False Explosions Spring 2013 Cyber Ripples Hit the Associated Press (April 2013)

False Explosions Spring 2013 Cyber Ripples Hit the Associated Press (April 2013)

On April 23, 2013, the official account of the U.S. news agency AP issued a statement that an explosion had occurred at the White House, injuring the president. The bulletin, which later turned out to be false, spread instantly because the source was a highly trusted news organization, and the financial markets were shaken in a short time. Futures and cash sank simultaneously, with the Dow Jones falling nearly 143 points at one point and approximately $136.5 billion in S & P 500 evaporating. Prices returned a few minutes later, but the brief storm revealed the instability of an era in which information and market prices were one and the same.

The market reacted so quickly because of the prevalence of high-frequency trading, in which machines read the news and automatically place orders. The mechanism for detecting words such as explosions and injuries as negative events was supported by lightweight natural language processing, low latency stream processing, and instantaneous capture of various types of delivery. Once the machines start selling, human anxiety will cascade down the chain, and liquidity will quickly thin out. On the other hand, it cannot be overlooked that the safety valve on the part of the exchanges functioned based on past turmoil. Since measures were in place to temporarily restrain trading in the event of sudden fluctuations, prices eventually settled back to normal.

The reality of the attack was not an elaborate zero-day, but the persistence of a classic tactic. The Syrian Electronic Army, purporting to support the Syrian government, sent a cleverly spoofed email to AP reporters, directing them to a fake login page that resembled a legitimate screen. Using the credentials they obtained there, they infiltrated the legitimate accounts and hijacked the outgoing communications privileges themselves. During the same period, they repeatedly targeted a number of news organizations, including the British Broadcasting Corporation, the Guardian, and public broadcasters and major newspapers in the United States. The target was the credibility of the information itself, with the aim of swaying public opinion and market reaction through the spread of propaganda and disinformation.

After the storm passed, the measures taken by all sides became a reality. On the transmission infrastructure side, two-factor authentication that does not rely on a single password was introduced, and the treatment of shared accounts was reviewed based on the principles of separation of powers and minimum authority. Procedures are also being put in place to immediately stop and correct false postings when they occur. In terms of investigations, it is symbolic that the U.S. authorities prosecuted the persons involved and placed them on the wanted list in 2004. The fact that the false bulletins moved the market, even if only temporarily, clearly demonstrated the social impact of the attacks and positioned them as a target for law enforcement.