I think it’s hilarious Trump’s account was compromised but calling a nerd who steals accounts an ethical hacker is like calling someone who steals elections an ethical president. Hope they lock him up. Both of ‘em.
I though that too, well the part about the hacker anyway, until I ... read the article. They are ‘ethical’ hackers in the sense that they immediately informed the Trump administration.
Whether that’s actually ethical or not is a tangential discussion because the existence and application of term is not controversial.
Ethical hackers hack for fame and money, but they don't blackmail or disclose any information that could harm anybody. Lots of companies already take part in bug bounty programs with explicit rewards for hackers or implement "coordinated vulnerability disclosure" (CVD).
I read the article too, mate. It doesn't change my mind on the matter. If someone broke into my house, my righteous indignation would not be assuaged by their refusal to steal and immediate disclosure to me of how easily my lock was compromised.
But it appears that twitter has even worse password protection policies.
The account was “hacked” by manually entering several different password ideas into Twitter’s login. The guy got it on the fifth try. Why not lock it down sooner?
Before 5 attempts? That's well within the range of a few careless typos. If he'd tried thousands of attempts then sure, but 5 seems completely reasonable.
I find the hacker mischievously hilarious :
"The question remains why Trump was using such a weak and simple password. Gevers has a possible explanation: ‘Trump is over 70 – elderly people often switch off two-step verification because they find it too complicated."
Yes. Twitter shouldn't treat a random person's account the same way they treat someone who wields a ridiculous amount of power and influence.
Typical person: 5 tries and no 2FA, that's ok (I Guess)
President: 5 tries and no 2FA? Twitter shouldn't have applied same ol' same ol' policies.
Sometimes you need to provide differential security. After all, the president doesn't ride around in an unprotected car even though pretty much everyone else does.
If you ever had to manage a site that had user accounts, you'd have realized that locking down access before the 5th attempt is a recipe for an insane amount of user frustration.
Because that's a thing that you do regularly? I would like for all of my accounts to at least start massively rate limiting me after 2 or 3 failed attempts. I honestly can't remember the last time I mistyped a password 3 times in a row, especially because it's increasingly rare that I actually have to type the password in by hand.
> A hard disk owned by presidential candidate Joe Biden’s son was supposedly stolen or hacked – also because Hunter Biden used an easy to guess password (Hunter02). Gevers is familiar with leaked databases of old passwords and searched these for Hunter Biden’s data. After analysing these old databases, he felt that the information was incorrect. Hunter Biden used other passwords. Gevers: ‘I could tell that it wasn’t his password.’
So this is not truth. But what I don’t know is if Gevers just read that online from a jokester, or if Trump’s people are actually claiming this.
the internet was such a better place in the 90s. now if someone gets your password in 2020 they can basically destroy your credit and social reputation
I think the story is implying that it wasn't his actual password:
>Gevers is familiar with leaked databases of old passwords and searched these for Hunter Biden’s data. After analysing these old databases, he felt that the information was incorrect. Hunter Biden used other passwords. Gevers: ‘I could tell that it wasn’t his password.’
It's much more insane to me that the President of the United States has a twitter account with no 2FA and the password 'maga2020'.
Are you seriously saying the President of the United States' Twitter a/c hasn't been secured by a strong password, or better yet, managed for him by his PA??
This is frankly not believable. Doesn't the Secret Service have a digital wing to secure such things?
I recall there being a story about Obama either not being able to use his first choice of phone or else there having had to have been made some sort of accommodation to allow him to at the beginning of his first term.
(I think it was an iPhone vs Blackberry thing)
I haven’t looked into this story too deeply but I find it incredible on its face. If it is true then it’s an absolute shock and a wonder of wonders why it wasn’t compromised sooner.
IIUC at the beginning of Trump's term he refused to agree to the arrangements that the Secret Service made for Obama and insisted on continuing to use his regular phone instead. And there wasn't a whole lot they could do about it. After all, he's the boss.
> But Trump wanted to be able to tweet and call people at will—neither of which is a feature of either DMCC-S device. So initially, he stuck to using his personal phone. … But he continued to resist using a secure phone for calls, because that would have meant routing those calls through the WHCA switchboard, and reportedly continued to place calls from his own Android phone from the White House residence after hours.
But, he's currently using a dedicated iPhone for twitter.
After the last four years and everything you learned about Trump, is it really THAT hard to believe? How many 74 year olds do you know who are tech savvy enough to enable 2FA or use a random password?
Are they seriously suggesting Twitter didn’t require 2FA for the president?
Twitter doesn’t exactly require 2FA for us serfs, but still in a lot of cases requires SMS confirmation.
(To answer the question, if we take as a basis that people excuse Hillary for not knowing an SMTP server under her desk wasn’t secure enough for email exchange with diplomats, we need to exclude the user in any case and make technology auto-secure by default).
Also, I’d claim any attempt to log on the Twitter account of the president should have been investigated like any guy who walks up to The White House and tries their home key on it. Although I don’t agree with USA’s extreme approach to security, I’m surprised the police was so lax on attempts at cracking the president’s passwords.
