President Donald Trump’s claim that “nobody gets hacked” unless it’s by “somebody with 197 IQ” has drawn outrage and ridicule from the cybersecurity community.
Speaking on Monday at a campaign event in Tuscon, Arizona, Trump made the comments while referring to C-SPAN political editor Steve Scully, who falsely claimed his Twitter account was hacked earlier this month.
“Nobody gets hacked. To get hacked, you need somebody with 197 IQ and he needs about 15% of your password,” said Trump.
A video clip of Trump’s hacking comments quickly went viral on Twitter, prompting backlash from cybersecurity professionals who described his words as “dumb” and “dangerous”.
“This might just be the dumbest thing I’ve ever heard someone say,” tweeted Crane Hassold, a former FBI analyst and senior director of threat research at cybersecurity firm Agari.
Jake Moore, cybersecurity specialist at internet security firm ESET, said: “Saying nobody gets hacked clearly isn’t true…But this sort of suggestion worryingly gives people a false sense of security when protecting their own accounts and makes a mockery of information security.”
Contrary to Trump’s claim, many cyberattacks require little technical skill. For example, phishing attacks use social engineering to trick targets into passing over sensitive data or installing harmful software.
There is concern that Trump’s comments undermine efforts to raise cybersecurity awareness – particularly at a time when many are working remotely and cybercriminals are looking to capitalise on the disruption.
Trump’s suggestion that hackers are male has also been criticised for feeding sexist stereotypes.
“Infosec professionals are constantly trying to teach people the perils and problems with cybersecurity, so when the head of a country treats hacking with old stereotypes, it makes the task of educating even more of an uphill struggle,” added Moore.
“In fact, Trump saying this could be dangerous to society as many people might falsely believe they are more protected than they are.”
“Nobody gets hacked” says Trump, man who has been hacked
Despite Trump’s assertive yet contradictory statement, the president appears to have forgotten that his hotel chain was hacked on two separate occasions between 2014 and 2017. During the hacks, hotel guests had heir credit card data stolen and Trump’s hotel chain was legally required to notify regulators.
Trump also admitted that his own Twitter account was hacked in February 2013, with the perpetrator posting the Will.I.Am lyrics “These hoes think they classy, well that’s the class I’m skippen”.
Many cybersecurity professionals were quick to mock Trump’s hacking remarks.
“If you have 15 IQ you need 197% of the password,” joked Jake Davis, a writer and speaker on hacking and former hacktivist.
Troy Hunt, the creator of Have I Been Pwned – a free service that notifies people if their password has been breached – thanked Trump for “providing me with material that’s going to feature in many, many presentations for years to come”.
Independent cybersecurity expert and co-host of the Smashing Security podcast Graham Cluley said: “In fairness, it’s possible Donald Trump is considering a change in career in the New Year. In his particular case, however, I fear he may find it hard to bridge the cyber skills gap.”