“maga2020!” That was the password of “the most powerful man on earth.” The president whose entire campaign centered on Hillary Clinton’s potentially insecure private email server had “maga2020!” as his Twitter password. So much for security. The president also did not enable two-factor authentication. This would have prevented a hacker from gaining access to the president of the United States’ official Twitter account with nothing more than the president’s campaign slogan.
If his Twitter account is this insecure, what else is?
This is made far worse when you consider the fact that Donald Trump’s private Twitter account is, by law, an official means of communication from POTUS. The person who hacked Trump’s Twitter account could have caused havoc. They could have looked through DMs, sent inflammatory tweets, or told everyone that the election was canceled because Trump got his Supreme Court pick. They could have caused widespread panic in the United States, even the world.
Fortunately, they just rubbed our noses in Trump’s lousy security.
Ethical Hacker
Victor Gevers is a security expert and an ethical hacker. After gaining access, he took screenshots proving he had accessed the president’s account. This wasn’t his first time hacking Trump. In 2016, Gevers gained access to Trump’s Twitter account. The president learned nothing in the past four years. Currently, you can’t log in to Trump’s account with “maga2020!” but I have a sneaky suspicion that it may be “maga2020!!” now. Trump is apparently using two-factor authentication after the hack. The hack showed us just how easy it is to hack the president. It’s possible others will try. Hopefully only ethical hackers, and none of the United States’ many enemies.
You could argue that a truly ethical hacker would have locked Trump out of his account permanently and deleted the thing. Just leave a message stating, “I’m giving up golfing and Twitter to actually do my job,” wipe the account, and set the password to something that’s even harder than “maga2020!” to remember, like “personWomanManCameraTV.” It’s been a few weeks, there’s no way he still remembers that!
Hunter02
Supposedly, Gevers was inspired by news that Hunter Biden secured his hard drive with the meme-inspired password “Hunter02.” Yes, the outrageous and obviously fake story in the NY Post hinges on an internet meme. That story just keeps getting more desperate.
After hearing this, Gevers decided to check it out. Hackers gain access to databases all the time, and they share these passwords on sites that can only be accessed via the Tor browser, the so-called “Dark Web.” Gevers found numerous passwords Hunter Biden used, but none were his first name followed by “02,” in a reference to the classic internet meme.
This got Gevers thinking. He was part of the three person team that hacked Trump’s Twitter account in 2016. Could the story be a projection? Could Trump’s password be something simple?
Five guesses later, and Gevers was in.
Twitter Denial
Twitter says Donald Trump’s account is still secure. They claim that the article, published in Netherlands newspaper De Volkskrant, is false, and that Trump’s account wasn’t hacked. However, de Volkskrant has a right-leaning bias, according to Media Bias/Fact Check (MBFC). The news source is also rated as “highly factual,” not MBFC’s highest possible rating, but the same rating held by sources like The New York Times, a respectable news organization. There’s no reason to believe this is an unreliable source.
Gevers also is a reputable person in the security industry. Not only did he gain access to Trump’s account in 2016, but he’s also responsible for a hack on a Chinese database including the location data of 2.7 million people in Xinjang, the home of the persecuted Uyghurs. He claims he spoke with the Secret Service after hacking the president, who thanked him for bringing the security vulnerability to their attention, which he did before going public.
Twitter, on the other hand, has a lot to worry about. They should have prevented Gevers from logging in to Trump’s account. After all, he was logging in from an unidentified device, in a different timezone than Trump’s most recent tweets, and he was able to guess five different passwords. None of that is the kind of security you’d expect from a half-decent social network, let alone the account of one of the most powerful people in the world.
This isn’t the first time high-profile Twitter users have suffered intrusions. The fact is, hackers gain access to Twitter accounts all the time. Usually this is due to password re-use. Still, Twitter’s making it easy. They should require two-factor authentication for verified accounts like Trump’s. Instead, they let hackers walk in with the right password. That leaves the onus of security on the individual. In the case of Donald Trump, nothing should be left in his hands.
Sources:
- Adam Gabbatt, The Guardian
- Huib Modderkolk, de Volkskrant
- Zack Whittaker, Techcrunch