Fraud Management & Cybercrime , Multi-factor & Risk-based Authentication , Security Operations
White House Denies Trump's Twitter Account Was Hacked
Dutch Ethical Hacker Claims He Gained Access, But Twitter Says There's No EvidenceThe White House and Twitter are both debunking claims by a Dutch ethical hacker that he accessed President Donald Trump's Twitter account earlier this month by guessing the password, enabling him to obtain full privileges and capture screenshots.
See Also: On Thin ICES: Augmenting Microsoft 365 with Integrated Cloud and Email Security
White House spokesman Judd Deere tells Information Security Media Group: "This is absolutely not true."
Meanwhile, Twitter tells The Independent there is no evidence that the account access took place.
Researcher’s Claims
Victor Gevers, a security researcher at the GDI Foundation and chairman of the Dutch Institute for Vulnerability Disclosure, tells the local magazine Vrij Nederland that it took only five guesses before he hit on the password "maga2020!" to gain access to @RealDonaldTrump Twitter accounts. Gevers claims that he had the ability to change the password and profile picture and could have downloaded Trump's Twitter history, which would have included the direct messages associated with the account.
Gevers also asserts that Trump's account lacked multifactor authentication. He says he attempted to contact the White House and other government agencies to warn them of the issue. A screenshot posted by Vrij Nederland purportedly shows Gevers in the administrative section of the account where he was able to place his cursor next to Trump's name.
Dear @realDonaldTrump,
— Victor Gevers (@0xDUDE) October 19, 2020
I've tried to notify multiple times because of your passwords for Twitter are too weak. Last Friday, I contacted @CISAgov, @TeamTrump, @WhiteHouse, @DonaldJTrumpJr, and @twittersecurity, just like in Oct 2016. But no one responds. Please keep 2FA enabled! https://t.co/DRCCS8NAa4
Deere, the White House spokesman, would not give any details on whether the president’s account used multifactor authentication. "We don’t comment on security procedures around the president’s social media accounts," he tells ISMG.
President Trump uses his @RealDonaldTrump Twitter account, which has 87 million followers, as one of his main communication methods.
Earlier Twitter Hack Incident
Back in July, Twitter’s security procedures were called into question when 130 high-profile accounts were compromised as part of a cryptocurrency scheme. Twitter's investigation found the attackers "successfully manipulated a small number of employees and used their credentials to access Twitter's internal systems, including getting through our two-factor protections" (see: Twitter Hijackers Used Well-Honed Fraudster Playbook).
About 360 people lost almost $130,000 in the scam. Two of those responsible were arrested and a third was charged but remains at large (see: 3 Charged in Twitter Hack).
In September, India's Prime Minister Narendra Modi's Twitter account was taken over and used for a similar scam (see: Another Twitter Hack: This Time, India's Modi Targeted).