How a Phony Tweet Moved the Markets: 71 Characters That Briefly Shook the Financial World

Early yesterday afternoon East Coast time, someone managed to get access to the Associated Press Twitter account and sent out the following message: "Breaking: Two explosions in the White House and Barack Obama is injured."

That tweet, sent out at 1:07 p.m. EDT, triggered an almost unbelievably swift response in the nation's financial markets. The Dow and other major indexes began to plummet, losing 1 percent within minutes. Reuters estimated that the sudden drop was enough to wipe out $136.5 billion in the value of the S&P 500. But just as quickly, the AP and White House knocked down the false report and the markets corrected. Most indexes wound up with a healthy gain for the day.

How could that phony tweet—just 71 characters, with spaces—cause such a profound effect so quickly?

Shane Shook, chief knowledge officer and a vice president for Irvine-based security startup Cylance, is a veteran investigator of information security breaches. He says that yesterday's incident adds to a running list of problems with the high-frequency trading systems that now handle most of the buy and sell orders in today's markets. Those systems are automated, depending on a variety of algorithms to decide when to execute trades. Shook says a key source of information for the algorithms is news feeds from both traditional sources like the wire services and from new media like Twitter. He says that when those algorithms picked up on an alarming set of terms yesterday, they swing into action without human intervention.

"White House, bomb, fire, government, things like that—those combination of terms have a higher value than other terms in a risk weighting by the algorithms,” Shook explains. “It causes positions to be automatically executed that otherwise would not."

Some security experts say that exploits like the one Tuesday could be used to manipulate the markets for profit. Hugh Thompson, organizer of the annual RSA Conference on information security, says the incident “showed even to cybercriminal organizations that there’s real potential profit in doing these kinds of attacks. I think you’ll see attacks like this increase.”

With last week's Boston marathon bombing still fresh in people's minds, it's unclear whether yesterday's hack was meant to provoke fear, interfere with Wall Street or just embarrass an established news organization. At least two groups have claimed credit for the phony message, including the Syrian Electronic Army, which hacked NPR's website earlier this month. The FBI, Secret Service and U.S. Securities and Exchange Commission are all reportedly investigating.

Those uncertainties aside, the incident shows that information relayed by Twitter feed is becoming more influential on Wall Street. Earlier this month, Bloomberg announced it was adding Twitter to its widely used financial news terminals.

The Tell, a blog on The Wall Street Journal's Marketwatch site reported financial industry reaction to yesterday's Twitter incident.

" 'In many respects, Twitter is the latest news wire of Wall Street. Investors have come to rely on the social medium for minute-by-minute news and opinion,' said Jack Ablin, chief investment officer at BMO Private Bank.

"[Experts] said ... they expected the day’s action could be a wake-up call for regulators to oversee the increasingly close relationship between social media and Wall Street.

" 'I imagine there will be additional trading safeguards that will need to be enacted, as there were following the insider trading scandals,' said Peter Sorrentino, senior portfolio manager at Huntington Asset Advisors."