AP's Fake Terror Tweet: The Beginning of For-Profit Terrorism?

Historically, most terrorism was committed for ideological reasons, but now a new form of terrorism may be emerging: for-profit terrorism.

On April 23 2013 AP's widely followed Twitter account was hacked and falsely reported that an explosion had occurred at the White House injuring President Obama. Normally such a report would have little impact, but with 2 million followers, AP's tweet translated into real world consequences for US financial markets. Before the false tweet, US markets were enjoying a rally of about 130 points on the Dow and 14 points for the S&P 500. Within 3 minutes of the fake AP tweet, the S&P 500 had crashed 13 points with large gaps seen in many stocks. Zerohedge reports that during that time 260,000 S&P contracts traded with a notional value of $20.4 billion. A large amount of money was made and lost during this time, all because of a fake news report on a twitter account. While this instance was isolated and minuscule in the general course of the stock market, it may mark the beginning of a disturbing new trend where terror is used for financial gain.

The rapid dissemination of information through mobile and social media is a double-edge sword. People are more connected to their friends, families, and employers despite living 1000's of miles apart in some cases. Information is no longer controlled by a top-down mainstream media hierarchy which was vetted by editors and producers before dissemination to the masses. Instead information can now be transmitted almost instantaneously be anyone with an Internet connection, bypassing traditional forms of media such as TV or radio which had controls to prevent false or unsubstantiated stories from breaking. This new form of unedited information has the same power to change the course of events as traditional mainstream media information. Malicious actors (whether state-sponsored or independent) could use this new technology to make money.

Consider the following example. A man in Times Square starts shouting that the President has been shot and is dead. He runs around telling everyone that he has a source at the White House that told him this was true. What would be the effect of this false statement? Most likely nothing. Some by passers may get upset and call the police to report the deranged man for making threats against the president. The point being that no real world impact occurred. Most likely, the event will be considered a non-event and not covered by the media.

Now consider another example. Hedge fund Alpha wants to make a quick buck in the stock market. Hedge Fund Alpha purchases the services of an accomplished hacker to break into the twitter account of AP and post a false report that "Terror in DC--the president shot and killed at public reception--- foreign terrorists thought responsible--Washington on lock down--more news coming". Knowing that this headline would cause the market to drop precipitously, Hedge Fund Alpha shorts a large amount of S&P 500 futures or buys puts. Within minutes, Hedge Fund Alpha has made millions of dollars and promptly closes its positions. After 10 minutes, information comes out that this was a false report and that AP's twitter account was hacked. The White House Press Secretary tweets that the president is fine and all is well in the West Wing. AP asks Twitter to suspend its twitter account in order to prevent further misinformation from occurring. The problem is that the damage has already occurred. Investors lost money as stocks plummeted, while Hedge Fund Alpha collected large profits. Keep in mind that this whole event happened in less than 10 minutes. What was the cost of this illegal hack operation for Hedge Fund Alpha? The answer is not much compared to the millions in potential profits. All the hedge fund had to do was to hire a hacker and not tell them what the hack attack was designed for. You could probably hire a computer hacker for a trivial amount (lets just say $50,000), provided they did not understand the goal of the operation.

The above example illustrates how simple and cost-effective this fake terror story could be generated and disseminated to the world. While the story was quickly debunked as a false news item, it succeeded in its objective by creating a temporary panic in the stock market,  allowing nefarious operators to make some fast money. While this fake terror scenario was relatively benign (e.g. no one was physically hurt or injured), the incident raises an important point regarding terrorism: it can be very profitable.

Now suppose Hedge Fund Alpha wants to go a step further and actually influence events by committing a low-scale attack against a specific company in order to profit from the events. In this scenario, the attack could be a cyberattack against a company which primarily relied on its website to make money (e.g. Amazon.com, Google, etc). This is not without precedent. Many companies over the last few years have reported denial of service attacks against their websites. However, for the most part these attacks are done by disgruntled low level hackers who take down the site for a few hours at most. Sometimes they post explicit or incorrect images on the website, like seeing a naked woman when you go to bankofamerica.com. Sure its embarrassing for the company, but does little to impact corporate profitability or stock price. Now imagine that a well financed organization with millions of dollars in capital engaged in a well coordinated and persistent attack which shut down Amazon.com. Just when Amazon thinks it has restored the website, the hackers slip a malicious virus into Amazon's network which artificially lowers the price on every item to $1. These kind of well planned attacks continue for 6 days until Amazon finally regains full website functionality. A few days later Amazon announces that the hack attack also resulted in credit card information on millions of customers to be stolen. This attack would have cost Amazon 10's of millions of dollars of profit and hundreds of millions in revenue, along with a serious breach of public trust in the company. There is no question that the stock could decline during the whole incident, a positive for anyone betting against the company through short-selling or puts.

While the above scenario is unlikely considering how large Amazon is and the thousands of computer technicians it undoubtedly employs, this is not the case for smaller companies who could not defend themselves against such an organized and persistent cyberattack. For smaller or weaker companies this attack could very well force them into bankruptcy. We have entered a new world where this type of scenario is possible.

Black Swan Insights




1 comment: