The most powerful publication in the world today is Donald Trump's personal Twitter account. In the past six weeks, it has moved markets, conducted shadow foreign policy, and reshaped the focus of media around the world. Just today, it caused Toyota's stock to drop. It is also shockingly insecure.
That insecurity was acceptable when @realDonaldTrump concerned itself with Kristen Stewart cheating on Robert Pattinson and how thin people don't drink Diet Coke. And yet Trump's newfound influence — combined with the unpredictability of his tweets — makes the president-elect's account a particularly tempting target for hackers.
That's especially true because there is a large fortune that could be made in a single 140-character message. If someone were able to gain access to Trump's Twitter, they could tweet approvingly or disapprovingly about a company (as Trump has done) and play the stock market accordingly — or cause others to do so. A market-tracking app called Trigger has already set up an alert that responds whenever Trump tweets about publicly traded companies.
If the hacker were geopolitically motivated, they could tweet favorably or unfavorably about a country or a leader (as Trump has done) and alter foreign affairs. Or if the hacker had a grudge, they could call their enemy out in a tweet (as Trump has done) and unleash the rage of Trump's nearly 19 million followers. Plus, who knows what's in Trump's DMs?
And precisely because the president-elect's tweets are so far afield of current president Barack Obama's on-message, workshopped ones, someone with improper access to Trump's account could accomplish their goals while staying in character as Trump. (A hack of the Associated Press Twitter account in 2013 that falsely asserted breaking news about an explosion at the White House caused the Dow to drop 150 points.)
This is not a far-fetched scenario. Putting aside the specter of state-sponsored Russian hacking, in the past year alone, the Twitter accounts of Kylie Jenner, Mark Zuckerberg, Keith Richards, Sundar Pichai, Drake, Travis Kalanick, the National Football League, and the foreign minister of Belgium (to name a few) were hacked or accessed by someone who wasn't supposed to have access. Many of these infiltrations didn't require sophisticated skills or the ability to hack Twitter. Bad actors can often gain access to an account through a third-party app that has permission to post to Twitter, for example. These hacks didn't take the expertise or resources of a nation-state; some of them were done by a Saudi teenager. And Trump's account has been hacked before. In 2013, someone gained access to his account to tweet Lil Wayne lyrics.
So who is going to secure the president-elect's account?
According to multiple people who have managed the campaign social media accounts of Hillary Clinton and President Obama, as well as the official presidential account, Twitter does not have any special security measures for politicians.
"I've never encountered a separate set of security features being available for public figures' social media accounts," said Laura Olin, who ran Obama's social media strategy in 2012. "They get two-factor authentication like everyone else. I wouldn't be surprised if that begins to change, especially after widespread Russian hacking."
Twitter declined to comment for this story.
According to Alex Wall, who served as director of online engagement in the Obama White House, special security protocols do exist for the official @POTUS account — they just all come from the user side. These steps, set up by the White House Communications Agency (which provides "services and communications support to the president and his staff"), include multiple password layers and limiting the number of encrypted devices that can post to the official account.
"It's a small handful of devices that are under significant security and handled with extreme care," Wall said.
Wall, who was also director of social media for Hillary for America, said that the Clinton team planned on adopting the same protocols had she won. And if Trump would commit to adopting these precautions and tweeting only from the @POTUS account, Wall said, concerns about hacking would be lessened.
But that seems unlikely. In an interview earlier this week with Fox News, incoming White House press secretary Sean Spicer said, "He'll probably be tweeting from both, or whatever he chooses." Also worrisome is that both Spicer and incoming chief of staff Reince Preibus have promised to re-examine the traditional daily White House press briefing, a step that could lead to even more tweets. And it's unknown how many devices have access to Trump's Twitter account, let alone which third-party apps installed on those devices have been given permission to write to Twitter. (The Trump transition team did not respond to an email request for comment.)
All of which leaves the @realDonaldTrump as a vulnerable major target that could be exploited for financial gain, geopolitical instability, or worse. Scary!