media, including the pages of this journal. I wouldn’t want to comment about an individual I’ve never met, but I thought it would be interesting to look at the troubling psychological health problem of narcissistic personality disorder (NPD).

People with NPD (which is estimated to affect about 1 per cent of the population) have a characteristic set of personality traits. First, they have a deeply held sense of specialness and entitlement. Male NPD sufferers frequently present as highly egotistical, with an unshakeable sense of their superiority and importance; female sufferers commonly present as eternal victims on whom the world repeatedly inflicts terrible injustices. In both cases, the affected person believes he or she is deserving of privileged treatment, and expects it as a right from those around them.

Second, NPD sufferers have little or no capacity for empathy, and usually relate to other people as objects (as opposed to thinking, feeling beings) whose sole function is to meet the narcissist’s need for special treatment and admiration – known as “supply”. In order to recruit supply, NPD sufferers become highly skilled at manipulating people’s perceptions of them, acting out what is called a “false self” – the glittering high achiever, the indefatigable do-gooder, the pitiable victim.

The third characteristic is termed “splitting”, where the world is experienced in terms of two rigid categories – either Good or Bad – with no areas of grey. As long as others are meeting the narcissist’s need for supply, they are Good, and they find themselves idealised and showered with reciprocal positive affirmation – a process called “love-bombing”. However, if someone criticises or questions the narcissist’s false self, that person becomes Bad, and is subjected to implacable hostility.

It is not known for certain what triggers the disorder. There is likely to be a genetic component, but in many cases early life experiences are the primary cause. Narcissism is a natural phase of child development (as the parents of many teenagers will testify) and its persistence as adult NPD frequently reflects chronic trauma during childhood. Paradoxically for a condition that often manifests as apparent egotism, all NPD sufferers have virtually non-existent self-esteem. This may arise from ongoing emotional neglect on the part of parents or caregivers, or from sustained psychological or sexual abuse.

The common factor is a failure in the development of a healthy sense of self-worth. It is likely that narcissism becomes entrenched as a defence against the deep-seated shame associated with these experiences of being unworthy and valueless.

When surrounded by supply, the NPD sufferer can anaesthetise this horrible sense of shame with the waves of positive regard washing over them. Equally, when another person destabilises that supply (by criticising or questioning the narcissist’s false self) this is highly threatening, and the NPD sufferer will go to practically any lengths to prevent a destabiliser adversely influencing other people’s perceptions of the narcissist.

One of the many tragic aspects of NPD is the invariable lack of insight. A narcissist’s experience of the world is essentially: “I am special; some people love me for this, and are Good; some people hate me for it, and are Bad.” If people with NPD do present to health services, it is usually because of the negative impacts Bad people are having on their life, rather than because they are able to recognise that they have a psychological health problem.

Far more commonly, health professionals end up helping those who have had the misfortune to enter into a supply relationship with an NPD sufferer. Narcissism is one of the most frequent factors in intimate partner and child abuse, as well as workplace bullying. The narcissist depends on the positive affirmation of others to neutralise their own sense of unworthiness. They use others to shore themselves up, and lash out at those who threaten this precarious balance. And they leave a trail of damaged people in their wake. 

This article first appeared in the 16 February 2017 issue of the New Statesman, The New Times