On October 16, 2020 a mysterious message is posted on Donald Trump’s Twitter timeline.

Twitter Shuts Down Entire Network To Slow Spread Of Negative Biden News https://babylonbee.com/news/twitter-shuts-down-entire-network-to-slow-spread-of-negative-biden-news via @TheBabylonBee

Wow, this has never been done in history. This includes his really bad interview last night. Why is Twitter doing this. Bringing more attention to Sleepy Joe & Big T

In the tweet, Trump references the Babylon Bee website, online information similar to The Onion (or De Speld in the Netherlands) but aimed at Trump supporters. ‘The world’s best satire site,’ as the Babylon Bee refers to itself.

Did Trump make a mistake?
Is it a joke?
Or neither of the above?

Victor is one of the three Dutch ‘grumpy old hackers’ who gained access to Trump’s Twitter account four years ago. The password was: yourefired.

I earlier wrote this piece on the matter.

online version of batman

On October 16, 2020, Victor Gevers decides to check in on Trump’s account. Just to see if it is still safe. “I always run random checks. Whenever someone is in the news, I monitor. I ran a check on the Biden, Pence and Harris accounts. Anyone receiving media attention is a potential target and deserves protection. Regardless of who they are.” Gevers still abides by the old hacker manifesto. He does not discriminate on the basis of race, religion, class or political beliefs.

Within the international hacker community, Gevers (44) is considered an authority. At nearly 6.5 ft tall, his physical appearance matches this description. You can compare him to an online version of Batman. During the day, he works for the Dutch government. At night, he keeps the internet safe. He leads the GDI.foundation, an organization with a network of 38 volunteers that tirelessly address data breaches, weak passwords and other vulnerabilities on the internet. For every data breach that has made headlines, the GDI.foundation has prevented one hundred others. Most of them will never see the light of day. Tracking down digital glitches comes as a second nature to Gevers.

On Friday 16 October, 2020 Gevers runs a check on the Hunter Biden (US presidential candidate Joe Biden’s son) story, whose laptop has supposedly turned up at a computer repair shop. He also searches for Hunter Biden’s previously leaked passwords and then checks if these work on his Twitter account. They don’t. Just to make sure, he also checks Donald Trump’s Twitter account, and runs the password that was in use 4 years ago: yourefired

He sends a message to the Grumpy Old Hackers Signal group. “maga2020!”

Much to his surprise, the Two-Factor-Authentication for the account is disabled. For so called ‘verified Twitter accounts’, it is compulsory nowadays to submit an additional code (which is for example sent to your mobile phone) after logging in with your regular password. Gevers had a key role in this feature becoming mandatory on Twitter.

‘Not again!’

It is very odd to find Trump’s Two-Factor-Authentication disabled. However, Gevers suspects Trump’s account has its own special security. This would also explain why Trump’s account was left untouched during the Twitter hack in July 2020. During this hack, posts appeared on the accounts of Barack Obama, Elon Musk and Joe Biden, requesting Bitcoin transfers. Not on Trump’s account.

Gevers tries a few other passwords:

!IWillAmericaGreatAgain!
MakeAmericaGreatAgain
MakeAmericaGreatAgain!
Maga2020
Maga2020!
maga2020!

Plong! At the last try, he gets kicked off the site. Or at least, that is what it seems like – for a split second. Because he then realizes, he’s back in Donald Trump’s Twitter account, just like he was 4 years ago.

He sends a message to the Grumpy Old Hackers Signal group.

“maga2020!”

“NOOOOO! Not again!”, is the reaction

Gevers is able to change the password. And the profile picture. And worse: if he wants to he can download all of Trump’s Twitter history as a data file. A document containing all of his DM’s. And all of the messages Trump has previously deleted. Hasn’t anyone learned anything?

A screenshot from when Gevers had access to Trumps account

Via Signal – the safer option to WhatsApp – Gevers tells me: “Getting access to someone’s Twitter account comes with much more risks than before, you can do more than just recommend bitcoins and rearrange an account. All of the account interactions are logged and saved.”

Digital evidence

Gevers did learn from the incident 4 years ago. Together with his ‘grumpy hacker’-friends Mattijs and Edwin, he pursued an official ‘responsible disclosure’ path at the time. A discreet report to the president that ‘he had his digital fly open’. They covered up all their tracks. As a result, nobody in the US felt the need to thank them for their efforts afterwards. Another result was that several people expressed their doubts about the validity of the earlier article published on the Dutch hackers, which tells the story of how they accessed Donald Trump’s Twitter account in 2016. Even a Bellingcat member questioned the piece. What if the profile screenshots of Trump’s Twitter account had been photoshopped?

Gevers comes up with a plan to make sure that this time the White House responds.

“The Bellingcat comments kept circling my mind.” This, in combination with the fact that an official thank you note from the US never arrived, made Gevers decide to leave behind more digital evidence this time. “At the same time, a sense of moral duty kicked in. There’s this unwritten code in Responsible Disclosure. Each person deserves the right to a decent report. Including Donald Trump.”

Gevers comes up with a plan to make sure that this time the White House responds. He refuses to say what he did exactly, but in a tweet that has now been removed, he alludes to the fact that he was the one to post the Babylon Bee tweet in Trump’s name. Shortly after, he posted a tweet in his own name, tagging Trump and Team Trump, saying the Babylon Bee-tweet could now be removed, as it had served its purpose.

“I am not saying I did it. But what if I was the one to post the tweet? Then Trump will need to either admit to never having read the Babylon Bee article and posting this bullshit tweet, OR he will need to acknowledge that someone else posted the tweet.”

