Fact check: Trump's "Nobody gets hacked" comment

Trump comments that 'Nobody gets hacked' unless it's by someone with an IQ of 197 and already has 'about 15%' of the victims password... not quite true.

TL;DR

Trump's recent video shows him claim:

"Nobody gets hacked. To get hacked you need someone with 197 IQ, and he needs about 15% of your password, right."

  • Video clip here
  • Claim is dangerously inaccurate, and could contribute to less security-savvy users viewing it as an excuse to not think about their own security.
  • In our experience a large percentage of both end-users and organisations are hacked (including Trump's own hotel chain). IQ plays no role in it.

Fact Check: Nobody gets hacked

Result: Untrue

The 2020 Verizon DBIR report alone collected data on 108,069 breaches, of which 45% featured hacking. Trump's own hotel chain was hacked twice. We work with organisations of all shapes and sizes on a daily basis that have been the victim of a breach and our free CyberScore app is used by countless individuals who have been hacked.

Unfortunately, Trump's assertion simply isn't remotely true.

Fact Check: Hackers have IQs of 197

Result: Untrue

Firstly, it's important to understand that in this context we're referring to cyber criminals and threat actors, not "hackers" (a term that can be used to describe legitimate security professionals, coders etc who are most certainly not criminals).

Very little data exists on the IQ of cyber criminals, however it could certainly be argued that IQ plays little to no role in a successful compromise. There have been plenty of successful hacks performed by individuals with low IQs.

Speaking as a professional penetration tester who has been successful in (legally) compromising hundreds of organisations through a wide range of techniques - I can categorically say that my IQ is far, far less than 197 and it hasn't slowed me down too much.

It's also important to understand that a large number of hacks are performed automatically by scripts and bots.

Fact Check: Hackers need 15% of your password

Result: Untrue

Having 15% of someone's password could be helpful if an attacker's only vector was an offline bruteforce password attack. Typically such an attack is only useful after an initial compromise has already been achieved though.

There are a huge number of different attack vectors that attackers can use to 'hack' an individual or an organisation that have nothing to do with passwords. Don't believe me? Check out the list over at Mitre.

Fact Check: 'He' needs...

Result: Untrue

Optimistically, this may have just been a poor choice of pronoun, but it's absolutely worth pointing out that not all cyber criminals are male.

Conclusion

Trump is categorically wrong on his assertions here. Individuals and organisations regularly get hacked by cyber criminals, and they don't need an IQ of 197 to be successful.

If you're an individual, use a password manager, turn on two-factor authentication when you can and watch out for phishing attacks. You might also want to grab our free CyberScore app.

If you're an organisation, patch your systems, run continuous vulnerability scans, have regular penetration tests and build a mature security culture programme to help your employees keep you and themselves safe from cyber attacks.

Did you know you can get started with CultureAI free?

CultureAI's security culture management system allows you to easily orchestrate and automate mature cyber security awareness, behaviour and culture programmes.

No credit card required. No committment.
About this post
Published 20th October 2020
Last Updated 20th October 2020
Written for Small Businesses
Medium Businesses
Enterprise
Security Awareness Professionals
Cyber Security Professionals
The author
James Moore, CultureAI
James Moore
CEO and founder, CultureAI
James is a cyber security expert & GCHQ approved security awareness trainer. He's worked with many of the worlds leading organisations to signficantly improve employee security behaviour and transform cyber security culture. He believes in using technology to support & empower employees to behave securely, at both work and home.
Topics covered
Related content
Trusted by

Do more than raise security awareness

CultureAI helps you to transform security culture. Intelligently.