Recently, Dutch media reported the alleged hacking of Donald Trump’s Twitter account after a Dutch researcher correctly guessed the president’s password: “maga2020!” Security researcher and ethical hacker Victor Gevers could access to Trump’s direct messages, post tweets in his name and change his profile, De Volkskrant newspaper reported. Four years ago, Gevers, along two other Dutch ethical hackers, allegedly hacked Trump's account.
Now, BBC News reports Dutch prosecutors confirmed the hack and claim Gevers provided proof of the hack. They have sent U.S. authorities the results of their investigation. Gevers will not face any charges as he was "acting ethically" while conducting a "semi-regular sweep" of the Twitter accounts of high-profile U.S. election candidates when he guessed Trump's password. "This is not just about my work but all volunteers who look for vulnerabilities in the internet," he said.
In response to the news, Twitter said, "We've seen no evidence to corroborate this claim, including from the article published in the Netherlands today. We proactively implemented account security measures for a designated group of high-profile, election-related Twitter accounts in the United States, including federal branches of government."
Jack Mannino, CEO at nVisium, a Falls Church, Virginia-based application security provider, says, “This serves as vindication for the researcher, however, it also presents a disturbing view of how security may have been handled by the administration. While you can't jump to conclusions about practices elsewhere, these types of incidents are generally associated with teams who have a relatively low level of security maturity. This is certainly not what you would expect or hope for from the White House, if it proved to be true.”
Terence Jackson, Chief Information Security Officer at Thycotic, a Washington D.C. based provider of privileged access management (PAM) solutions, claims that a substantial number hacking related breaches are still tied to weak passwords and the absence of Multi-Factor Authentication (MFA). He adds, "Use of a password manager and MFA are still two of the best ways online accounts can be protected from brute force and password spraying attacks. These “Keys to the Kingdom” are what malicious actors covet because it gives them access to wreak havoc.”
Dirk Schrader, Global Vice President at New Net Technologies (NNT), a Naples, Florida-based provider of cybersecurity and compliance software, says, “Leaving politics and personality aspects aside, this is still the perfect example of senior management being unsavvy about cyber security issues. Countless security professionals have had this experience, that implementing stricter password rules in the security policy is approved by management for the company with an exception granted for management itself. The need to have senior management supporting security initiatives to become cyber resilient is far too often impeded by that lack of participation in the efforts. If 2FA is seen as an obstacle, there is no ‘leading by good example’.”
