Victor Gevers is no stranger to the IT security scene. The Dutchman who is the head of the GDI-Stiftung, a non-profit organization that draws attention to security gaps. In 2019, for example, Victor Gevers made headlines when he discovered an openly accessible database with hundreds of millions of chats and records from Chinese internet cafes.
Now Gevers claims to have logged into Donald Trump's personal Twitter account by guessing the correct password on the sixth attempt: "maga2020!" So it was, as he told the magazine "theverge". As evidence, the article only shows a screenshot that looks like the page for changing a Twitter profile.
But that is no more sufficient evidence than Gevers' other assertions. Above all, the case shows how difficult it can be to provide credible evidence of a successful entry into someone else's accounts without having to disclose the victim's private data.
So it remains with assertions and counter-assertions. In any case, Twitter itself told the US media: "We have not seen any evidence to support this claim, not even in the Dutch article." This is not a crystal clear denial.
The company said it had introduced "proactive security measures" for election-relevant Twitter accounts in the US, including Trump's, even if Twitter did not explicitly mention it.
Twitter's Measures Against This Type Of Attacks
The measures were described in this blog post just under a month before the alleged Gevers hack. First and foremost, it says that the relevant account holder would be asked to use a strong password and that they would be urged to use a two-factor authorization for additional security.
According to Twitter, a strong password consists of at least ten characters and includes lowercase and uppercase letters, numbers and special characters. On the one hand, Trump would have to have refused these security measures, because "maga2020!" has only nine characters. That cannot be ruled out.
Second, it would mean that Twitter didn't notice someone trying to log into Trump's account from a new device. This is exactly one of the other measures that Twitter announced "for the coming weeks" in September: "More sophisticated detection systems and warnings for us and the account holders to react quickly to suspicious activities, including improved protection against malicious logins -To attempt".
Should Twitter not have implemented these measures on October 16, the day of Gevers' alleged hack, that would have been an almost incomprehensible oversight in view of the upcoming election. In response to a request from Hackers Review, the company did not want to provide any further information.
Great work