The Washington Post

Syrian hackers claim AP hack that tipped stock market by $136 billion. Is it terrorism?

This chart shows the Dow Jones Industrial Average during Tuesday afternoon's drop, caused by a fake A.P. tweet, inset at left.

At 1:07 p.m. on Tuesday, when the official Twitter account of the Associated Press sent a tweet to its nearly 2 million followers that warned, "Breaking: Two Explosions in the White House and Barack Obama is injured," some of the people who momentarily panicked were apparently on or near the trading floor of the New York Stock Exchange.

At 1:08, the Dow began a perilous but short-lived nosedive. It dropped about 150 points, from 14697.15 to 14548.58, before stabilizing at 1:10 p.m., when news that the tweet had been erroneous began to spread. By 1:13 p.m., the level had returned to 14690. During those three minutes, the "fake tweet erased $136 billion in equity market value," according to Bloomberg News' Nikolaj Gammeltoft.

Just two-and-a-half weeks ago, Bloomberg LP announced that it would begin adding a small number of Twitter accounts to its financial information terminals, which are ubiquitous in Wall Street's financial offices. The idea, ironically enough, was to combat misinformation spread on Twitter. In August, false information spread on Twitter suggesting that Syrian President Bashar al-Assad had been killed, sending crude oil prices spiking.

The market appears to have recovered from the AP Twitter hack, which was both juvenile and easily fixed. The AP got word out quickly that the tweet was the result of a hack, and Twitter shut down the compromised account.

About an hour after it was over, a group of hackers who cause trouble in support of Assad, an informal collective known as the Syrian Electronic Army, claimed responsibility for the attack. As I wrote Monday, the Syrian Electronic Army has been hijacking a string of high-profile Twitter feeds, often belonging to large media organizations, using them to denounce the United States and defend Assad.

The Syrian Electronic Army did not offer proof of its responsibility, nor did it send any tweets from the AP account championing its cause, possibly because it was shut down so quickly. A post at Enduring America points out that the Syrian Electronic Army's screenshot trumpeting the hack appears to show what hacking tools they may have used.

The hackers, whoever they were, got access to the AP account by sending malware through something called a "phishing" e-mail. The hackers sent an innocent-looking e-mail to AP staffers urging them to click on a link that, though they did not know it, would infect their computers with spy software. (The phishing e-mail in question actually lured its targets with an apparent link to this blog; sorry about that, AP, I promise that my blog is safe!) The software allowed the hackers to access the AP Twitter account and send out the erroneous tweet.

It was all a surprisingly sophisticated bit of cyber-espionage in pursuit of some childish vandalism. Still, that vandalism had a brief but very real effect on the New York Stock Exchange, one of the most important financial markets in the world. As NPR's Andy Carvin asked on Twitter, "When do vandals graduate to cyber terrorists?" What, he wondered, if the market had not rebounded so rapidly and completely? What if the hackers had been smart enough to simultaneously hijack multiple news organizations' Twitter feeds, sustaining the fiction from seconds to minutes? It's not as outlandish as it sounds; multiple news organizations have been hit by the Syrian Electronic Army in recent weeks.

One of the problems with cybersecurity and cyberwar is that the limits are so poorly defined. As with the Syrian Electronic Army, which backs but is not officially sponsored by the Syrian government, the line between vandalism and state acts of aggression can be difficult to find. And, even if you know who did the hacking, it's not clear what rises to the level of requiring retaliation. If North Korea was indeed behind the recent cyberattacks on South Korean financial institutions, does that count as an attack? What about the suspected Chinese military-sponsored hacks against U.S. institutions?

A recent study, commissioned by NATO, argued that any cyberattack that causes real-world physical property damage or death would merit a military retaliation. So, based on that definition, a temporary stock market dip would certainly not seem to rise to the level of demanding a real-world military as a terrorist attack might.

But what's significant here is not the relatively modest damage caused by the ultimately inconsequential hack, which probably does not cross the line separating vandalism from terrorism, it's the larger and still-unanswered question about where that line is -- and what happens when some individual or group crosses it.



Success! Check your inbox for details. You might also like:

Please enter a valid email address

See all newsletters

Show Comments

Sign up for email updates from the "Confronting the Caliphate" series.

You have signed up for the "Confronting the Caliphate" series.

Thank you for signing up
You'll receive e-mail when new stories are published in this series.
Most Read



Success! Check your inbox for details.

See all newsletters

Your Three. Videos curated for you.
Play Videos
From clubfoot to climbing: Double amputee lives life of adventure
Learn to make traditional soup dumplings
Deaf banjo player teaches thousands
Play Videos
Unconventional warfare with a side of ale
The rise and fall of baseball cards
How to keep your child safe in the water
Play Videos
'Did you fall from heaven?': D.C.'s pick-up lines
5 ways to raise girls to be leaders
How much can one woman eat?
Play Videos
How to get organized for back to school
How to buy a car via e-mail
The signature drink of New Orleans
Next Story
Max Fisher · April 23, 2013

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.