Twitter issued a warning yesterday to media organisations to improve the security of their tweeting procedures following several high profile hacks in recent weeks.
Meanwhile, federal financial market regulators meeting in Washington discussed risks to the financial market from such cyber-attacks on social media channels.
In a memo sent to hundreds of media outlets and posted on the Buzzfeed.com website, the internet company said that the hacking incidents appeared to have stemmed from “spear phishing” attacks that masquerade as legitimate emails targeting the journalists running media organiSations’ Twitter accounts.
The advisory said that organisations should use a dedicated computer to post to Twitter to reduce the chances of a malware infection and should “minimize the number of people” with access to accounts to prevent human error.
“There have been several recent incidents of high-profile news and media Twitter handles being compromised. We believe that these attacks will continue, and that news and media organisations will continue to be high value targets to hackers,” the memo stated.
Twitter advised users to use strong passwords at least 20 characters long to access the service and different passwords for their email accounts.
Twitter hit the headlines last week when the main feed of The Associated Press was hacked by a group called the Syrian Electronic Army, and a bogus message was posted about an attack on the White House. Organisations such as CBS, the BBC, The Guardian and football governing body FIFA have had their Twitter feeds hacked in recent weeks.
The AP incident caused the benchmark Standard and Poor’s 500 index to drop by about 1 per cent in the three minutes before the news wire refuted the hacked report. The stock-market gauge recovered its original level within the next three minutes.
The Commodity Futures Trading Commission, which regulates derivatives markets, is launching a process to examine possible regulation of automated trading, Chairman Gary Gensler said in a public meeting on technology issues Tuesday in Washington.
The commission has no oversight over stock markets but noted that last week’s S&P 500 plunge was blamed on so-called scrape-and-trade algorithms, which harvest data from information feeds to speed buy and sell decisions. Similar new techniques could be used in commodities trading.
“We’re not immune from the same operational issues,” Gensler said.
He noted that similar cyber threats to market integrity could come from hackers, terrorists, hostile Governments and even would-be market manipulators. “It’s a bit of an arms race,” Gensler said.
Evelyn Fuhrer, Managing Director of risk management and regulatory compliance consultant Promontory Financial, said that the AP Twitter hack could have been far more damaging to markets if a determined cyber attacker had coordinated multiple hoax reports.
“I actually think we got lucky. It was one feed,” said Fuhrer, a member of the futures commission’s advisory committee.
Larry Tabb, Founder and Chief of financial markets research firm Tabb Group, said that “trading off Twitter is relatively new, and there aren’t a lot of people doing it,” which helped minimize the impact of last week’s AP Twitter attack. More secure news wire feeds from AP and other media outlets are much more widely “scraped” for information fuelling automated trading, he said.
John Lothian, a commodity industry publisher, said that stock traders who lost money last week trading shares based on a single Twitter alert will know to corroborate information in the future.
“They learned a valuable lesson,” he said. “The market will teach you lots of lessons.”