The Emails

We managed to acquire more than a dozen email addresses potentially used by The President. A few were obviously associated with his work in the public sector as the domains point to his businesses.

Some, however, were defiantly more personal like chaosarecute@yahoo.com, loving_itcm2@hotmail.com, and twobitter@hotmail.com. All of these will have to be verified which we can do with a tool like Gophish as explained in one of my previous articles, “Hook Line and Sinker : Learning to Phish.”

Honestly, sending phishing emails to The President is out of the scope of this engagement and I would strongly discourage anyone from doing it. For now, let’s just pretend we did and that the addresses have all been verified.

When I discover email addresses linked to a target, there are a couple of things I like to do. First I will typically take a look at the ‘username’ associated with the address and turn to a site like https://instantusername.com.

Sites like this are supposed to be used to check the availability of potential usernames on various social media sites, but we are hackers and we never use things how they were intended. Instead, we will use it to determine if other online presences are using these usernames and with any luck, we will find more info on our target.

In this case, we didn’t yield any verifiable or usable results. We did stumble on this one profile on Scribd.com matching our yahoo username that curiously enough seemed to be studying various revolutions in China, Mexico, and Russia, but not much else.

The next thing I like to do is just Google the address and see what turns up. Googling the yahoo address yielded some interesting results. Apparently, there was a lot of chatter back in the day of the infamous Ashley Madison hack, that our boy, Donald, had used this email to set up a profile on Ashley Madison.

While this does fit what we know about our target it looks like a rabbit hole for another day. It does segue nicely into the next thing I like to do with email addresses though, check them against known data breaches.

Sites like haveibeenpwned.com, will allow you to search your email address to see if it shows up in their breach database. That’s nice and all, but if you know where to look and have the storage space, you can download a database called BreachComplilation1 which allows you to query email addresses against the same data and it will spit out any associated passwords that were compromised along with it.

Now it is important to note a few things here.

These breaches are typically followed by an alert sent to all users of the platform that was hacked, informing them that their data was compromised. This means the passwords are likely no longer valid but often when people change their password, the new one typically follows a similar pattern as their old. So, while the passwords probably won’t give us access, there could still be some intrinsic value. These breaches are generally on various social media sites and not the email accounts themselves. This means that the passwords are for the account on that site, and the user’s email is either the username for the site or merely a required field. But let’s face it, most of us use the same password everywhere. Since our target is very high profile and has been since the ‘80s, it is likely that most if not all of these accounts aren’t really our target, but instead, someone just being silly and using Trump’s email addresses to sign up for things.

Taking all of that into consideration we put every email we could even loosely associate with The President into a list and run our query script.

I know a bunch of you just lost your sh*t. You are probably thinking that I just crossed the line and any minute now a few men in suits will be showing up at my door.

Let me just reiterate: I have zero confidence that any of these passwords, are or ever have been, The President’s. If by some slim chance in hell anyone of them is The President’s password, we have a bigger issue at hand than me posting them.

We were hoping to identify an observable pattern in the passwords, but the only thing all these passwords have in common is that they are super weak. They are all so weak that they could be brute-forced in minutes using a standard laptop and a copy of the world’s most common wordlist, rockyou.txt.