Just because you know about security does not make you invulnerable. John McAfee is outspoken and sometimes controversial, but if anyone knows how to secure his Twitter account it should be the founder of the business which offered the first commercial antivirus software. However, McAfee claimed that his Twitter account was hijacked during the Christmas period, ostensibly so the hackers could use the account to make money by promoting cryptocurrency stocks they had invested in.
Urgent: My account was hacked. Twitter has been notified. The coin of the day tweet was not me. As you all know… I am not doing a coin of the day anymore!!!!
— John McAfee (@officialmcafee) December 27, 2017
With no other knowledge, you may assume that McAfee screwed up the management of his Twitter account. An army of trolls mocked him for being hacked. One sensible question would be to ask why McAfee failed to protect his account by turning on two-factor authentication. But according to McAfee, he did have two-factor authentication turned on, and the authentication code for the unauthorized cryptocurrency tweet must have been intercepted by the same hacker who abused his Twitter account.
If it can affect me it can affect anyone. Most likely my phone was compromised
— John McAfee (@officialmcafee) December 28, 2017
McAfee spoke to the BBC and told them he first became aware of being hacked when he switched on his mobile phone and was presented with a message saying the SIM had not been provisioned. He went on to say:
I knew at that point that my phone had been compromised. I was on a boat at the time and could not go to my carrier (AT&T) to have the issue corrected. All that the hacker did was compromise my Twitter account. It could have been worse.
Ironically, McAfee’s MGT business developed what has been described as “the world’s most hack-proof phone”. The John McAfee Privacy Phone (pictured above) has air-gapped switches so customers know they can disable hardware like the camera, microphone and GPS, and is said to be resistant to Stingray and any other IMSI-catchers. But when it comes to techniques like SIM swapping, there is nothing the victim can do to prevent it. The hacking of McAfee’s Twitter account might be the first in a series of increasingly public scandals where the finger of blame will be turned from the wounded party and towards the only business that can stop SIM swaps: the telco.