The price of BTC initially jumped 3% on the hacked tweet. That's $25bn+ of market cap. The irony is the SEC itself is probably now responsible for the largest crypto pump and dump in history.
They didn't say the SEC did it, they said the SEC was "responsible" for it.
Which may or may not be true, if they were using "password123" then sure that's negligent and they'd bear some of the responsibility, but it might not have been the SEC's fault at all.
> Which may or may not be true, if they were using "password123" then sure that's negligent and they'd bear some of the responsibility, but it might not have been the SEC's fault at all.
It seems like SEC didn't even have some basic protections in place for their Twitter account, like having 2nd-factor enabled. That feels kind of negligent already, even if they had a very secure password.
Since we're all being a bit pedantic here... the SEC would be responsible for negligently allowing a third-party pump to happen-- they would not be responsible for a pump and dump. Pump and dump requires intention (and requires dumping).
> The SEC didn’t buy, nor did it sell, nor did it pump up the price (someone pretending to be the SEC pumped up the price).
How do we know it's not an inside job? Pretty tempting to pull a twitter account takeover and make potentially millions if you a lonely cog in the SEC wheel.
These guys hacked the SEC, made huge announcement tweet, and only got a 3% move from that. More over, they only had a 10 minute window to close whatever positions they had before BTC crashed through it's pre-hack price.
There is a fair chance that they actually lost money on this play, lol.
This wasn't a pump and dump. If they wanted to, they should've posted about a rejection when it was 95% surely going to be approved and with a long squeeze happening along the way, they could've easily gotten a 10% movement down and back up.
Twitter/X is not an authoritative source of news, regardless of whether it is an "official" account doing the Tweeting or not. Anyone can get a blue check by paying $8/mo.
> We really really really need some legislation about governmental agencies using privately owned companies to announce things.
What kind of legislation? There's a whole lot of existing law that applies in that domain (both statute and Constitutional case law), but if you think we need different laws, it probably helps to at least present the general shape of the law you want rather than just that it should in some way touch impact government using private platforms for announcements.
An example might be that the government sets up its own very basic one-way tweet-like notification service, something as simple as or simpler than an RSS feed, with the official content accessible directly via a .gov hosted web page.
Whatever X is or becomes, as owned by private interests, is trusted with nothing more than scraping and rebroadcasting the original and authentic source.
A solution with less developer and user overhead ma ybe that government webs host a list of public keys by which any "gray or blue check mark" type of authenticatuon signal capability on any private service can be validated against, and the government can revoke keys at any time if for some reason there's a suspicion that a counterfeit message is being distributed via these private services. Maybe repurpose the creaky old atomic clock time sync radio signal that is deployed almost everywhere as a means to distribute a rotating secondary factor. just old PKI tactics proven to work for two plus decades.
But this approach is still open to exploiting human tendency to trust things that have been trustworthy for a long time, until they aren't. So I still think hosting official messaging feeds directly from a government run server, accessible by any barebones http client capable of displaying plain text with basic paragraph/item formatting at most, is the gold standard.
The current situation, where X or meta or google or even a mastodon instance is entrusted with the entire conduit from human input to broadcast output, is a terrible precedent to normalize.
It looks like all of their tweets are just links to items on the news room portion of their website. If you click around a little there, you'll see that they do have RSS feeds:
So it looks like they're already doing exactly what you suggest: they post official announcements on their website which you can subscribe to using the standard way to do that (RSS), and they also rebroadcast on Twitter by linking back to the original source. What should they be doing differently? Periodically tweet reminders that you can subscribe directly to their RSS feeds? Stop posting to Twitter at all and leave only a message that you can find official news on their website?
Your ideas are honestly great and both of the solutions you presented (RSS->.gov site and public keys) feel like great solutions. I think the problem is that both of those require the general public to have some amount of technical knowledge which is, apparently, a big ask. The first would be a lot easier to present and avoid confusion but it'd still require people to know to go to that site.
