back to article Three middle-aged Dutch hackers slipped into Donald Trump's Twitter account days before 2016 US election

Three “grumpy old hackers” in the Netherlands managed to access Donald Trump’s Twitter account in 2016 by extracting his password from the 2012 Linkedin hack. The pseudonymous, middle-aged chaps, named only as Edwin, Mattijs and Victor, told reporters they had lifted Trump’s particulars from a database that was being passed …

  1. Alister

    To be fair, they could have guessed "password1" without having to resort to the LinkedIn breach...

    1. Grease Monkey Silver badge

      What makes you think it was that complex?

    2. Anonymous Coward
      Anonymous Coward

      $ echo Covfefe | sha1sum

      07b8938319c267dcdb501665220204bbde87bf1d

    3. Fruit and Nutcase Silver badge
      1. quxinot

        12345

        Just like on his luggage.

    4. BebopWeBop

      I'm just surprised they were concerned enough to put any effort into alerting 'authorities' about the vulnerabilities.

      1. 2460 Something

        Digital Trail

        I doubt they would have done other than they admitted that they had a potential digital trail, so best to report it to prevent comeback.

  2. Anonymous Coward
    Anonymous Coward

    But

    Is "Putin" long enough to be a proper password?

  3. Chairman of the Bored
    Pint

    Need better pseudonyms

    Might I suggest "Dewey, Screwum, and Howe?"

    With apologies to the entire legal profession.

    In all seriousness, well done gentlemen.

    1. chivo243 Silver badge
      Thumb Up

      Re: Need better pseudonyms

      A popular poster for The Three Stooges features the Stooges as bumbling members of such a firm, although the actual episodes use the name "Dewey, Burnham, and Howe".

      1. This post has been deleted by its author

        1. Ken Shabby

          Re: Need better pseudonyms

          Hunt, Lunt and Cunnigham

  4. Steeev

    And if you have any doubt

    Use https://haveibeenpwned.com/

    1. Pascal Monett Silver badge

      Re: And if you have any doubt

      Yeah, but there's one problem with that : it will report your email as having been hacked even after you've just reset the password.

      So I have no idea now if my new password has been breached.

      1. MatthewSt

        Re: And if you have any doubt

        https://haveibeenpwned.com/Passwords - you can check your password in there (or if you don't trust the write up about how the passwords aren't submitted you can download the full list and check it yourself)

      2. lglethal Silver badge
        Go

        Re: And if you have any doubt

        I just tested with my email address and it does say when the breach was at least discovered. So if you're password was changed more recently then the latest email breach, you are probably safe.

        I say Probably, because haveibeenpwned only know about the breaches that have been discovered after all... ;)

        Funnily enough, my email address ended up in the breach for the game EVONY. I've never heard of the game, let alone played it so buggered if I know how that happened, but it just goes to show that your email will turn up everywhere on the internet, even in places you never would have expected...

        1. Version 1.0 Silver badge

          Re: And if you have any doubt

          I've been using haveibeenpwned for years (and donated to them) - it's a great source for honeypot email addresses too, discovering that the people selling these hacked databases are also stuffing them with fake email addresses. once someone's got your email address and password then they can create fake accounts for you everywhere to "demonstrate" that their database is valid...

          1. Adrian 4

            Re: And if you have any doubt

            Why would they need your password ?

            They could create fake accounts everywhere with any password they liked, and still sell that to the scammers.

            No honour amongst thieves.

            1. Stoneshop

              Re: And if you have any doubt

              I suppose it's because a lot of new account signups use a validation email with a link, or a response code which you have to enter to complete the process. For which the scammer would need access to your email account to read (and delete) that message.

  5. alain williams Silver badge

    Enter the hash into a search engine ...

    and I got to an article in Dutch at the bottom of which it claims that the orange one's password is YOUREFIRED. We can only hope that that will become true in a few months time.

    1. Anonymous Coward
      Anonymous Coward

      Re: Enter the hash into a search engine ...

      Given the democrats are currently telling Biden to repeat everything Trump said two months ago, whilst panic-publishing policies that are just Trump's law'n'ordah rhetoric with the serial numbers filed off, I suspect their internal polling shows a growing support for Trump that they didn't anticipate, and I further suspect that he will take home a win in November.

