How Vulnerable Is Donald Trump’s Twitter Account to Hacking?

01_02_trump_congress_01
U.S. President-elect Donald Trump delivers brief remarks to reporters at the Mar-a-lago Club, Palm Beach, Florida, December 28, 2016. Jonathan Ernst/Reuters

Donald Trump’s Twitter account is a “security disaster waiting to happen,” according to security experts, who say it should be protected with the same technology used by the military to shield nuclear launch codes.

The president-elect’s often erratic tweets have already proven they can swing stock markets, sway public opinion and affect foreign relations. This influence combined with security vulnerabilities makes it an appealing target to hackers, according to Raz Rafaeli, CEO of security firm Secret Double Octopus.

“When Donald Trump tweets it can impact the world,” Rafaeli tells Newsweek. “Twitter’s current security setup means it is probably only a matter of time before there is another attack on his account.”

Hackers previously hijacked Trump’s account in 2013, when lyrics from rapper Lil’ Wayne were posted to his 2 million followers.

“My Twitter has been seriously hacked—and we are looking for the perpetrators,” Trump tweeted following the attack. He later tweeted: “Twitter will soon be irrelevant if lowlifes are so easily able to hack into accounts.”

Since then, Trump’s Twitter following has grown to almost 20 million and his election victory in November has made it arguably the most influential Twitter account in the world.

Earlier this month, a tweet from Trump about Toyota resulted in the Japanese car manufacturer losing $1.2 billion in value within the space of five minutes, while a tweet about Boeing’s “out of control” government contract costs caused the airplane manufacturer’s share price to drop by around $1 billion.

Twitter currently offers two-factor authentication to help secure accounts, meaning users need to enter a passport and a six-digit access code sent by SMS each time they want to log in. According to recommendations released by the National Institute of Standards and Technology (NIST) in August, SMS messaging is not a completely secure method for verifying a person’s identity.

“Due to the risk that SMS messages or voice calls may be intercepted or redirected, implementers of new systems should carefully consider alternative authenticators,” NIST’s guidelines state.

Rafaeli suggests that using the same technology that is used to protect nuclear launch codes would be one solution to protect a person’s identity. The technology involves sending encrypted data in multiple messages through a secure third-party app. This could then be combined with a biometric identifier, such as a fingerprint, to verify a user’s identity.

According to social media managers of high-profile politicians, Twitter does not currently have any additional security measures for public figures who may be at greater risk to hacking.

Laura Olin, the head of President Barack Obama’s social media strategy in 2012, told NBC recently: “I’ve never encountered a separate set of security features being available for public figures’ social media accounts [but] I wouldn’t be surprised if that begins to change, especially after widespread Russian hacking.”

A spokesman for Twitter did not reveal whether it had special security measures for Trump, but told Newsweek: "We have a government team based in Washington that works with candidates, Congress, agencies, and the White House on best practices for Twitter, including account security."

Trump has promised to make cybersecurity a top priority of his administration, citing concerns about cyberattacks from the likes of China and North Korea. Following Trump’s election victory, Uri Rivner, head of cyber strategy at biometrics firm BioCatch, told Newsweek he believed Trump would develop cyber weapons.

“Cyber threats to both critical infrastructure and financial systems are just the sort of clear and present danger that requires decisive action—the likes of which the president elect has been advocating,” Rivner said. “This in turn may lead to more aggressive cyber security policies, faster response to cyber attack campaigns, and greater investment in cybersecurity defenses.”

In a debate with Democratic nominee Hillary Clinton in October, Trump said: “The security aspect of cyber is very, very tough. And maybe it’s hardly doable.”