Researcher claims he accessed Trump's Twitter account by guessing password - White House...

midian182

Posts: 6,169   +51
Staff member
TL;DR: A Dutch security researcher says that he accessed Donald Trump's Twitter account last week by guessing his password—"maga2020!" The White House has denied the claim, while Twitter says it has "no evidence" of a hack taking place.

Dutch newspaper de Volkskrant reports that the researcher, Victor Gevers, claims to have guessed Trump's password on the fifth attempt. This allowed him access to the president's direct messages, to post under his name, and make profile changes. Gevers said he was disappointed to find the account was not secured using two-factor authentication.

"I expected to be blocked after four failed attempts. Or at least would be asked to provide additional information," he told the publication.

Some of the passwords Gevers tried included "MakeAmericaGreatAgain" and "Maga2020" before attempting "maga2020!"

On the day the dutchman says the hijack took place, Trump's account tweeted an article from satirical news site Babylon Bee titled, "Twitter Shuts Down Entire Network To Slow Spread Of Negative Biden News." Dutch magazine Vrij Nederland, which also published a screenshot that Gevers says he took while accessing the account, suggests the tweet may have been sent by the researcher.

"I am not saying I did it. But what if I was the one to post the tweet? Then Trump will need to either admit to never having read the Babylon Bee article and posting this bullshit tweet, OR he will need to acknowledge that someone else posted the tweet."

Gevers says that he tried to alert Trump's campaign team and family, US agencies, and Twitter about the lack of security around the president's account but got no response. A day later, two-step verification was enabled on Trump's Twitter. Two days after that, the Secret Service reportedly got in touch to thank Gevers for highlighting the security issue.

Twitter, however, has denied any hack took place. "We've seen no evidence to corroborate this claim, including from the article published in the Netherlands today. We proactively implemented account security measures for a designated group of high-profile, election-related Twitter accounts in the United States, including federal branches of government," said a company spokesperson.

The White House also denies Gevers' story. "This is absolutely not true but we don't comment on security procedures around the President's social media accounts," White House Deputy Press Secretary Judd Deere told Forbes.

Gevers says this is the second time in four years he's accessed Trump's Twitter. In 2016, working with two other researchers, he broke into the account by obtaining his password—"yourefired"—from the 2012 LinkedIn hack.

Back in July, the Twitter accounts of Barack Obama, Apple, Joe Biden, and more were hijacked for a crypto scam.

Permalink to story.

 

Endymio

Posts: 1,016   +856
Of course Twitter denies a hack. When someone enters the correct username and password, there IS NO HACK.
Totally incorrect. In fact, in the most commons form of hacking (social engineering, spearphishing, etc) the hacker tricks or coerces the account owner into revealing their login credentials directly.
 

Dennis83

Posts: 8   +3
Totally incorrect. In fact, in the most commons form of hacking (social engineering, spearphishing, etc) the hacker tricks or coerces the account owner into revealing their login credentials directly.
There are different level of agreement on what is actual hacking and what is not. It's an endless discussion,
but out there it's used for almost anything that people
a) do not understand
b) involved computers
c) see it as bad

Although hacking in essence is not tied to computers, in general you can hack anything.
So human hacking, or social engineering is indeed possible but like I said definition varies a lot.
Personally I do not like use hacking on humans (could be slightly misunderstood) but more on things and systems involving unofficial methods to make things work in a different way for a different or previously inaccessible purpose which is not necessarily something bad.

I'd argue for no-hacking as well on behalf of twitter in regard to that there was no intrusion where the SYSTEM security was compromised (vs user secuity when 2fa is not enabled) that would enable a hacker to get access to twitter's internal system.
 

SalaSSin

Posts: 177   +117
Totally incorrect. In fact, in the most commons form of hacking (social engineering, spearphishing, etc) the hacker tricks or coerces the account owner into revealing their login credentials directly.
It's still not a hack. It's social engineering, spearphishing, as you say. It's not hacking. It's not someone who exploited a technical vulnerability.

My definition of a hack of Twitter: I exploited sth Twitter did wrong technologically to get access to their platform.

My understanding of what happened: Someone used 123456 (or some such) as a password and got found out. Noone got hacked, someone just had their password found and used.
 

FF222

Posts: 245   +184
It's still not a hack. It's social engineering, spearphishing, as you say. It's not hacking. It's not someone who exploited a technical vulnerability.
And of course you're wrong. The term "hack" has a far wider meaning than just exploiting technical vulnerabilities (with which you obviously want to refer to buffer overflows and such, even though you fail to properly name those). Even in the restrictive context of computer security the word "hack" means exploiting any kind of weakness of a computer system or a network, which also includes weak passwords or any other human factor (which is exploited per social engineering). Hence "hack" is very much a correct term to describe this incident.

And btw if you guess someone else's password (which purportedly happened in this case, at least according to the story told), that's definitely not "spear phishing" by any means (which is actually a completely different thing), and can be considered "social engineering" also only marginally, if at all, because there's really nothing engineered about this, it's just a wild guess that happened to be also a hit.

You just seem to be really confused about these words and their meanings.
 

mbrowne5061

Posts: 1,684   +959
It's rather illuminative that Twitter bans any retweet or reference to the Hunter Biden email stories detailing widespread corruption in the Biden family, but allow this unverified and improbable claim to circulate widely.
thatsBait.gif