      1. This post has been deleted by its author

        1. alain williams Silver badge

          Re: Enter the hash into a search engine ...

          Their rifles pointing in or out of the circle ?

          1. TomG

            Re: Enter the hash into a search engine ...

            Most likely pointing at their foot.

            1. A.P. Veening Silver badge

              Re: Enter the hash into a search engine ...

              Left foot or right foot? Inquiring minds need to know ;)

      2. Hubert Cumberdale

        Re: Enter the hash into a search engine ...

        General polling says very different. As do bookies' odds (although they were admittedly touch and go for a bit).

        1. Anonymous Coward
          Anonymous Coward

          Re: Enter the hash into a search engine ...

          Public polls are easily manipulated to give the result the polling companies want. They're wrong far more often than right for this reason.

          1. Anonymous Coward
            Alien

            Re: Enter the hash into a search engine ...

            Let's imagine two polling companies. One manipulates their poll results to get the answer they[1] want, one does not. People employ these companies and make decisions based on what their polls say. The decisions based on the manipulating company will be less right than those made by the other one. And since there is money resting on the decisions ('I need to move my business out of the UK if Corbyn wins: will he?') they rapidly stop commissioning polls from the company which is manipulating them, which dies.

            In other words: stop spouting conspiracy theories, troll.

            [1] Who, by the way is 'they'? Certainly not anyone who wants the polling company to make money: is it the deep state? The cabal? The libs? The illuminati? Me.

            1. Anonymous Coward
              Anonymous Coward

              Re: Enter the hash into a search engine ...

              "They" are the political parties that commission polls, and the polling organisations themselves, who suffer from the same political biases as everyone else, and will structure their polls in a way that gives them the answers they want to present to the public. This isn't some conspiracy nonsense; it's entirely public and has been the subject of satirical commentary for as long as opinion polls were a thing.

              1. Anonymous Coward
                Pirate

                Re: Enter the hash into a search engine ...

                You do understand that there are polls commissioned by people other than political parties, right? And you did understand my point that polling organisations with political bias will be weeded out by people who commission polls because they want the truth? And you realise, of course, that bookies (see root of the thread) who give the wrong odds will end up losing money? Oh, no, you didn't understand any of that. Never mind.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Enter the hash into a search engine ...

                  The Marist poll, supposedly independent, was run by a professor who worked at Marist College in Poughkeepsie. It kept skewing Democrat anyway. I figured out why when the local paper, the Poughkeepsie Journal, published an editorial by the professor. A died-in-the-wool Democrat, he was. So non-politicians skew polls the way they see things. Who'da thunk it?!? These days, I don't know what happened to the Marist poll. Guess the prof retired or something.

                  1. Hubert Cumberdale

                    Re: Enter the hash into a search engine ...

                    Hm. Anonymous commenter wants to spread FUD. I concede that polls can be unreliable (see Trump/Clinton 2016* and Brexit). However, as someone else pointed out, if the bookies get it wrong, they lose money: they have no reason to give a damn about anything else. As such, things seem to be looking up for once.

                    *Of course, by any normal definition, Trump actually lost in 2016.

                    PS – A very brief search would have led you to the Marist Poll website. Slightly more effort would have led you to at least one source that indicates it's notably less biased and more accurate than most other polls (scroll down to the table).

                    1. Hubert Cumberdale

                      Re: Enter the hash into a search engine ...

                      PPS – In fact, because I was interested, I dug a little deeper, and I was amused to find more recent figures indicating that Marist appears to be up there with the best of the bunch at the moment (try sorting by '538 Grade'), and actually has a slight Republican bias. I call bias on the part of the anonymous poster...

                    2. Anonymous Coward
                      Anonymous Coward

                      Re: Enter the hash into a search engine ...

                      Popular vote rhetoric is meaningless The states elect the president. The people of those states choose who their state will vote for. This system was implemented to prevent the more populous states overriding the will and rights of the less populous and more rural.

