How to Steal $4 Billion on One Blog Post

In an apparent rush to scoop the blogosphere, the blog Engadget managed to strip $4 billion of market capitalization off of Apple’s stock price in a mere 15 minutes – with a single blog post.

Engadget published what appeared to be a legitimate internal email memo from Apple stating that the release of the iPhone and the new Leopard OS were going to be delayed. The post read:

we have it on authority that as of today, the iPhone launch is being pushed back from June to… October, and Leopard is again seeing a delay, this time being pushed all the way back to January. Of 2008. The latest WWDC Leopard beta will still be handed out, but it looks like Apple-quality takes time, and we’re sure Jobs would remind everyone that it’s not always about “writing a check”, but just how much time are these two products really going to take?

Engadget elected to publish the email’s details, despite the fact no one was available from Apple to officially confirm or deny the message. A short time later, Apple brass launched a second message stating to employees that the first email was a hoax and was not a genuine corporate communication.

This means that someone with significant insider knowledge of what an internal Apple memo looks like, was able to penetrate the *awesome* inherent security (note sarcasm) of not just one Mac, but multiple macs to plant a fake corporate email message that was SO realistic that Apple’s own employees believed it and leaked it to a blog.

Forget hacking into people’s online brokerage accounts – all you need to do is plant the right email on the right corporate network at the right time, and a hacker can make millions on perfectly legitimate stock purchases.

There are so many lapses in security and judgement in this story from start to finish – both on Apple’s end and on Engadget (who is defending their decision to release the information). There is no evidence that Engadget profited from the post in any way, but they just as easily could have been were the unwitting tool of someone else who did.

Incidents like this from a blog as highly respected as Engadget serve to cement the old media’s claim that the uncontrolled, unregulated, and in the end unaccountable blogosphere is about as reliable as a sundial in a dark room.