By now, you have probably heard about how our fearless commander-in-chief is utilizing an outdated Android device, and maybe it makes you wonder if he has already been hacked. Along the same lines, you might think his Twitter account is already potentially compromised (did you catch his thoughts on the whole Russia hacking topic?). Here to speak more in regards to this topic is TruShield’s Senior Cybersecurity Solutions Architect, Corey Lancaster.
How easy/hard it is to hack a Twitter account?
CL: The difficulty is not so much of hacking the account as it is knowing the user. Guessing passwords are easy if the person routinely broadcasts information and interests through the various social media channels. For example, a Star Wars enthusiast might have a password with names or phrases that are associated with the movies. An average personal computer or smartphone has the capability to run many dictionary level algorithms to guess the password in a relatively short period.
What can be done with a hacked Twitter account?
CL: It really depends on the user. If the user has actual information in their profile, that information can be seen and or compromised. The account may have information such as name, address, or credit card number of the original account owner. A hacker could potentially utilize the account to spread messages that the original account owner would not normally authorize or ‘tweet’ on their own.
What would the worst case scenario be in the case of a hacked Trump Twitter account?
CL: I am going to assume that his business associates set up his account, and multiple staff members have access, so very little personal information would be found in his account. Once the account Tweets something he did not post, the story will dwindle because he can prove it was not him. Since so many news outlets follow him, his account would get plenty of coverage and can be utilized as a platform to speak to a much larger audience than most. But once he announces the account has been compromised, the story would continue as long as the general public has an interest in it.
What can be done about these threats? Are passwords sufficient security measures?
CL: Passwords can be great security measures regarding preventing this. It is advisable to change your password on a monthly basis. However, most people do not use extremely complex passwords such as “!^#303naf@?>+08_*81.” Further, people provide more and more information on their likes and dislikes online that they make guessing their DarkVader2017 password extremely easy. Remember some accounts do not lock out when you attempt more than 5 or even ten times, so a malicious actor can attempt different passwords 4 -9+ times per day (depending on the application) and the user will never know. Once in the account, the attacker can gather as much information as possible and may do malicious and reputation-damaging tweets.