                      The president is president of the union of the states, not president of the majority voting population. His role is to act as the executive of the federal union, in matters concerning the union as a whole, not the whims of the largest four or five states. The state governors and legislatures govern for their populations.

    2. goldcd

      If you check on https://crackstation.net/ (as I just did, as I was curious)

      That would appear to be correct input to SHA1 the hash in the article.

      I can't believe that was his password though.. even Trump wouldn't...

      1. Katy_B

        Re: If you check on https://crackstation.net/ (as I just did, as I was curious)

        Oh yes he did. I'm guessing he's updated it now though. Maybe try 'Ivankashot'?

        1. Spiz

          Re: If you check on https://crackstation.net/ (as I just did, as I was curious)

          Is that "Ivankas hot"

          or

          "Ivanka shot"?

          1. EnviableOne

            Re: If you check on https://crackstation.net/ (as I just did, as I was curious)

            does it not seem suspicious that Donald keeps giving Jarod lots of work that requires him to be far from the WH ....

          2. Anonymous Coward
            Anonymous Coward

            Re: If you check on https://crackstation.net/ (as I just did, as I was curious)

            "Ivanka shot"

            Is that what Trump Snr. calls the outcome of perusing her modelling photos?

        2. Chairman of the Bored

          Re: If you check on https://crackstation.net/ (as I just did, as I was curious)

          Nahh,

          This one seems to use ALL CAPS, and no special characters. At best seven bits of entropy per character. Should be an easy search.

          I think my first try will be: YUGEWANKER

    3. Anonymous Coward
      Big Brother

      Re: Enter the hash into a search engine ...

      In fact it's 'yourefired' (lower case):

      $ echo -n yourefired | openssl sha1

      07b8938319c267dcdb501665220204bbde87bf1d

      So the man who is now president of the USA had a single-case, all-natural-language password which he hadn't changed for four years for hist Twitter account, one which would be easy to guess if you knew his history. This would be hysterically funny if it was not so terrifying.

      1. Anonymous Coward
        Anonymous Coward

        Re: Enter the hash into a search engine ...

        If it had been "yourefiredbatterystaple" we'd all have applauded him.

        1. Anonymous Coward
          Boffin

          Re: Enter the hash into a search engine ...

          If he had chosen two random words (obviously 'battery staple' are not two such since we all know where they originated and anything smart will be trying them), then he would have made his password about 55 billion times harder to brute force (with the dictionary size on my machine), yes. At a billion hashes a second, that's the difference between 55 seconds to brute force it and 1,744 years.

        2. Hubert Cumberdale

          Re: Enter the hash into a search engine ...

          (For those not familiar.)

    4. rototype
      Coat

      Re: Enter the hash into a search engine ...

      I really hope Alan Sugar's sueing him for copyright breach

  6. chivo243 Silver badge

    What can be said?

    Go Cloggies! Klever Klompen!

  7. Anonymous Coward
    Anonymous Coward

    Fake Tweats Would Have Been Obvious

    especially if they made sense.

    1. EnviableOne

      Re: Fake Tweats Would Have Been Obvious

      Aparently an alalysis of his tweets brings out two seperate writing styles, one of which is mostly posted late night early morning, and one mostly during business hours, I leave you to decide which is him.

  8. Katy_B

    Fake news

    Listen, Trump is a stable genius who doesn't need advice from a bunch of computer nerds. Let him be with his passwords.

    And if a bunch of computer nerds hack his twitter again could they please make sure to put in his thoughts on 'losers' who get killed fighting wars.

    Please??

    1. Anonymous Coward
      Anonymous Coward

      Re: Fake news

      The last thing we want is for trump to be able to use the "I was hacked" excuse, when he's exposed

  9. Anonymous Coward
    Anonymous Coward

    Heh

    They should have attempted to destroy his reputation by tweeting factually accurate, responsible, and thoughtful remarks. :-)

    1. chivo243 Silver badge
      Trollface

      Re: Heh

      Is Twatter really used for this?? factually accurate, responsible, and thoughtful remarks.

      1. Wally Dug

        Re: Heh

        Factually Accurate Responsible Thoughtful?

        Do you mean that everyone who uses Twitter makes FART remarks?

