Truth Social Hack: Truth Social, the impending social-media platform founded by former President Donald Trump, was hacked only a few hours after it was announced that it would begin. At the moment, customers may sign up for a waiting list on Truth Social’s website, which also offers an iPhone app made by a firm known as “T Media Tech LLC” that is available for presale.
Sources with ties to TRUTH Social, the social media platform founded by former President Donald J. Trump, have confirmed that users signing up for the platform will not only be able to stand up to tyranny but that their data will also be hacked before they have finished setting up a profile, according to sources with ties to the new platform. During a rally commemorating the TRUTH website’s debut, Trump claimed, “TRUTH is going to be so sophisticated, genuinely, the top of the line in social media, and it will have been heavily hacked before the information has ever found its way onto our site.”
In fact, they’re exhibiting a great deal of interest, and they’re coming from the most affluent parts of the globe, including Russia, Ukraine, and even the Russian Federation. Due to the fact that we handle the hacking of the data for them, it has attracted a significant amount of foreign investment. And when you’re the President, the users are content to let you get away with it.” According to Alexander Dunne, one of the primary developers behind the new network, he hopes that the pre-hacked data would offer TRUTH a competitive advantage over other social media platforms.
Public website to spread across social Media
It didn’t take long for word of the public website to spread across social media after reaching the hands of Canadian hacker Aubrey “Kirtaner” Cottle, who used the information to put up fictitious identities for a number of high-profile persons, including QAnon founder Ron Watkins. According to the magazine, the hackers uploaded a photo of a defecating pig on a Twitter account with the name @donaldjtrump, with pictures being shared on the social media platform.
Hackers claiming association with the organization Anonymous established bogus identities for Trump and his former advisor Steve Bannon on Truth Social, the social media network that Trump launched on Wednesday, according to The New York Times. Trump and Bannon are both members of the group. A number of fictitious identities, including those belonging to conspiracy theorist Ron Watkins and Twitter CEO Jack Dorsey, were also created. The location, according to TMTG, will be available to invited guests in November and to the general public in the first quarter of 2022.
Preorders for the software are now being accepted on Apple’s App Store, and those interested may sign up for a waiting list. That alone was sufficient for Anonymous hackers to get access to the prerelease version of the Twitter-like app, according to Aubrey Cottle, a hacker linked with the group, who spoke to The New York Times about the incident. The website claimed to have seen screenshots that corroborated the hackers’ allegations, and it said that hackers had obtained access to the site within two hours of Trump launching the project.
Truth Social Hack
Related by Code: Why would one social network affect another? Truth Social is (supposedly, and at least for now) built on Mastodon’s code. Initially, the people behind Truth Social were cagey about its roots leading Mastodon to threaten a lawsuit. The company behind Truth Social then quietly revealed that it was indeed using Mastodon code, and the site currently has an open-source software page that refers to its product as “Truth Social (Mastodon).”
Mastodon isn’t an island. For one thing, it’s built on open-source code that anyone can use, which is why Truth Social is utilizing it in the first place. For example, Mastodon isn’t a monolithic entity like Twitter. Instead, it’s made up of separately operated servers running Mastodon’s code. Each of these servers can (but don’t always) connect with each other. These can also communicate with other services in a bigger community of services termed the Fediverse. With my account on the infosec.exchange server, I can observe and connect with people on mastodon.social, and even users of the social photo-sharing service Pixelfed.
In a statement, Trump stated his purpose in founding Trump Media & Technology Group and the “Truth Social” app is to build a competition to the Big Tech corporations that ousted him following the deadly rebellion at the U.S. Capitol on January 6.
This communication between instances has disturbed some Mastodon users as Truth Social lurches toward debut. Some have considered preserving their instances by not allowing them to federate the process of intercommunication that makes up the Fediverse with Truth Social. Blocking undesired instances isn’t unusual for Mastodon administrators; even users can block individuals or other domains. Of course, it’s unclear today if Truth Social will communicate with other Fediverse services, which may render that point irrelevant.
Interesting outcome that I had not anticipated
A more interesting outcome that I had not anticipated may be increased attention dedicated to Mastodon’s code as a result of Truth Social’s launch. One Mastodon user who goes by The Gibson says “the problem is that [while] I believe [Mastodon] to be relatively secure, with Trump using it as a basis for his new venture, it will attract significant hacktivist attention.”
“Pay notice, because it’s about to be a season of fixes,” according to The Gibson, who adds that they are not judging hacktivists who disclose these vulnerabilities, only that it might yield significantly more than the community has experienced thus far. Full disclosure: I follow The Gibson on Mastodon and maintain an account on their Mastodon server. I’m also a Patreon supporter of Mastodon at the $1-per-month level.
Security on the Fediverse
Finding vulnerabilities is always a good thing, and Mastodon has issued patches to deal with security flaws in the past. One challenge that Mastodon will face is that its decentralized nature could work against the service. Each Mastodon server is hosted and managed independently, and it’s largely up to the owners of those instances to apply patches and perform basic maintenance. Twitter and other centralized services have only to apply patches to their own software to address vulnerabilities.
Focus on the Fringe
Past performance is not an indicator of future results, but far-right social media sites don’t have a great track record for security. After the aforementioned Gab hack, the account of Gab’s founder was swiftly compromised. Gettr was also hacked and vandalized last summer. Even before it began, Truth Social has not done any better. Shortly after it was revealed, some ambitious individuals found they could access a pre-release version of the service and quickly went to work populating it with phony accounts and other shenanigans.
Whatever happens with Trump’s bogus Twitter will happen. Heck, it might not have even been a real image that Trump Jr. uploaded and Truth Social may never open (the current speculations point to Monday, which is Presidents’ Day). Regardless, Mastodon will be OK, and perhaps this extra attention will motivate more people to examine the Fediverse for themselves or make contributions to its open-source technology.