As organized crime groups and foreign attackers increase their use of social media to target individuals, businesses and government officials, some are wondering if the new US president—aka the “tweeter in chief”—has a red-hot target on his accounts. A YUUUUGE target, even.
Donald Trump has famously used Twitter to attack his perceived enemies, rail against TV satire and big himself up in absence of actual facts—heretofore taking to his handle, the @realDonaldTrump, to do so. With the inauguration, he takes over the @POTUS handle as well. There’s no sign that he’s planning to tone down his use either—he has said that Twitter is an essential tool to speak to the American people without having to deal with what he sees as one of his biggest enemies: the press, with all that fact-checking and questions and such.
But given the effect that Trump’s tweets have already had on moving markets (tweets threatening Toyota and Boeing sent both companies’ stock price into a downward spiral), not to mention the potential foreign policy implications of what he says and its strong influence on public opinion, the potential for someone hijacking the account to wreak havoc is very real. It’s so real, it’s bigly.
In fact, during last week’s Senate Select Committee on Intelligence Hearing, Senator Kamala Harris raised the question, “What about the president-elect’s Twitter account? And in particular what is being done to safeguard his phone and account given the potentially dire national security consequences?”
Evan Blair, co-founder and chief business officer at ZeroFOX, told Infosecurity that the concern around Trump’s Twitter account being hacked does not stem from irrational paranoia – it has escalated to a national, and international, topic of interest.
“For better or for worse, Trump’s Twitter account has become the official mouthpiece of the United States,” he said. “Therefore, the national security (or domestic safety) implications of a compromised account could result in irreversible upheaval within the USA—and around the globe.”
He added, “If the @realDonaldTrump account is hacked and hijacked, a fake tweet could impact the stock market, threaten national security, or possibly spark military action. Social media has become intertwined with our society and culture—with individuals turning to social media platforms to communicate, collaborate and stay informed on a global-scale. This, combined with the speed of today’s breaking news, generates a reflexive and immediate reaction to updates posted on social media. Trump’s tweets have already captured the attention of the media on a global scale—and the more he tweets, the more he is putting himself (and the United States) at risk of a breach.”
Raz Rafaeli, security expert and CEO of Secret Double Octopus (how’s that for a company name!), called Trump’s Twitter habit “a security disaster waiting to happen.”
“Regardless of your personal take on the prolific tweeter and President-elect, his 140-character tweets have already proven they can have a huge impact with the ability to swing stock markets, strongly influence public opinion and affect foreign relations, which only highlights the huge sensitivity ?of identity theft online,” he said.
What can be done to avoid this worst-case scenario? To answer Senator Harris’s question, two-factor authentication is a necessity—but it needs to be a different kind of 2FA than what Twitter has in place now.
“With Twitter’s reliance on two-factor authentication which has been proven to be particularly vulnerable to attack, it seems to be only a matter of time before there’s major fallout from an attack,” said Rafaeli. “Take for example the incident last summer when someone hacked Black Lives Matters’ DeRay Mckesson's Twitter account even though two-factor authentication was implemented. No one on social media is really immune because authentication technology still has major vulnerabilities. The National Institute of Standards and Technology (NIST) has issued new directives to phase out the use of SMS and limit the reliance on biometrics – but the industry still needs to adapt and offer more resilient schemes that would exclude any single point of failure.”
It's clear that Trump will be unlikely to abandon Twitter anytime soon. But those in charge of national security may want to consider the tremendous potential for hacking with bad consequences. Unlike President Obama’s rather boring Twitter feed, which didn’t make news, ever—Trump’s Twitter feed is filled with personal, emotional, reactive and above all ill-considered communiques that make news in a very high-profile way—opening the door for politically motivated tampering.