Fact Check

Does nobody get hacked? Do hackers need a 197 IQ? Fact Check

In a rally recently, President Trump claimed that “nobody gets hacked” as well as stating that hackers need an IQ of 197 and “15% of your password”.

FALSE

Trump said during a rally –

Nobody gets hacked. To get hacked you need someone with 197 IQ, and he needs about 15% of your password, right.

Trump made the remarks in response to a claim made by C-SPAN journalist Steve Scully. Scully claimed that his Twitter account had been “hacked” after it controversially published a tweet tagging a former White House staffer asking if he should respond to Trump’s criticism of him.

While it is true that Scully’s Twitter account had not been hacked (he subsequently admitted to lying and was suspended by C-SPAN) the broader claims made by Trump about hacking are detailed below.

Given the context of Trump’s remarks, we use the term “hacking” here to refer to cyber-threats aimed at compromising online accounts, systems and networks.

Nobody gets hacked?

The claim that nobody gets hacked (in the context used by Trump to mean having their online accounts or networks compromised) is demonstrably false. In fact, the Trump Organisation itself has been hacked on multiple occasions and in 2013, President Trump even claimed his own Twitter account had been compromised by hackers.

Hacking, of course, is an extremely broad (and vague) term and – depending on who you ask – can encompass a number of different attack vectors, including phishing attacks directed at compromising online accounts, malware attacks that result in loss of data or money and countless variations of identity fraud. Recent reports concerning these threats, their prevalence and the costs associated with them demonstrate that nearly every type of cyber intrusion that could constitute “hacking” are still very much a threat today as they have been for years. (UK Government Cyber Security Breaches Survey 2019 | Bulletproof Annual Cyber Security Report 2019.)

In fact the last year alone has seen some of the most widely reported cyber intrusions, including Twitter being hacked in July 2020 resulting in a number of high follower accounts posting links to a crypto-currency scam, and a significant surge in ransomware attacks on universities and healthcare providers.


Sponsored Content. Continued below...




You need a 197 IQ?

While an exceptional IQ score would certainly be beneficial when it comes to cyber-crime – as we imagine it would be in almost any potential “career” choice – it is certainly not a pre-requisite. In fact it has often been argued that a number of other qualities trump intelligence, including persistence, experience, organisational skills and analytical skills.

In the context of compromising social media accounts – which is what President Trump was referring to in his remarks about hacking – the most common attack vectors (specifically phishing or spear-phishing) require only a rudimentary knowledge of IT systems. This would include the creation of a spoof webpage and crafting the email bait (including the social engineering ruse to “hook” the potential victim.) None of which would require a genius IQ level.

Even with attacks that involve probing IT systems and networks for software vulnerabilities that could be exploited – arguably a more traditional description of hacking – today this is most frequently performed with already-made automated scripts and “bots” that are commonly used by cybersecurity professionals (known as “white hat” hackers.)

And even with malware attacks such as the currently popular ransomware, such attacks are often employed as a “for hire” service (known as RaaS) where attackers purchase or rent the malware from its creators to launch attacks, lessening the technical knowledge requirements for the crooks.

While there are certainly many aspects of computer crime that could benefit greatly from an attacker having a high IQ, the majority of illegal hacking (in the context used by President Trump) certainly does not rely on such a quality.


Sponsored Content. Continued below...




A hacker needs 15% of your password?

This vague and obscure claim would be irrelevant to the most common attack vectors online today.

For example, for phishing scams to work, a cyber-criminals does not need to know any of a victim’s passwords to launch such an attack, since the attack is designed to trick a victim into handing over their password in the first place.

There is no requirement for malware attackers to know a password (or part of a password) belonging to a would-be victim since their attacks rely on software vulnerabilities or tricking victims into opening malicious email attachments.

The only very specific scenario we could think of where knowing 15% of a password would be beneficial to a hacker would be if they were orchestrating some type of brute-force attack (continual guessing of a password until the correct one is entered, usually performed by automated software) since knowing 15% of the password would reduce the number of guesses needed. However, we do not know any likely scenario where a crook would be in possession of only 15% of a password to begin with.

Given the above, we rank all of Trump’s claims about hacking as false.

Share
Published by
Craig Haley