So, let’s recap the sequence of events:
- The Sun-Sentinel newspaper in Fort Lauderdale accidentally republishes a six-year-old news story about the bankruptcy of UAL. It wasn’t on the home page, but instead buried somewhere inside the web site.
- Google’s news crawler (an automated thing, remember) finds the story and incorporates it as part of its news feed.
- Investors see the story, and immediately react. When UAL’s stock plunged 76% to a low of $3, Nasdaq shut down trading. Eventually trading resumed, and the stock closed at just under $11, losing about 11%.
- United blamed Tribune Company (the owner of the Sun-Sentinel) for "irresponsibly" changing the date on the story and demanded a retraction.
- Tribune Company blamed Google, claiming they’ve had issues with Google’s crawler "for months."
Who will blame be shifted to next?
Look — if people haven’t realized by now that the Internet pretty much lacks a delete function, then (IMNSHO) it becomes the requirement of each and every one of us to pay close attention to what we’re reading, to use our own big brains and fine-tuned bullshit detectors to suss out whether something makes sense.
Since this is my blog, I’m going to parcel out blame the way I see it:
- United: 0%. If the concept of "negative blame" made any sense, then I’d actually write −∞ (that’s a negative infinity, in case your character set is different than mine).
- Google: 5%. How can an automated crawler know that a newly-dated story isn’t really new? Well, those folks over there at Google are smart. Certainly it shouldn’t be that difficult to compare a "new" article against existing ones. Content hashes won’t work as a comparison tool, because the date would be included in the hash computation, thus making the hashes different anyway. Full-text comparisons? Sure, it would take a lot of horsepower. Perhaps not every "new" story needs comparison, but at least the crawler could submit to the comparator any stories that ought to be verified (say those with the word "bankruptcy" in them).
- Tribune Company: 30%. Hey guys, you changed the date on the article. Don’t go blaming someone else for your screw-up.
- Investors: 65%. If you’re using an automated news aggregator (remember, an aggregator is not a source of news) to make major financial decisions — decisions that affect the livelihoods of thousands (maybe millions) of people — well, you’re a moron. You should know that incorrect information can be just as instantly available as correct information. Verify potentially damaging claims before engaging in reckless behavior.
What’s this got to do with security? I don’t know, maybe nothing directly related. But it certainly raises the question — what if someone intentionally wanted to cause nearly permanent damage to a person or a corporation? Malicious content, disguised as "news," certainly seems to have become a potentially successful attack vector this week.
Worried about a social engineering attack on a massive scale? I suspect that what happened Monday (8 September) was the largest social engineering attack in history — although I wouldn’t classify it as intentionally malicious. Just you wait until the idea spreads.