Last week’s print edition of The Economist reported that a fake tweet saying that the U.S. President had been injured in a bombing at the White House caused an upset in the stock market.
The story begins: “IT WAS over in less than three minutes. At 1:08pm on April 23rd a fake tweet from a hacked Associated Press account asserted that explosions at the White House had injured Barack Obama. Stock prices immediately dropped, wiping more than $130 billion off the value of the S&P 500. That understates the severity of the episode, since in many cases liquidity simply disappeared altogether.”
“A group calling itself the Syrian Electronic Army took credit for the attach, but that claim remains unverified.”
This event is a good example to use when thinking about the questions surrounding the rules applicable to cyber warfare. The group claiming responsibility calls themselves an “army”; should there be a designation between organized actors and lone wolf attacks? What if the attacks can be linked to the government of another country, should that make a difference? The damage resulting from the hacked tweet was quantifiable with no loss of life. What should the boundaries of a counterattack be? What would be considered a proportional attack? Who should be allowed to respond to the attack? If the AP has the resources, should they be allowed to respond in-kind to the hacked tweet? The damage was caused to the investors in the stock market and not the AP directly, should that matter?
It this case, the point may be mute, the false tweet was quickly corrected and, the Economist reported, “[m]arkets recovered, ending up for the day.” However, this story provides a nice example by which to think about the issues surrounding the ever growing cyber battlefield.