The hacking of Twitter CEO Jack Dorsey’s account was bad enough, with racist and offensive tweets published before control over the Twitter account could be regained. Just imagine what could happen if President Donald Trump’s Twitter account, with 63.8 million followers, was compromised. Predictable joking about whether anyone would spot the difference aside, given that this particular social media account is used by Trump to make policy announcements, it could have serious political consequences. While Trump himself doesn’t seem too concerned about hackers taking over his account, I am; I would suggest you should be as well.
Twitter CEO Jack Dorsey found himself without access to his own Twitter account for 18 minutes when hackers took control of it August 30. The hackers concerned, calling themselves the Chuckling Squad, splashed the #ChucklingHella hashtag around some of the tweets. The same hashtag that was posted amongst racist and offensive messages from the Twitter account of London’s Metropolitan Police on July 19 when it was compromised via a security issue relating to a MyNewsDesk account.
As President Trump was about to depart on Marine One, August 30, a reporter asked if he was concerned that his @realDonaldTrump Twitter account could also be hacked? “Well, I hope they’re not hacking my account,” Trump replied, “But, actually, if they do, they’re not going to learn too much more than what I put out, right? Shouldn’t be too bad.”
Wrong, Mr. President, on all counts. Here’s why.
That Trump should announce he “hopes they’re not hacking my account,” is extraordinary enough. Good security relies upon a lot more than wishful thinking, and when it comes to the office of the president of the U.S. one would like to think there would be somewhat more certainty expressed. Of course, perhaps he is thinking back to February 21, 2013 when his @realDonaldTrump account tweeted a lyric from Lil’ Wayne’s verse in the Will.I.Am song, “Scream and Shout.” Trump later tweeted that “My Twitter has been seriously hacked — and we are looking for the perpetrators.”
At least that hack only lasted long enough to post a single tweet, one that was retweeted a thousand times mind, before control was regained. It took a little longer on November 3, 2017, when a Twitter employee deactivated the @realDonaldTrump account on his last day working for the social media behemoth.
Even then, the account was restored in less time than it took to regain control of the @jack account: 11 minutes in all. Twitter stated at the time that it had “implemented safeguards to prevent this from happening again.” Twitter also commented that it “won’t be able to share all details about our internal investigation or updates to our security measures.” Which is understandable, considering this is presidential security being discussed.
I can only assume, along with the rest of the world, that Twitter applies some enhanced security measures to protect the account of the president. As Alexei Oreskovic, writing for Business Insider Singapore, said, “we largely have to take it as a matter of faith that the company, presumably with government security assistance, is on top of it.” Indeed, I’d hope that is the case, and security isn’t being left to Trump, despite his assertion while president-elect back in 2017, that “I know a lot about hacking.”
“Because Trump already uses Twitter in unprecedented ways to carry out diplomacy and politics, and tweets shocking things almost every day, tweets from a hacker masquerading as Trump might not immediately be dismissed as bogus (as Dorsey’s quickly were),” Oreskovic mused. And that’s precisely why Trump was wrong to think that his Twitter account being hacked, “Shouldn’t be too bad.” In fact, it could be very, very bad, indeed.
Javvad Malik, a security awareness advocate at KnowBe4, says that “Social media influencers, news organizations, and world leaders should take the security of their accounts seriously even if they don’t believe they post anything sensitive.” After all, in the hands of a Chinese, Iranian or Russian hacker, or even an American White Supremacist for that matter, an account with that following and political weight could have unprecedented consequences.
The impact of hacked accounts without the might of the presidential seal upon them can be significant. “We saw a few years back when the Associated Press (AP) Twitter account was compromised,” Malik continues, “it led to a temporary but real hit to the stock market.” That AP account had less than 2 million followers, yet a 2013 tweet from the alleged Syrian hackers claiming that two explosions had occurred in the White House, injuring then-President Barack Obama, was enough to erase “$136 billion in equity market value in 3 minutes.”
Part of the problem with Trump’s attitude towards his Twitter account is reflected by his attitude towards his smartphone. Actually, make that smartphones. Politico has reported that Trump “uses a White House cellphone that isn’t equipped with sophisticated security features designed to shield his communications, according to two senior administration officials—a departure from the practice of his predecessors that potentially exposes him to hacking or surveillance.”
It appears that while Trump was persuaded to give up his use of an Android phone when he became president; instead he now uses two iPhones. One is restricted to making voice calls only and treated as a burner device, being swapped out regularly by the White House Communications Agency which is staffed by military personnel. The other, with only the Twitter app and some news sites preloaded, is reported as not being swapped out on a regular, monthly, basis as Trump insisted that would be “too inconvenient.”
“Security versus convenience has been a long-standing debate. It’s difficult to argue from a security perspective when measures inconvenience the user experience,” Malik says, “therefore, the onus is on providers to offer great security features in a usable manner. However, that change will always take time, and until that happens, the user will need to bear some inconvenience to have a more secure experience.”
Even, dare I say it if the user is President Trump.
For all users of Twitter, including Donald Trump if he happens to be reading [President Obama followed me on Twitter, so you never know], Anjola Adeniyi, technical leader for EMEA at Securonix, has the following security advice: “To prevent Twitter accounts being compromised, it is advised that users use unique passwords which are updated regularly, ensure the email address linked to the account is also secure and that the password is unique and not associated with any other of your online accounts. It is also important to have security tools deployed which can detect malware and malicious threats on your OS, which could have the ability to monitor for passwords or keystrokes.”
To which I would only add that two-factor authentication, despite it being of the less than ideal SMS-based variety at Twitter, should also be enabled to add an extra layer of security between you and an attacker.