Trump comments that 'Nobody gets hacked' unless it's by someone with an IQ of 197 and already has 'about 15%' of the victims password... not quite true.
TL;DR
Trump's recent video shows him claim:
"Nobody gets hacked. To get hacked you need someone with 197 IQ, and he needs about 15% of your password, right."
Fact Check: Nobody gets hacked
Result: Untrue
The 2020 Verizon DBIR report alone collected data on 108,069 breaches, of which 45% featured hacking. Trump's own hotel chain was hacked twice. We work with organisations of all shapes and sizes on a daily basis that have been the victim of a breach and our free CyberScore app is used by countless individuals who have been hacked.
Unfortunately, Trump's assertion simply isn't remotely true.
Fact Check: Hackers have IQs of 197
Result: Untrue
Firstly, it's important to understand that in this context we're referring to cyber criminals and threat actors, not "hackers" (a term that can be used to describe legitimate security professionals, coders etc who are most certainly not criminals).
Very little data exists on the IQ of cyber criminals, however it could certainly be argued that IQ plays little to no role in a successful compromise. There have been plenty of successful hacks performed by individuals with low IQs.
Speaking as a professional penetration tester who has been successful in (legally) compromising hundreds of organisations through a wide range of techniques - I can categorically say that my IQ is far, far less than 197 and it hasn't slowed me down too much.
It's also important to understand that a large number of hacks are performed automatically by scripts and bots.
Fact Check: Hackers need 15% of your password
Result: Untrue
Having 15% of someone's password could be helpful if an attacker's only vector was an offline bruteforce password attack. Typically such an attack is only useful after an initial compromise has already been achieved though.
There are a huge number of different attack vectors that attackers can use to 'hack' an individual or an organisation that have nothing to do with passwords. Don't believe me? Check out the list over at Mitre.
Fact Check: 'He' needs...
Result: Untrue
Optimistically, this may have just been a poor choice of pronoun, but it's absolutely worth pointing out that not all cyber criminals are male.
Conclusion
Trump is categorically wrong on his assertions here. Individuals and organisations regularly get hacked by cyber criminals, and they don't need an IQ of 197 to be successful.
If you're an individual, use a password manager, turn on two-factor authentication when you can and watch out for phishing attacks. You might also want to grab our free CyberScore app.
If you're an organisation, patch your systems, run continuous vulnerability scans, have regular penetration tests and build a mature security culture programme to help your employees keep you and themselves safe from cyber attacks.
Try CultureAI free. Within 30 days your employees will each have a security score allowing you to find the riskiest employees and departments, whilst automated nudges and personalised education will help transform their security decisions.
| Published | 20th October 2020 |
| Last Updated | 20th October 2020 |
| Written for |
Small Businesses Medium Businesses Enterprise Security Awareness Professionals Cyber Security Professionals |
