Monday, April 29, 2013

On malicious event sources: the Twitter Hoax case

In case anyone missed it -- the Twitter Hoax occurred last week.  The story is that a Twitter message occurs at 1:08 pm, that was sent on behalf of Associated Press, notifying on two explosions in the white house, and the injury of the USA president Obama.  Since there are automatic trading programs who get their decisions based (among other sources) on social media, and AP is considered a reliable source, the figure above (taken from Wall Street Journal) shows what happened to the Dow Jones.  The Tweet, of course, was not sent by AP, it was hacked.   Within 2 minutes denials started to arrive, and around 1:13 the Dow Jones got back to where it was 5 minutes earlier.   Regulators are now checking what they can do about such incidents, as reported today by the NY Times.    While writing three years ago about the benefits of Twitter as event source, I noted the danger of abuse.  

Actually when relying on events, the danger of abuse and hacking exist anywhere, one can abuse medical events and sabotage health systems, one can abuse traffic events and make the roads messy, and I guess that there are many other creative way to abuse life.  Yet, I don't think that going backwards and ignore incoming information is practical.    In fact we made malicious sources as one of the motivation of dealing with uncertainty in event processing, but this area is still young.    This struggle will continue to evolve as one of the challenges of big data.   

1 comment:

woolfel said...

Many people pointed out how risky it is and the huge potential for abuse. Although someone could hack other medical events those are far less likely. Someone hacking those are likely committing a capital crime and attempting to kill someone.

It is atleast 2 orders of magnitude easier to hack social media than it is to write full proof/bullet proof/hack proof trading algorithms.

It is totally irresponsible of HFT to automate trade based off social media. They can alert a human being, but that action shouldn't be automated. Anyone that claims they can make a hack proof algorithm is lying plain and simple.