TECH
04/25/2013 02:12 pm ET Updated Apr 25, 2013

AP Twitter Debacle Shows Why Companies Should Be Fined If They Get Hacked, Regulator Says

In the wake of a brief stock market crash caused by hackers sending out a false tweet from the Associated Press' Twitter account, companies who fail to secure their social media accounts from hackers should face fines, one federal regulator told The Huffington Post.

Bart Chilton, a commissioner with the Commodity Futures Trading Commission, said Thursday that the agency is investigating the bogus tweet, which suggested explosions at the White House had injured President Barack Obama. He called for cybersecurity rules for companies that have social media accounts, especially at a time when so many traders are using Twitter and false tweets can send markets into turmoil.

The AP tweet on Tuesday caused the Dow Jones Industrial Average to drop about 150 points in a matter of seconds, before recovering when traders realized the tweet was false. The crash was amplified by so-called high-frequency trading, which uses algorithms to scour headlines for certain words on Twitter and other sites to makes split-second trades.

Chilton said he asked the agency's lawyers to review whether a company whose Twitter account gets hacked is violating a law that bars it from "providing misleading information or recklessly allowing information to come out."

"It's clearly a violation of the law to be reckless," Chilton said, "and if you don’t have certain security in place it would seem to me that could be constituted as reckless."

An official spokesman for the CFTC declined to comment.

News organizations like the AP would not fall under the CFTC's purview, but companies that trade in futures and options could be subject to any proposed social media rules.

"Any companies trading on the securities and futures markets need to have a super tough-as-nails cybersecurity program to avoid being the victim of a hack attack," Chilton said. "If you have a big company with a social media account and someone hacks into that just before their earnings come out, that can have an impact on the market."

The FBI and Securities and Exchange Commission are also investigating this week's hacking of AP's Twitter account.

“We have standard operating procedures whenever there are market developments, and this is no exception," SEC spokesman John Nester said in a statement. "These procedures start with getting the facts about what occurred. We do not limit ourselves to looking at the catalyst for an event, but also its repercussions, to determine whether any further inquiries or actions are warranted."

An FBI spokeswoman declined to comment further.

A hacker group calling itself the Syrian Electronic Army took credit for sending the bogus tweet, which was re-tweeted thousands of times in minutes. The group, which has been described as "a collective of pro-Assad hackers and online activists," has also taken credit for hacking the Twitter accounts of several other news agencies in recent weeks, including NPR, Reuters, BBC and Al Jazeera.

CONVERSATIONS