John McAfee Says Phone Was ‘Compromised’

Just because you know about security does not make you invulnerable. John McAfee is outspoken and sometimes controversial, but if anyone knows how to secure his Twitter account it should be the founder of the business which offered the first commercial antivirus software. However, McAfee claimed that his Twitter account was hijacked during the Christmas period, ostensibly so the hackers could use the account to make money by promoting cryptocurrency stocks they had invested in.

With no other knowledge, you may assume that McAfee screwed up the management of his Twitter account. An army of trolls mocked him for being hacked. One sensible question would be to ask why McAfee failed to protect his account by turning on two-factor authentication. But according to McAfee, he did have two-factor authentication turned on, and the authentication code for the unauthorized cryptocurrency tweet must have been intercepted by the same hacker who abused his Twitter account.

McAfee spoke to the BBC and told them he first became aware of being hacked when he switched on his mobile phone and was presented with a message saying the SIM had not been provisioned. He went on to say:

I knew at that point that my phone had been compromised. I was on a boat at the time and could not go to my carrier (AT&T) to have the issue corrected. All that the hacker did was compromise my Twitter account. It could have been worse.

Ironically, McAfee’s MGT business developed what has been described as “the world’s most hack-proof phone”. The John McAfee Privacy Phone (pictured above) has air-gapped switches so customers know they can disable hardware like the camera, microphone and GPS, and is said to be resistant to Stingray and any other IMSI-catchers. But when it comes to techniques like SIM swapping, there is nothing the victim can do to prevent it. The hacking of McAfee’s Twitter account might be the first in a series of increasingly public scandals where the finger of blame will be turned from the wounded party and towards the only business that can stop SIM swaps: the telco.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Director of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.