SEC, FBI probe fake tweet that rocked stocks

Gary Strauss, Adam Shell, Roger Yu and Byron Acohido, USA TODAY | USATODAY

A hacked Twitter account of a major news organization Tuesday dispelled any lingering notion that tweets are mere 140-character missives that harmlessly fly off into the ether.

The FBI and the Securities and Exchange Commission are investigating the security breach that momentarily sent stocks into free fall Tuesday, erasing some $200 billion from the market's value.

At 1:07 p.m. ET, a tweet from the Associated Press exclaimed: "Breaking: Two Explosions in the White House and Barack Obama is injured." Within seconds, Wall Street was in panic mode and the Dow Jones industrial average and other benchmark indexes plummeted.

The Associated Press quickly revealed its Twitter account was a hacked fake, and the White House issued assurances that the president was safe. "The president is fine," spokesman Jay Carney said. "I was just with him."

Traders breathed a sigh of relief, and stocks rebounded as quickly as they had swooned, accelerated by computerized trading programs that buy and sell stocks on news feeds and social media sites. The Dow ended the day up 152 points to 14,719.

Fresh off last week's deadly Boston Marathon attacks, the Texas fertilizer facility explosion and fear inspired by ricin-laced letters mailed to the president and congressional leaders, the hoax underscored a great vulnerability in our 24/7 faster-is-better news environment: stories (even fake ones) travel at light speed and can in an instant upend an increasingly anxious public's faith in business, government and the news media.

The AP says the tweet came after several previous attempts had been made to hack into its account. An organization calling itself the Syrian Electronic Army — the group that hacked into BBC Weather's Twitter account earlier this year and more recently into the social media accounts of CBS' 60 Minutes and 48 Hours news shows — claimed responsibility for the AP's misfire.

"This is yet another reminder that social media isn't simply banal messages about breakfast between teenagers, but that it can have massive, real-world consequences," says Jeff Hancock, a Cornell University communications and information science professor. "Our trust of social media has reached new levels. (Wall Street's) response also highlights that humans have a built-in truth bias to believe what others say. Although there is a lot of suspicion about the Internet in general, the truth bias is alive and well with social media."

The convergence of social media and business looms large on Wall Street's already-frenetic pace of trading. Jeffrey Kleintop, chief market strategist at LPL Financial, says traders view Twitter as a go-to site for real-time news.

"If something is going on, Twitter is the place to go to get the fastest information," he says. "It's gonna get there first and it might not be the full story. That is where you have to wait for other established news sources to comment and do legwork on your own."

Tuesday, traders were fooled by an established news source — one they normally count on as a respected, reliable information source. SEC Commissioner Daniel Gallagher told Reuters news service Wednesday that the federal agency is looking into the "bogus" tweet.

SEEKING 'MAXIMUM EFFECT'

Watching the Dow's rapid plunge on his trading computer, Gary Kaltbaum, president of Kaltbaum Capital Management, initially thought the market only goes down this fast if something terrible has happened. He quickly accessed Twitter to learn the cause of the stock plunge, saw the phony AP tweet and wondered if it was really true.

"Whoever did it wanted the maximum affect, and he got it until the tweet was proved to be a dupe," Kaltbaum says.

The sell-off had consequences for traders and investors that had downside "stops," pre-arranged sell orders triggered by declines in prices of individual stocks, stock indexes or futures contracts. "Some people lost money on that move," Kaltbaum says.

Yet hack attacks that send out phony information and others designed to steal data are increasingly common and relatively easy. In the AP's case, a prankster may have simply shopped the cyber underground to obtain the user name and password of an AP employee authorized to use the wire service's Twitter account, says J.D. Sherry, security consultant at Trend Micro.

AP twitter hacked, experts blame 'phishing' After the AP Twitter account was hacked, the FBI is investigating who was responsible. The hackers sent a Tweet claiming there was an explosion at the White House and President Obama was injured.

Stolen log-ons for financial and social media accounts readily flow through underground forums, and over the past week, there has been a big infusion of freshly stolen data. "Hackers are compromising our computing devices and then spreading false information that can be damaging to an individual or a company," Sherry says.

In the wake of the Boston Marathon bombings and devastating explosion in West, Texas, "phishers" sent out links to disaster videos in millions of e-mail messages. Clicking on one of these links displayed the video — but also infected the computing device.

OPENING THE FLOODGATES

On Monday, banking security firm Trusteer disclosed that it found malicious software for sale designed to steal Twitter credentials from infected PCs, then instantly send out tweets from that account to all of the account owners' followers. The tweets carried links to viral websites.

"Once you get that user name and password, you can use it for any number of things, says George Tubin, a senior analyst at Trusteer. "By taking over the account of a respected Twitter source, you can then use it for 'hacktivism,' or to disrupt business or create turmoil."

In the cyber underground, stolen account credentials, personal information and payment card numbers are sold to the highest bidders, and often posted for free by hacktivists out to make an ideological point.

In this case, it appears the hacker was able to log on as an official AP employee, says Wade Williamson, researcher at Palo Alto Networks.

"A hijacked Tweet is a real Tweet for all intents and purposes, but the account has been compromised and this usually happens the old-fashioned way — by breaking or stealing passwords," says Williamson.

Tuesday's faux tweet and the impact on Wall Street underscores concerns sparked by a recent Securities & Exchange Commission ruling that approves corporate use of Twitter, Facebook and other social media to officially post company financial results and other announcements.

"The SEC looked at it purely from the perspective of disclosure equality, but not from the information risk standpoint," says Kavitha Venkita, managing director at CEB, a business adviser in Washington D.C. "Companies need to have the right kind of staff training to ensure employees use these services securely and don't let their accounts fall into the wrong hands."

REPUTATION 'ALL WE'VE GOT'

The news media also need to pay closer scrutiny to hackers, says Dominic Lasorsa, associate professor at the University of Texas School of Journalism.

"This is the kind of stuff the media has to deal with today. It's something we have to learn to deal with. It's difficult to stay ahead of the hacking community," Lasorsa says. "Our reputation is all we've got going for us. News media organizations need to be more savvy about the problem."

Stephen Ward, director of the Center for Journalism Ethics at the University of Wisconsin-Madison, says a hoax tweet has the potential for far more damage than pocketbooks.

"It could have had people trampled, real injuries. This is the world we live in now. And in light of this, news organizations have to certainly increase security procedures so that they can't be hacked easily. ... (If it was phishing that led to this), that is not proper security. They've got to review the security procedures. We can't control non-professionals or individuals using social media. But as news organizations, we have to hold the line here."

Strauss and Yu reported from McLean, Va.; Shell reported from New York; Acohido reported from Seattle.