For what it's worth though, I think the solution to that is people should have some real amount of education about the function and potential dangers of the internet before getting on it.
which while resolved, really opens more questions than it solves (which is fine because legislating from the bench shouldn't be the norm...)
There need to be very clear laws about how social media and modern tech is used to present information. Hell for the first time the government should have the ability to directly release information and not be reliant on normal privately owned distribution, and that should be investigated as well.
This whole thing is a giant can of legal worms anyways, and it only gets worse because our legislative branch has decided to devolve into high school popularity contests and just let the judiciary sort it all out.
> There need to be very clear laws about how social media and modern tech is used to present information.
What laws? “There should be laws about X” is a bunch of words with no substance unless you can say what the laws should, at least in general terms, require and/or prohibit.
> Hell for the first time the government should have the ability to directly release information and not be reliant on normal privately owned distribution
The government is able to do so, and has done for... quite a long time, though until recently wide distribution was a problem. Now, you can get information directly from the websites of most government agencies.
They also release information via private conventional media (via several mechanisms) and social media (via government run accounts), but they aren't exclusively reliant on such media.
The government has always used privately owned companies (newspapers, news channels, news websites) to make announcements. Social media is just the latest iteration of that. The government operating its own websites is in fact the aberration, and I'd wager the vast majority of people don't even know they exist or visit them. So not sure what such a law would accomplish.
The big issue is you can't be banned from newspapers, radio, and news channels. And there was still some question about "can you just announce this on the news or is that going to be unfair to people who don't own TV's". You can absolutely be banned from twitter.
There's also the standard of keeping records. The government is supposed to have immaculate records of these sorts of things with a whole shitload of legal nonsense involved in it. Twitter has complied with this under recent presidents but it's a big question of "do they need to?" and "what happens if they don't?".
For starters it like violates the FOIA, which is a serious thing.
I think we just need media literacy at least for now while the noise is still manageable. It’s perfectly fine to rely on private news to spread the information IMO, the issue is that people should independently verify said information.
After reading said announcement on Twitter, the first thing I’d do (if I cared about it) would be to head on over to sec.gov or use a search engine to find the official SEC site, then from navigate to find the official announcement. Any reputable news source should include a link in their announcement to the official announcement to save you this verification step.
At some point there may be so much targeted disinformation/misinformation out there that we need legislation to help protect against it but I don’t think we’re there yet.
Right, but I think paxys’ point is that the message you get when you click a blue check also implies the account is verified (which is not true in any rigorous sense of the word “verified”). The average user can’t be expected to know that the white one is “more verified” when they both say “verified”.
"The grey checkmark indicates that an account represents a government/multilateral organization or a government/multilateral official. Eligibility criteria to receive a complimentary grey checkmark are listed below. Additional government and multilateral accounts can receive grey checkmarks through Verified Organizations.
Eligible government organizations at the national level may include: Main executive office accounts, agency accounts overseeing specific areas of policy, main embassy and consulate accounts, and parliamentary or equivalent institutional and committee accounts. Eligible government organizations at the state and local level include: Main executive office accounts and main agency accounts overseeing crisis response, public safety, law enforcement, and regulatory issues.
Eligible government individuals may include: Heads of state (presidents, monarchs and prime ministers), deputy heads of state (vice presidents, deputy prime ministers), national-level cabinet members or equivalent, the main official spokesperson for the executive branch or equivalent, and individual members of all chambers of the supranational or national congress, parliament, or equivalent.
Eligible multilateral organizations may include: the main headquarters-level, regional-level, and country-level institutional accounts. Eligible multilateral individuals include: The head and deputy-head or equivalent of the multilateral organization.
US only: Accounts of current US state governors and senior military leaders are also eligible.
Eligible accounts may apply here. (link)
Any government or multilateral accounts that do not qualify under our current grey checkmark criteria can see if they’re eligible under our Verified Organizations feature."
