We're living in the age of the hacker

Hack or be hacked.

Never in the history of written communication could 140 characters have the impact that they can have now

Two weeks ago, after gaining access to the Associated Press’s main Twitter account (@AP), the Syrian Electronic Army (SEA) posted a fake tweet reporting two explosions in the White House and the injury of President Barack Obama. Within seconds, US financial markets dropped by about 1%.

Minutes later, Twitter was abuzz with refutations. Reporters at the White House tweeted that they felt no explosion, and AP reporters and the AP Politics Twitter account announced that @AP had been hacked. At his afternoon briefing, White House press secretary Jay Carney confirmed that Obama was indeed unharmed. Financial markets returned to their pre-hoax level.

The @AP Twitter hoax represents systemic risk that cannot be eliminated, for it arises from the interaction of highly integrated financial markets and increasingly democratized news delivery. Given strong incentives for malicious parties to perpetrate such hoaxes, we should expect to see an increase in incidents.

Financial markets are vulnerable to manipulation, because they are not in the business of evaluating the truth. Trading often favours first movers, so being fast but wrong can still be profitable.

Imagine that a sophisticated trading firm has invested significant resources to develop an algorithm that quickly evaluates the potential market impact of news, and then automatically sends orders to trade based on that predicted impact. When that algorithm parses a tweet from the AP containing important keywords (explosion, White House, and Obama), it will send orders to sell with the expectation that the market will drop as others – first, slower algorithms, then even slower humans – start to process the same news.

The first mover is happy to make such trades without verifying that the news is true. If it is true, the market will stay down or continue dropping, and the first mover will profit from the sales that it has made. If the story is a hoax, the market will probably return to its earlier, fairly valued level, and the first mover will break even on its sales, and possibly profit from any position purchased as a hedge when the market was down. The first mover’s algorithm worked, regardless of the story’s veracity.

The likely losers in the @AP Twitter hoax were later movers who did not react quickly to the news, but reacted instead to the market’s movement.

These late movers were also likely to have been sophisticated electronic or institutional traders; some were probably using arbitrage-based strategies that relied on the futures market for a calculation of the fair price.

The market’s vulnerability to hoax stories is thus difficult to eliminate, for it is inherent in its structure. It cannot be regulated away or fixed by technology or surveillance.

Even if markets moved more slowly, there would still be a first mover who responded before such a news story was revealed as a hoax. This dynamic is similar to that of an asset bubble, albeit faster. In a bubble, valuations are based on collectively evaluated evidence, and those who enter the market earliest often benefit. Whether evaluating an assumption about the rise of house prices or whether a news story is true, the market does not provide a definitive answer instantaneously.

If protecting against hoaxes is not the market’s purview, can news agencies or new media entities like Twitter prevent such deception? To be sure, they have suffered reputational damage from this fiasco and will likely try to improve. But their efforts will not be enough.

Twitter’s vulnerabilities were technically understood before this event, and the service was already moving toward a more sophisticated authentication model (a password paired with a one-time key from a text message or other device). Twitter will likely implement this soon. It should also consider adding an optional “two-key” system, in which an independent signoff from a separate account is required before a proposed tweet is broadcast. But, while such measures would increase the difficulty of hacking the system, no technological fix can make it impenetrable.

What about the AP’s vulnerabilities? Attackers launched a “phishing” attempt against the AP’s emails shortly before the hoax tweet was sent. Phishing attacks, in which an employee is duped into sending a password to a third party or clicking an untrusted link that installs malicious software, represent a hybrid of cultural and technological failures.

As attackers become more sophisticated, they send better-crafted emails, sometimes impersonating trusted sources that lure unwary users. Crafting a culture of security is difficult and often at odds with the dynamic and decentralised work environment of a fast-moving newsroom.

This story can be read in full at economia

Chris Clearfield is a principal at System Logic, an independent research and consulting firm that focuses on issues of risk and complexity. András Tilcsik is an assistant professor of strategic management at the Rotman School of Management at the University of Toronto.

Photograph: Getty Images

This is a news story from economia.

Getty
Show Hide image

Is defeat in Stoke the beginning of the end for Paul Nuttall?

