I can’t begin for one minute to imagine what it must feel like to be John McAfee.
He founded one of the world’s most famous security companies, disguised himself as a Guatemalan trinket salesman while on the run from the Belize police who wanted to question him about a murder, claimed he ran a team of 23 women to seduce and spy on his enemies in Belize, put himself forward as a possible candidate for the US Presidency in 2016, and said he would use “social engineering” to determine the iPhone passcode of one of the (dead) San Bernadino killers.
I could probably fill umpteen more paragraphs detailing the publicity-shy John McAfee’s colourful tales and unorthodox life.
So, what to make of his latest claim that his Twitter account was hacked?
McAfee’s “urgent” tweet came after a series of messages were posted to his account, encouraging his half a million followers to purchase lesser-known cryptocurrencies.
The real John McAfee is no stranger to tweeting about which cryptocurrency his followers should invest in, so the “hacker” certainly wasn’t entirely clueless about how to blend in with the security veteran’s regular postings.
McAfee subsequently deleted the offending tweets, and claimed that “most likely” his mobile phone was compromised.
If we are to believe John McAfee, he’s a frequent target for hackers. And apparently it’s Twitter’s fault, not his.
“Though I am a security expert, I have no control over Twitter’s security. I have haters. I am a target. People make fake accounts, fake screenshots, fake claims. I am a target for hackers who lost money and blame me. Please take responsibility for yourselves. Adults only please.”
In response, to the alleged hack, John McAfee says he has disabled two-factor authentication (2FA) on his accounts. If you ask me, that’s a truly bizarre course of action – and one that I hope other Twitter followers do not emulate, especially as the site has just enhanced its 2FA security feature to properly support third-party authentication apps.
Is John McAfee telling the truth? Or spinning a fanciful yarn about his account being hacked for his own reasons?
I imagine my guess is as good as yours.
What I do know is that John McAfee has been caught out by poor security practices in the past, only to offer some eyebrow-raising and hard-to-swallow explanations later.
Giggle
It's a shame they didn't add after the '$BAT' a certain '$SHIT' and then '$CRAZY'. But I suspect they had their reasons.
If I was a conspiracy theorist I would suggest he did it himself: as in he did it as a publicity stunt (nothing new), blamed Twitter (iirc nothing new to blame others) and then decided to stop giving advice (perhaps his best move yet?). That's an odd one of course, since it brings him less attention but who says conspiracy theories have to make sense? The fact he talks about disabling 2FA is also odd but that's kind of fitting for him, isn't it?
I think the story is as mental as he is, frankly.
Happy New Year btw. :) Long time it's been but hope you're doing well. I am doing superb although I still don't think I'll be around as much – just have a lot going on in my life.
It's not a new topic, 2FA has been vulnerable for a while now if talking of using it with a phone and SS7 vulnerabilities. If being done with a physical token card, that's a bit different. Only reason this is garnering attention is due to the visibility of the individual involved.
https://www.cyberscoop.com/finally-happened-criminals-exploit-ss7-vulnerabilities-prompting-concerns-2fa/
http://www.securityweek.com/two-factor-authentication-bypassed-simple-attacks