Lol, I can't believe this is really what they ended up with: multicolored stars to indicate different things? I thought it was a joke at first, but no, that's really how it works now. What a strange world...
They used to have blue check marks which was this exclusive thing that meant that someone was important enough to have been verified. Then Elon decided to start selling blue check marks for money, so now there are apparently a bunch of different colored check marks that you need to keep track of and know the meaning of.
Whereas it used to be just. Blue check mark = this is probably the real person I think it is.
(But in this case it don’t matter anyway. They were hacked and even if we still had only blue check marks their account would have been hacked all the same.)
to be fair in the app you can click on the badge and it will tell you what it means
but really it'd be better if they didn't, since it opens them up to liability, "the website said this is a government account and they verified it, what do you mean someone was impersonating the SEC"
"We continue to be committed to keeping people safe and secure on Twitter, and a primary security tool we offer to keep your account secure is two-factor authentication (2FA). Instead of only entering a password to log in, 2FA requires you to also enter a code or use a security key. This additional step helps make sure that you, and only you, can access your account. To date, we have offered three methods of 2FA: text message, authentication app, and security key.
While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used - and abused - by bad actors. So starting today, we will no longer allow accounts to enroll in the text message/SMS method of 2FA unless they are Twitter Blue subscribers. The availability of text message 2FA for Twitter Blue may vary by country and carrier.
Non-Twitter Blue subscribers that are already enrolled will have 30 days to disable this method and enroll in another. After 20 March 2023, we will no longer permit non-Twitter Blue subscribers to use text messages as a 2FA method. At that time, accounts with text message 2FA still enabled will have it disabled. Disabling text message 2FA does not automatically disassociate your phone number from your Twitter account. If you would like to do so, instructions to update your account phone number are available on our Help Center.
We encourage non-Twitter Blue subscribers to consider using an authentication app or security key method instead. These methods require you to have physical possession of the authentication method and are a great way to ensure your account is secure."
(I don't have an account, cannot confirm current state of MFA auth story)
3% gain on BTC is really not that much for crypto, it's the size of the movement within a given timeframe that makes it impressive (e.g. it was within a minute or two). It would have been very easy to take out a leveraged long position in defi & profit off this.
How is the SEC responsible because they got hacked? Are you responsible for fraudulent charges on your credit card (you'll contrive some yes, but the answer is no)?
Generally I would expect a higher degree of security from an agency with a $2bn budget whose primary purpose is the integrity of communications about financial markets than an average person with a credit card.
Certainly you will admit at some size, responsibility and level of funding the organization should take responsibility for protecting itself from hacks. If the Department of Defense got hacked and nuclear secrets were leaked, I certainly hope people would get fired rather than sympathized with.
Twitter offers password based security. What other methods of security were you expecting? The SEC can't make Twitter functionality. We don't even know how they got hacked.
The DOD doesn't use Twitter, a social media platform, as the mechanism for launching nukes... what are you talking about?
By using Twitter as a communications channel for official announcements, they are at least legitimizing it.
If they have any reason to be concerned about the security of their account (and it looks like they should have at least from now on), they should arguably reconsider their choice of platform.
For people who are victims of identity theft, of course not, but for organizations or governments? Yes, clearly yes. Let's make sure that the burden of securing operations generally stays with, you know, the folks that have staff and budgets.
“Half as much” is unnecessary exaggeration. All assets with a high reading volume can be manipulated with a tweet. News of a Bitcoin ETF is no different than positive news for any other asset. I think your bias is making you ignorant to general market mechanics.
> Imagine your bank balance is suddenly worth half as much because someone wrote a tweet.
That's just as possible with regular stocks, which Twitter's owner has (unrelatedly) demonstrated multiple times in the past with both Tesla and Twitter... or, a bit slower, in the early covid months.
Stock markets are insanely sensitive to "insider" information and breaking news in general, which is why the regulations around them are so strict.
