My Twitter was hacked, claims John McAfee

Hmm.

My Twitter was hacked, claims John McAfee

I can’t begin for one minute to imagine what it must feel like to be John McAfee.

He founded one of the world’s most famous security companies, disguised himself as a Guatemalan trinket salesman while on the run from the Belize police who wanted to question him about a murder, claimed he ran a team of 23 women to seduce and spy on his enemies in Belize, put himself forward as a possible candidate for the US Presidency in 2016, and said he would use “social engineering” to determine the iPhone passcode of one of the (dead) San Bernadino killers.

I could probably fill umpteen more paragraphs detailing the publicity-shy John McAfee’s colourful tales and unorthodox life.

So, what to make of his latest claim that his Twitter account was hacked?

John Mcafee tweet

McAfee’s “urgent” tweet came after a series of messages were posted to his account, encouraging his half a million followers to purchase lesser-known cryptocurrencies.

Coin of the day

The real John McAfee is no stranger to tweeting about which cryptocurrency his followers should invest in, so the “hacker” certainly wasn’t entirely clueless about how to blend in with the security veteran’s regular postings.

McAfee subsequently deleted the offending tweets, and claimed that “most likely” his mobile phone was compromised.

If we are to believe John McAfee, he’s a frequent target for hackers. And apparently it’s Twitter’s fault, not his.

Though I am a security expert, I have no control over Twitter’s security. I have haters. I am a target. People make fake accounts, fake screenshots, fake claims. I am a target for hackers who lost money and blame me. Please take responsibility for yourselves. Adults only please.”

In response, to the alleged hack, John McAfee says he has disabled two-factor authentication (2FA) on his accounts. If you ask me, that’s a truly bizarre course of action - and one that I hope other Twitter followers do not emulate, especially as the site has just enhanced its 2FA security feature to properly support third-party authentication apps.

Is John McAfee telling the truth? Or spinning a fanciful yarn about his account being hacked for his own reasons?

I imagine my guess is as good as yours.

What I do know is that John McAfee has been caught out by poor security practices in the past, only to offer some eyebrow-raising and hard-to-swallow explanations later.

Tags: ,

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

,

3 Responses

  1. drsolly

    December 29, 2017 at 3:34 pm #

    Giggle

  2. coyote

    December 31, 2017 at 5:23 pm #

    It’s a shame they didn’t add after the ‘$BAT’ a certain ‘$SHIT’ and then ‘$CRAZY’. But I suspect they had their reasons.

    If I was a conspiracy theorist I would suggest he did it himself: as in he did it as a publicity stunt (nothing new), blamed Twitter (iirc nothing new to blame others) and then decided to stop giving advice (perhaps his best move yet?). That’s an odd one of course, since it brings him less attention but who says conspiracy theories have to make sense? The fact he talks about disabling 2FA is also odd but that’s kind of fitting for him, isn’t it?

    I think the story is as mental as he is, frankly.

    Happy New Year btw. :) Long time it’s been but hope you’re doing well. I am doing superb although I still don’t think I’ll be around as much - just have a lot going on in my life.

  3. Zach

    January 2, 2018 at 1:12 pm #

    It’s not a new topic, 2FA has been vulnerable for a while now if talking of using it with a phone and SS7 vulnerabilities. If being done with a physical token card, that’s a bit different. Only reason this is garnering attention is due to the visibility of the individual involved.

    https://www.cyberscoop.com/finally-happened-criminals-exploit-ss7-vulnerabilities-prompting-concerns-2fa/

    http://www.securityweek.com/two-factor-authentication-bypassed-simple-attacks

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.