The Ukip leader was his party's unity candidate. But after his defeat in Stoke, the old divisions are beginning to show again

In a speech to Ukip’s spring conference in Bolton on February 17, the party’s once and probably future leader Nigel Farage laid down the gauntlet for his successor, Paul Nuttall. Stoke’s by-election was “fundamental” to the future of the party – and Nuttall had to win.
 
One week on, Nuttall has failed that test miserably and thrown the fundamental questions hanging over Ukip’s future into harsh relief. 

For all his bullish talk of supplanting Labour in its industrial heartlands, the Ukip leader only managed to increase the party’s vote share by 2.2 percentage points on 2015. This paltry increase came despite Stoke’s 70 per cent Brexit majority, and a media narrative that was, until the revelations around Nuttall and Hillsborough, talking the party’s chances up.
 
So what now for Nuttall? There is, for the time being, little chance of him resigning – and, in truth, few inside Ukip expected him to win. Nuttall was relying on two well-rehearsed lines as get-out-of-jail free cards very early on in the campaign. 

The first was that the seat was a lowly 72 on Ukip’s target list. The second was that he had been leader of party whose image had been tarnished by infighting both figurative and literal for all of 12 weeks – the real work of his project had yet to begin. 

The chances of that project ever succeeding were modest at the very best. After yesterday’s defeat, it looks even more unlikely. Nuttall had originally stated his intention to run in the likely by-election in Leigh, Greater Manchester, when Andy Burnham wins the Greater Manchester metro mayoralty as is expected in May (Wigan, the borough of which Leigh is part, voted 64 per cent for Brexit).

If he goes ahead and stands – which he may well do – he will have to overturn a Labour majority of over 14,000. That, even before the unedifying row over the veracity of his Hillsborough recollections, was always going to be a big challenge. If he goes for it and loses, his leadership – predicated as it is on his supposed ability to win votes in the north - will be dead in the water. 

Nuttall is not entirely to blame, but he is a big part of Ukip’s problem. I visited Stoke the day before The Guardian published its initial report on Nuttall’s Hillsborough claims, and even then Nuttall’s campaign manager admitted that he was unlikely to convince the “hard core” of Conservative voters to back him. 

There are manifold reasons for this, but chief among them is that Nuttall, despite his newfound love of tweed, is no Nigel Farage. Not only does he lack his name recognition and box office appeal, but the sad truth is that the Tory voters Ukip need to attract are much less likely to vote for a party led by a Scouser whose platform consists of reassuring working-class voters their NHS and benefits are safe.
 
It is Farage and his allies – most notably the party’s main donor Arron Banks – who hold the most power over Nuttall’s future. Banks, who Nuttall publicly disowned as a non-member after he said he was “sick to death” of people “milking” the Hillsborough disaster, said on the eve of the Stoke poll that Ukip had to “remain radical” if it wanted to keep receiving his money. Farage himself has said the party’s campaign ought to have been “clearer” on immigration. 

Senior party figures are already briefing against Nuttall and his team in the Telegraph, whose proprietors are chummy with the beer-swilling Farage-Banks axis. They deride him for his efforts to turn Ukip into “NiceKip” or “Nukip” in order to appeal to more women voters, and for the heavy-handedness of his pitch to Labour voters (“There were times when I wondered whether I’ve got a purple rosette or a red one on”, one told the paper). 

It is Nuttall’s policy advisers - the anti-Farage awkward squad of Suzanne Evans, MEP Patrick O’Flynn (who famously branded Farage "snarling, thin-skinned and aggressive") and former leadership candidate Lisa Duffy – come in for the harshest criticism. Herein lies the leader's almost impossible task. Despite having pitched to members as a unity candidate, the two sides’ visions for Ukip are irreconcilable – one urges him to emulate Trump (who Nuttall says he would not have voted for), and the other urges a more moderate tack. 

Endorsing his leader on Question Time last night, Ukip’s sole MP Douglas Carswell blamed the legacy of the party’s Tea Party-inspired 2015 general election campaign, which saw Farage complain about foreigners with HIV using the NHS in ITV’s leaders debate, for the party’s poor performance in Stoke. Others, such as MEP Bill Etheridge, say precisely the opposite – that Nuttall must be more like Farage. 

Neither side has yet called for Nuttall’s head. He insists he is “not going anywhere”. With his febrile party no stranger to abortive coup and counter-coup, he is unlikely to be the one who has the final say.