The AP Twitter hack hoax exposes the need for 'slow news' | Dan Gillmor

With digital media vulnerability, trust no first report. Check, verify

More than a decade ago, a hoax hit the internet in the form of a phony press release by a man named Mark Simeon Jakob. His trick sent the stock of a company named Emulex tumbling when credulous traditional news organizations passed on the "news". He was later convicted of fraud and imprisoned.

A few years later, an unvetted phony post on CNN's iReport falsely announced the death of Steve Jobs, long before he actually died. Again, the information was passed along by others who had more credibility than an anonymous user of CNN's site; and again, investors reacted with a temporary vengeance.

Something much more serious occurred Tuesday. The Associated Press' primary Twitter account was hacked. Whoever did it falsely announced that the White House had been bombed and President Obama was injured. Markets briefly dived before the lie was debunked.

This media attack goes to the heart of what journalism – and our collective understanding of how media operate – needs to be in the digital age.

In an era when information velocity and volume are growing, journalists and the audiences they serve are making important decisions at speeds that, at best, raise the risks of being wrong. It's especially so with markets, where billions of dollars change hands in split seconds. And when markets go haywire, that can change your life and mine.

Moreover, people who provide information to others and want to be trusted – I assume this includes all traditional journalism organizations (perhaps excluding the New York Post and other rancid tabloids) – still don't take security as seriously as they should. The AP hack, as noted, was an escalation of earlier tricks. But something like it could have happened much earlier.

The New York Times front page was defaced 15 years ago by people who were out to prove a point, not muck with reality. What if those people had announced a war or major financial debacle? It wouldn't have been as bad then as it would if they did it today, because social networks wouldn't have spread the information around at today's speed. But the consequences could have been non-trivial.

The lessons for journalists and audiences of this week's AP breach, apparently the result of a clever "social hacking" scam (an email "phishing" trick that caused someone inside the news service to reveal an account password), are clear enough. First, information providers forfeit some trust every time they make mistakes. That eventually, one hopes, affects the bottom line, or in a social context, the confidence of one's friends and peers.

How do we punish the Wall Street computers and human traders making decisions from microsecond to microsecond based on crappy information? That's harder, but if they can do this with impunity, they give the rest of us just one more reason to assume that the entire Wall Street system is rigged.

Second, journalists – all of us, really – need to understand much, much more about security. Whatever precisely happened at the AP in this case, any news organization should have had systems and policies in place to prevent it, period. (Twitter's own security methods regarding user accounts are not up to industry best practice, but they're getting better.)

Which raises still another issue: security breaches of our own systems are bad enough. But using third-party platforms adds to the risks in some ways. That, in turn, raises a further question: what if a number of major-media Twitter accounts had been hacked simultaneously? That could have caused considerably greater trouble.

And what of