  10. Kev99 Silver badge

    Oh, the temptation to use that info and tweet truthful statements, apologies, and admissions of wrongdoing. Well, maybe not the last one. Twitter would shut it down as a possible DDoS attack.

  11. Anonymous Coward
    Alien

    What this means

    The Linkedin leak in 2012 was well-publicised. Any competent organisation interested in security was certainly aware of it. His password is two English words: a brute-force dictionary attack on his password based on knowing the hash would take tens of seconds if you can compute a billion hashes a second, which is very achievable.

    In other words the Russians were certainly in his Twitter account in 2016 and before as, probably, were any number of other state security organisations.

    1. Anonymous Coward
      Anonymous Coward

      Re: What this means

      Oh no! You mean they were reading every single tweet!? All the time? Let us hope he didn't tweet any state secrets... :-)

      1. Anonymous Coward
        Terminator

        Re: What this means

        No. I mean they were reading direct messages to him, possibly sending direct messages 'from' him, and also possibly sending public tweets 'from' him.

        And, of course, he used the same password for everything else, probably, so they were probably in everything else.

      2. Chairman of the Bored

        Re: What this means

        Wait, so some poor bastard had to read every single tweet? Drink up.

    2. fajensen
      Pint

      Re: What this means

      Maybe The Russians should be running things? They seem to be infinitely capable, with no limitations on manpower and dedication to duty!

      1. Anonymous Coward
        Alien

        Re: What this means

        I don't think they are infinitely capable: that's why I assume a lot of other people were in his twitter account between 2012-2016.

  12. XDeputy
    Facepalm

    ExVet

    Sobering thought guys.....this (cofevre)MORON has his pinky on the US nuclear arsenal

    1. Claverhouse Silver badge

      Re: ExVet

      Oh my. So terrifying: I remember the endless, hysteric, severe, measured screamed warnings before his inauguration four years ago about how this unstable, mentally ill, stupid maniac would blow up the world with those awful nuclear weapons in months.

      Evidently time for a replay.

      1. Adrian 4

        Re: ExVet

        He has staff.

        Some of them are even still not corrupt.

        Don't imagine for a moment that he has the right launch codes, even if he knew where to find them.

        In fact, given the American farce of an election, it's likely no president has ever been trusted with the real launch codes. Even when they were 000000.

      2. Stoneshop
        Mushroom

        Re: ExVet

        Who would he need to hit If it's going to escalate into a full-blown nuke war? That would be the ones with return strike capabilities. Which are: Putin? Njet. Xi? Nope. Modi? Nah. Dictators, or would-be dictators that he's chummy with, aspiring to join them. Johnson and Morrison might be a little miffed but offer to hand back the remaining bits they can find of whatever has hit the UK and Orstraylia while assuring that this unfortunate incident won't damage their relationship. France might be the only nation with atomic strike capabilities that would actually mount a meaningful response.

        1. Anonymous Coward
          Alien

          Re: ExVet

          I think your model of how such a thing might start is ... oversimplified. Much more likely is something like: Trump nukes Iran, someone (Russia?) nukes Israel in retaliation, US nukes Russia, Russia nukes US, game over. Or something involving North Korea.

          I don't know if that escalation path is plausible, but something like that is much more likely than a direct US-Russia thing. That kind of thing (not involving nukes, obviously) is how WWI started.

          1. A.P. Veening Silver badge

            Re: ExVet

            Or something involving North Korea.

            One can hope Donald and Vladimir Vladimirovitsch come to an agreement on this one, start leaning on Bei Jing to keep out of it and nuke Pyong Yang.

  13. Ken Moorhouse Silver badge

    Ashley Madison?

    Now let me see.

    He might first have tried to use PENIS as a password (no can do, too short).

    Then he tried BIGPRICK, only to be told that was too obvious.

  14. Doctor Syntax Silver badge

    "once they realised their digital trail was not particularly well covered"

    Should have tried emailing the breach report from Trump's email account.

  15. Anonymous Coward
    Anonymous Coward

    ******

    Stormy

  16. Bogbody

    Guests in Court

    So .... how long before the 3 Gents find themselves as Guests of the US Legal System?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like