According to a Dutch hacker who hacked the president’s account once before, the answer is yes.
A Dutch security researcher says he accessed President Trump’s @realDonaldTrump Twitter account last week by guessing his password: “maga2020!”.
Victor Gevers, a security researcher at the GDI Foundation and chair of the Dutch Institute for Vulnerability Disclosure, which finds and reports security vulnerabilities, told TechCrunch he guessed the president’s account password and was successful on the fifth attempt.
Gevers was one of several hackers who previously hacked into Trump’s account in 2016. This time around he provided screenshots of the back end of Trump’s Twitter account and claimed he’d even been contacted and thanked by the Secret Service the following day for alerting them. But today Twitter has contradicted his claim, saying it has seen “no evidence” to corroborate it:
In a statement, Twitter spokesperson Ian Plunkett said: “We’ve seen no evidence to corroborate this claim, including from the article published in the Netherlands today. We proactively implemented account security measures for a designated group of high-profile, election-related Twitter accounts in the United States, including federal branches of government.”
Twitter said last month that it would tighten the security on the accounts of political candidates and government accounts, including encouraging but not mandating the use of two-factor authentication.
Trump’s account is said to be locked down with extra protections after he became president, though Twitter has not said publicly what those protections entail. His account was untouched by hackers who broke into Twitter’s network in July in order to abuse an “admin tool” to hijack high-profile accounts and spread a cryptocurrency scam.
Is Gevers lying or is Twitter just trying to cover up their inability to secure the most obvious target for hacking on their platform? There’s one final twist to this story. Gevers claims that because there was some doubt about his hack in 2016, this time he wanted to make sure there was evidence he had been there. Last Friday, the same day Gevers said he hacked Trump’s account, Trump tweeted out this Babylon Bee story:
That created news and lots of responses online pointing out that Trump appeared to be taking the satire site as real news. But according to Gevers, that wasn’t Trump, it was him:
Gevers comes up with a plan to make sure that this time the White House responds. He refuses to say what he did exactly, but in a tweet that has now been removed, he alludes to the fact that he was the one to post the Babylon Bee tweet in Trump’s name. Shortly after, he posted a tweet in his own name, tagging Trump and Team Trump, saying the Babylon Bee-tweet could now be removed, as it had served its purpose.
“I am not saying I did it. But what if I was the one to post the tweet? Then Trump will need to either admit to never having read the Babylon Bee article and posting this bullshit tweet, OR he will need to acknowledge that someone else posted the tweet.”
Breaking into a Twitter account to prove it is poorly secured is one thing, posting a tweet is another. “I took things further this time because our previous report obviously didn’t have any effect”, says Gevers. “I hope that everything will now be resolved soon, and that mister Trump sends us a message. ‘Thank you for your work/report.’ That should suffice and will round up things for both cases.”
Gevers claims he spent the next several days trying to reach out to Trump or anyone connected to him to warn him about the poor security of his account. Only after those efforts had all failed did he give the Dutch site permission to write a story about what he’d done. And Gevers claims that he did eventually get a response from the government.
So did this happen or is Twitter just trying to cover it’s rear end for failing to a better job protecting their #1 account? I don’t know but Gevers is right about one thing. If he’s lying about posting that Babylon Bee story then Trump must have done it.