Fake News? Trump’s Twitter ‘Twice Hacked’ - Security Boulevard

Fake News? Trump’s Twitter ‘Twice Hacked’

President Trump’s Twitter account was broken into by a Dutch hacker. Or, so the Dutch hacker claims.

The White House denies it. Twitter issued a very “carefully worded” statement that, at first glance, looks like a denial, but actually amounts to a tasty nothingburger.

DevOps Experience

But the hacker certainly seems to have convinced mainstream Dutch media. In today’s SB Blogwatch, we wonder if he has an IQ of 197.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: In-car coffee.


‘Nobody gets hacked.’

What’s the craic? Adam Gabbatt reports—“Trump’s Twitter hacked after Dutch researcher claims he guessed password”:

 Donald Trump’s Twitter account was allegedly hacked last week, after a Dutch researcher correctly guessed the president’s password. … Allegedly gaining access to Trump’s Twitter meant Gevers was suddenly able to connect with 87 million users – the number of Trump’s followers.

Victor Gevers, a security expert, had access to Trump’s direct messages, could post tweets in his name and change his profile. … “We’ve seen no evidence to corroborate this claim,” … a Twitter spokesperson said in a statement.

A day later, Gevers noticed that two-step verification had been activated on Trump’s account, he noted. Two days later, the Secret Service got in touch [and] thanked him for bringing the security problem to their attention.

Remarkably, it wasn’t the first time Gevers has gained access to the president’s Twitter account. In 2016 he and two others guessed Trump’s password and got into his account.

Yikes. Gareth Corfield registers—“Dutch bloke claims he hacked Trump’s Twitter”:

 Donald Trump’s Twitter password was easily guessed, and he still isn’t using multi-factor authentication, claims a Dutch hacker. … In what must have been more than a mild state of panic, Gevers and his friends, we’re told, tried to tell someone, anyone, about the glaring security problem, from administration officials to Twitter itself.

The White House … denied the President’s Twitter account had been accessed by Gevers.

And Gerard Janssen is lost in translation—“How Trump’s Twitter account was hacked – again”:

 Victor Gevers … is one of the three Dutch ‘grumpy old hackers’ who gained access to Trump’s Twitter account four years ago. The password was: yourefired.

Gevers still abides by the old hacker manifesto. He does not discriminate on the basis of race, religion, class or political beliefs. … During the day, he works for the Dutch government. At night, he keeps the internet safe.

Gevers tries a few other passwords [including] “maga2020!” [He] is able to change the password. And the profile picture. And worse: if he wants to he can download all of Trump’s … DM’s. And all of the messages Trump has previously deleted. Hasn’t anyone learned anything?

Donald Trump is on a stage somewhere in Prescott, Arizona, discussing hackers. … “Nobody gets hacked. To be hacked you need someone with an IQ of 197, and he needs to know 15% of your password. Doesn’t happen.”

Gevers gives up on trying to reach Trump to warn him. He gives me permission to write this story. As a plea to everyone to use Two-Factor-Authentication. The absence of Two-Factor-Authentication on the Twitter account of the President of The United States of America is absurd.

So who is this Gevers character? Huib Modderkolk explains he’s a “Dutch Ethical Hacker”:

 Earlier discoveries by Gevers include an enormous Chinese database with the location data of 2.7 million inhabitants of Xinjang—China’s largest province and home to the Uyghurs. The poorly secured database contained all kinds of personal data: people’s ID number, nationality, phone number, date of birth, photos, employer, but also GPS coordinates of the places these individuals had visited. The existence of this database made it even clearer how meticulously China is monitoring the Uyghur minority in the country.

Victor Gevers was also one of the three hackers who logged into Trump’s account in 2016. … The reason for making another attempt to hack Trump’s account was the reporting in the US about Hunter Biden [whose] hard disk … was supposedly stolen or hacked – also because Hunter Biden used an easy to guess password (Hunter02).

The question remains why Trump was using such a weak and simple password. Gevers has a possible explanation: … ‘Elderly people often switch off two-step verification, because they find it too complicated.’

On that Friday morning, Gevers has access to what is perhaps the most important Twitter account in the world and is in a position to send a message to 87 million people, the attentive world press, and government leaders. … Dutch security experts find Gevers’ claim credible.

ikr? angryman77 sounds angry77: [You’re fired—Ed.]

 No two factor authentication? Really? For the primary form of communication he uses to communicate to the masses?

I’ve got two factor authentication to check my email, and I’m nobody.

But Menty tries hard to make a technical-not-partisan comment:

 Why do we insist on calling this “hacking”? The word implies some kind of skill or technical achievement. It’s not even social engineering, it’s just exploitation of … terrible security practices.

But did it even happen? Look closely: Twitter didn’t actually deny it, as TwoBit points out:

 This doesn’t make sense to me. Twitter has the IP addresses of all logins, so they absolutely know whether this happened or not. “We’ve seen no evidence,” is a senseless thing to say and implies they are being evasive.

PR people being evasive? Whatever next? Wet water? chuBb wants to believe:

 I doubt it’s real but, I have also had to weaken security for many a company boss who couldn’t manage the complexity of capital letters, vowel to numerals substitutions, not easily guessed, or more than 8 chars.

I’d call it … plausible.

Meanwhile, newslash.formatblows seeks the story’s nether regions:

 In unrelated news … Trump orders Air Force to find and bomb Dutchland.

And Finally:

Was this ever a Thing?

Previously in And Finally


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE. 30.

Image sauce: Matt Johnson (cc:by)

Featured eBook
Managing the AppSec Toolstack

Managing the AppSec Toolstack

The best cybersecurity defense is always applied in layers—if one line of defense fails, the next should be able to thwart an attack, and so on. Now that DevOps teams are taking  more responsibility for application security by embracing DevSecOps processes, that same philosophy applies to security controls. The challenge many organizations are facing now ... Read More
Security Boulevard

Richi Jennings

Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and CIO.com. Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 296 posts and counting.See all posts by richi