Social Engineeringhigh

Syrian Electronic Army Hijacks AP Twitter, Markets Crash

The Syrian Electronic Army gained access to the Associated Press Twitter account via a phishing email and posted a fake tweet about explosions at the White House, triggering a $136 billion drop in US stock market value in minutes.

Associated Press / Wall Street·2013·2 min read

Background

The Associated Press Twitter account had 1.9 million followers in April 2013 and was a trusted source of breaking news. The Syrian Electronic Army (SEA) had conducted a series of attacks against Western media organisations sympathetic to opposition forces in Syria's civil war.

The Attack

The SEA sent a phishing email to AP staff that appeared to be from a colleague, containing a link to a phishing site that captured email credentials. Using those credentials, they accessed AP's Twitter account on April 23, 2013 at 1:07 PM and posted: "Breaking: Two Explosions in the White House and Barack Obama is Injured." The tweet was real news to anyone who saw it appear in their feed — this was the Associated Press, after all. Automated trading algorithms detected the tweet and sold equities in milliseconds.

Response

The AP took its Twitter account offline within minutes. The White House issued a statement that the President was fine. Twitter suspended the AP account and investigated. AP issued a retraction. Stock markets recovered within minutes of the correction.

Outcome

The Dow Jones Industrial Average fell 143 points — representing approximately $136 billion in market value — in under two minutes before recovering. The incident demonstrated that a single compromised social media account from a trusted news organisation could trigger algorithmic trading responses at a scale measured in hundreds of billions of dollars.

Key Takeaways

  1. Social media accounts of trusted organisations are high-value targets requiring hardware MFA
  2. Automated trading systems that react to social media content are vulnerable to the compromise of any trusted account
  3. News organisations must have immediate kill switches and verification procedures for their social accounts
  4. The gap between a fake tweet and correction may be only minutes — but algorithmic trading can cause enormous damage in seconds
Syrian Electronic ArmyTwitter compromisestock market manipulationfake newsphishing

More in Social Engineering

2020high

The Twitter Bitcoin Hack

2 min readSocial Engineering
2023critical

MGM Resorts Social Engineering Attack

2 min readSocial Engineering
2022critical

Lapsus$: Teenagers Bribe Telecom Employees to Breach Microsoft, Nvidia, and Uber

2 min readSocial Engineering