How would his PA log him into twitter when he's sitting on the toilet @ 2am sharing his deep wisdom? Can you imagine the hissy-fit he would throw if required to use a strong password, or getting a guy who has his email printed and dictated to use a pw manager?
...Or did you think his social media team sent all those tweets? There's a few obvious ones but I believe the vast majority are straight from the orange mind itself!
Are you seriously saying the President of the US didn’t wear a mask and had close personal contact with a lot of people during a pandemic, landing himself in hospital on experimental drugs?
I mean, he’s not one to either be careful or listen to expert advice, so it doesn’t really sound that out there.
Normal blue ticks have 2FA, _but they can turn it off if they want to_.
He also stared directly into a solar eclipse after being warned not to.
He's the sort of guy who, if you warned him not to touch a hot stove, would immediately slam both hands down on it because he thought you were insulting his manhood.
It seems like Twitter should require 2fa for certain accounts, if not for the damage it could do to the US if Trump's account were compromised (personal endorsements, inventing crises like the fake Hawaiian missile crisis, scam links to solicit money, etc.), then for Twitter's reputation as a platform people can trust. If they didn't want to inconsistently enforce the rules for individuals, they could have a policy like any account with at least xx million followers must implement 2fa.
What incentive do they have to not do something like this? Surely anyone with millions of followers isn't going to leave Twitter because of this requirement (new users might, hence only requiring it for accounts of a certain size)
I always had a joke theory that it was hacked long ago and keeps posting outrageous things. Rather than admit he was hacked Trump has to actually do those outrageous things.
> On Friday morning, almost absentmindedly, Gevers tries a number of passwords and their variations. On the fifth attempt: bingo! He tries ‘maga2020!’ (short for make America great again) and suddenly finds himself in the Twitter account of the American President. He is flabbergasted. Gevers: ‘I expected to be blocked after four failed attempts. Or at least would be asked to provide additional information.’ None of that.
This seems odd to me. I would assume that people would try to break into Trump's account hundreds or thousands of times a day - it's a high-profile (maybe the highest profile) account that billions of people are aware of and have the capability to attack.
If his password was that obvious, one would assume it would be guessed almost instantaneously. Maybe it had just been changed from something un-guessable minutes before, or some glitch disabled 2FA?
> In a statement, Twitter spokesperson Ian Plunkett said: “We’ve seen no evidence to corroborate this claim, including from the article published in the Netherlands today. We proactively implemented account security measures for a designated group of high-profile, election-related Twitter accounts in the United States, including federal branches of government.”
> Trump’s account is said to be locked down with extra protections after he became president, though Twitter has not said publicly what those protections entail. His account was untouched by hackers who broke into Twitter’s network in July in order to abuse an “admin tool” to hijack high-profile accounts and spread a cryptocurrency scam.
> A spokesperson for the White House and the Trump campaign did not immediately comment, but White House deputy press secretary Judd Deere reportedly said the story is “absolutely not true,” but declined to comment on the president’s social media security. A spokesperson for CISA did not immediately confirm the report.
Well they (The Guardian) did the same baseless reporting on the 'death of Kim Jong Un' and nearly all of them and Twitter falsly reported it and some users believed it (with little to no evidence.) Now, this time it's a single screenshot used as substantial 'proof' to support this Twitter hack. However, it is not good enough to suggest that it is genuine as it can be easily faked.
So it seems some choose to believe claims without the actual facts and evidence unfolding over time but what's clear on Twitter and in this comments section is the number of users having symptoms of TDS. At least wait a bit until this fully develops rather than believing unverified reports or claims. We're much better than this.
I would love to see verification of this claim or video evidence too. Even a letter from the White House to confirm saying 'Thanks' for your work.
Unfortunately that screenshot alone can be edited to be faked and it is the only screenshot used as 'proof' that he was 'hacked'.
It that's the case then this can be easily dismissed as fake news. Such a shame it was spread from 'news sites' like the Guardian. Who checks the Factcheckers eh?
> Twitter, however, denied the report. “We’ve seen no evidence to corroborate this claim, including from the article published in the Netherlands today. We proactively implemented account security measures for a designated group of high-profile, election-related Twitter accounts in the United States, including federal branches of government,” a Twitter spokesperson said in a statement. [0]
Yes, there are some conflicting statements in the media. The Dutch reporters claim to have seen proof. Of course Twitter has nothing to lose from admitting that it did happen. Also, this guy has a reasonably good reputation here, and would stand to lose his career from making a claim that was found out to be false.
Are there any other sources that back this up? It wouldn't surprise me if this was true, but given just how insane this is I'd like some confirmation before I start spreading it as truth to anyone.
The original story is by the Dutch magazine 'Vrij Nederland': https://www.vn.nl/trump-twitter-hacked-again/ . Most Dutch news media run the story currently, including broadcasters NOS and RTL, news sites nu.nl and Tweakers, and (the websites of) newspapers Volkskrant, Parool, Telegraaf.
reply