Breaking into a Twitter account to prove it is poorly secured is one thing, posting a tweet is another. “I took things further this time because our previous report obviously didn’t have any effect”, says Gevers. “I hope that everything will now be resolved soon, and that mister Trump sends us a message. ‘Thank you for your work/report.’ That should suffice and will round up things for both cases.”

‘Thank you for your message’

Whether the tweet is real or fake, fact is – the Babylon Bee post has not been removed. It is still there as I am writing this piece. Whether the tweet is real or fake, fact is – the Babylon Bee post has not been removed. In fact Trump ‘acknowledges’ the tweet, by reacting to it. It is unclear why, but this is something that happens more often. Sometimes his tweets even appear when he is on stage somewhere. Gevers: “It seems as if he tweets random things at times, followed by a tweet to elaborate. Team Trump, maybe?”

The media start publishing scornful stories on how Trump has put his foot in once again. The New York Times, USA Today, Politico, The Independent and Daily Mail all write about how Trump has mistaken obvious satire for reality. Meanwhile, Gevers has only been briefly in touch via DM with Team Trump. A very short reply:

‘Thank you, we forwarded your message.’

Gevers succeeds at further interaction with Team Trump via Parler, an alternative to Twitter now gaining in popularity at high speed, as Twitter increasingly moderates and removes conspiracy theories and fake news. Gevers learns that because of this, their 2016 report – which was sent to Homeland security via the Dutch CERT – never reached Donald Trump.

On Saturday evening 17 October, 2020 Gevers writes: “Team Trump reports that Donald Trump never received our emails in 2016. Nobody informed him back then either. He was never informed of the fact that three people from the Netherlands tried to inform him in a timely matter. This is now surfacing because I am actively pursuing the information myself. Twitter is not responding. It is obvious that everybody hates Trump. Which I can relate to, but purposely keeping intel away from him is unethical.”

“Any news?”, I ask in the morning.
“Yes, that none of the emails sent to Trump ever arrived.”
After which I think I receive some sort of secret code:
‘309780p349874[‘ 0-92`1367yb’R_(TYgr13e4p9igbR!@#$’
“What does this mean?”, I ask.
“This is me losing my shit. FUCK GMAIL”, Gevers says.

Gevers feels discouraged. All of the emails have bounced back. There seems to be no way to get a message delivered to Trump. He desperately wants to reach Trump or the people surrounding him. Which. Seems. Impossible.

“I have tried email, Twitter, Parler, contacts, DMs to contacts who know people at the White house, the Team Trump web form, the White House web form. His son. The CISA (Cybersecurity & Infrastructure Security Agency), Twitter security – via their chatbot. I also tried calling Team Trump.”

The password seems to have changed, Two-Factor-Authentication has been reinstated. Other than this, nothing is happening – just like in 2016. Zero. Nothing. Nada. Not a single bleep. From anyone.”

message in a bottle

Gevers is at his wits’ end. He comes up with the idea of making a video to disperse via social media, in the hope that it reaches Trump, like a digital message in a bottle. He shares his draft script with me.

The draft

Then, the editor in chief of The Babylon Bee retweets a Newsweek story, which suggests that Trump has a sense of humor and that he has purposely posted the Babylon Bee tweet.

“They are now going to frame it all as a joke”, Gevers says. It has come to the point where he thinks anything could happen. He has taken a file with evidence containing important information to safety, in case something unexpected ends up happening to him. “The US secret service is only six minutes away from me”, Gevers says. During the previous reporting procedure four years ago, he had already learned that in case of an escalation, the Dutch government would not be extending any assistance.

During the night of Monday the 19th to Tuesday the 20th of October, 2020, Gevers spots the following video online:

Twitter

Deze dienst is alleen beschikbaar wanneer alle cookies zijn geaccepteerd

Wijzig cookie voorkeur

Donald Trump is on a stage somewhere in Prescott, Arizona, discussing hackers. “I have never known anyone who says they have been hacked or who has been hacked. Nobody gets hacked. To be hacked you need someone with an IQ of a 197, and he needs to know 15% of your password. Doesn’t happen”.

Gevers gives up on trying to reach Trump to warn him. He gives me permission to write this story. As a plea to everyone to use Two-Factor-Authentication.

The absence of Two-Factor-Authentication on the Twitter account of the President of The United States of America is absurd and raises many questions. The Two-Factor-Authentication on his account was probably disabled when he was taken to hospital a few weeks ago, in order to be able to issue tweets without him personally having to log in.

This means that the most important communication channel of the President of the United States of America – a man who is driven around in an armored vehicle, who is flanked by an army of security staff – can be cracked with an easy-to-guess password.

Donald Trump really isn’t the only world leader or politician using terrible passwords. However, Twitter should – in this case – be making it impossible for the account to be accessed so easily. This is a metaphor for the digital society, which seems to have become much too dependent on a handful of large companies, that are more interested in power and making money, than in stability and safety.

Gevers: “All I care about is more awareness of the fact that Two-Factor-Authentication should be mandatory for everyone. Passwords are the Achilles heel of the internet. This needs to be resolved – fast – because even the President of the United States of America is no longer safe.”

On Tuesday evening 20 October, 2020, the US government finally contacts Gevers. He tweets: “Thank you, dear infosec community, for helping to get ‘first contact’ – Responsible disclosure #5780 will be handled by the experts now.”

Via Signal he adds: “The cause is more important than the person. 2FA for all online users (…) A safer internet for EVERYONE. And fuck Big T for opposing this. I share Trump’s opinion in this regard. Big T’s power is something that should be addressed.”