1w ago

Trump social media site brought down by Iran hackers

htxt.co.za Attention Required! | Cloudflare

Hours after the US airstrike on Iranian territory, Iranian-backed hackers took down US President Donald Trump’s social media platform.
Users were struggling to access Truth Social in the early morning following the alleged hack.
As the US continues to insert itself into the ongoing Iran-Israel conflict, the US government believes more cyberattacks could happen.

Technology @programming.dev

htxt.co.za /2025/06/trump-social-media-site-brought-down-by-iran-hackers/

86 5

173 comments

- I mean it does depend on the extent of the hack. But usually taking down the website, they don't take the databases or anything
- source: https://xkcd.com/932/
  (for those that want to read the alt-text)
- Hacking a Social Media profile --> Tearing down a poster Hacking a Website --> defacing a facade
  If the blinds arent closed by or a window is left open by accident, some information could get out. If the doors arent locked, the attacker could get access to further information.
  
  They didn't hack anything. Just your plain old DDoS attack which took the service offline for a while, nothing was (at least based on what I read) actually hacked (or cracked as old-school folks like me would like it to be called) or stolen.

Unclear from the article but, while a bit pedantic, this sounds more like it was potentially a DDoS attack rather than a proper "hack".
- In an age where "willfully giving out your account password" is called hacking, here I'd call it tomato or tomato.
  
  Social Engineering is hacking cmv.
  
  here I'd call it tomato or tomato.
  It’s pronounced tomato
- 313 Team is an Arabic-interest hacker collective, aligned with Iran, Palestine and Iraq, they reportedly used a distributed denial of service (DDoS) attack against Truth Social.
  The article seems pretty clear to me. Maybe it was updated?
- In order to launch a meaningful DDoS there must be thousands of compromised machines to use. I would absolutely say compromising such a large amount of machines is hacking.
  
  A lot of DDOS attacks nowadays are from a DDOS for hire service.
  So there could be hacking done, or just a bitcoin transfer.
  
  Or they just found a buffer overflow bug on their border router/firewall. I can't imagine Truth Social has a keen network engineering team keeping up to patching and vulnerabilities.
  
  It's absolutely hacking those computer, just not the site. I just don't want to get overly excited for something that doesn't have much meat to it.

And nothing of value was lost.
- Value gained, actually.
  
  Less AI generated garbage.

It feels weird to be in support of the goals of an Iranian hacker group.
- Its like watching two shitty people have an argument.
  
  "let them fight."
  
  What did Iran do? Seems like all the shitty is on one side.
- “Hacker group”.
  What a joke. Any kid with a credit card can unleash a ddos attack on a website.
  An irrelevant website none the less. If that pile of shit goes down then the entire world benefits.
- Not really. Most people around the world are pretty much in the same boat. The "leaders" of governments try to propagandize differences, but everyone is living the same shitty existence. Elites vs poors across the globe. Occasionally you get groups that are extremely radical, but it's not specific really to any country (We see a lot of out of the ME and Africa mostly due to prolonged Colonial abuse, admittedly.)

I'm still at a loss for words thinking that any real human people joined truth social. We really failed as a species...
- Fascists arent people. Antifa osint people joined to watch.
- Equally upsetting. The site is truthsocial.com not truth.social
  
  Someone should buy truth.social and make it redirect to something trump's base hates.
- I'm thinking it might have some comedic value and if you're trying to beat the stock market..

DDoS is not hacking
- The word "hack" is pre-internet. A "hack" journalist or a "hack job" is basically something unprofessional. It is movies that turned "hackers" into someone that gained access to the "mainframe". In the realm of computer systems, I would argue that a "hack" is doing anything the system was not intended/designed to do. A successful DoS or DDoS needs to find some component of the system that wasn't designed to handle the amount of traffic about to be sent to it.
  There are protections for DDoS (iptables, fail2ban, Cloudflare and so on), you have to figure out a way around them, that's a hack.
  
  The current tech-related usage was coined at MIT to mean working on a system. Funny that the oldest recorded source comes from MIT model railroad team.
- Hacking isn't hacking it's usually cracking
- Define hacking.
  
  I'd start with the following, and refine if necessary:
  "Gaining unauthorized access to a protected computer resource by technical means."
  Port scanning --> Not hacking because there isn't any access to resources gained
  Using default passwords that weren't changed --> Not hacking because the resource wasn't protected
  Sending spam --> Not hacking because there isn't any access to resources gained
  Beating the admin with a wrench until he tells you the key --> Not hacking because it's not by technical means.
  Accessing teacher SSN's published on the state website in the HTML --> Not hacking because the resource wasn't protected, and on the contrary was actively published*
  Distributed denial of service attack --> Not hacking because there isn't any access to resources gained
  Those first two actually happened in 2001 here in Switzerland when the WEF visitors list was on a database server with default password, they had to let a guy (David S.) go free
  * The governor and his idiot troupe eventually stopped their grandstanding and didn't file charges against Josh Renaud of the St. Louis Post-Dispatch reporter, luckily
- Can be a component of it.
  
  Mailing someone more letters than they're capable of replying to is not equivalent to, nor a component of, gaining access to the inside of their home.

Might be smart for Iran to just attack trump’s businesses as retribution for the bombings; if they attack the military, we’ll surely get pulled into another war, but just going after trump’s businesses will probably avoid a military response and maybe will make republicans come around to the fact that he should have divested himself from his businesses when he became president.
- going after trump’s businesses will probably avoid a military response
  More likely, it makes the poor baby (-hands) cry and throw a tantrum. Being the malignant narcissist he is, he thinks the resources of the United States government are entirely at his disposal. With that in mind, he's absolutely going to demand a military response to any attacks on his businesses.
  Whether saner heads prevail, all we can do is hope.
  
  Yeah agreed, he’s absolutely going to demand a military response to any attacks on his business, but maybe that’s enough to divide the republicans in congress and they’ll start to rein him in. Still going to take a lot for them to develop the balls to stand up to him, but might be good for us if Iran just goes after his businesses.
  
  Yeah these are the dicks that cried terrorism when Tesla was "attacked"
- His administration says damage to Teslas equates to terrorism. I don’t think it would go how you’re thinking.
- With any other president I’d agree but this is Trump. A venal and petty man who wouldn’t think twice before using the country’s soldiers and even nuclear weapons to defend his sense of pride
- The bombings are an act of war, so Trump's already dragged the US into a war with Iran at this point, despite the spin about being "at war with Iran's nuclear programme but not Iran itself"
  I doubt Iran are that worried about the Americans starting a ground invasion either, it would be an absolute bloodbath and will have MAGA and non-MAGA everywhere calling for Trump's head.

Thankfully only DDos. Truth Social is Mastodon so a security flaw could have been a real problem.
- nah it's a lazy fork so seeing how he chooses people (they're either cheap or friends of friends or both) "truth" can easily have a totally new security issue
  maybe the server has a root password that's "trump454748$$$"
- This is the saddest good news I've ever read.
- Is It Mastodon?! For real? Does it have ActivityPub enabled and all of that?
  
  It is a modified version of Mastodon, with a Soapbox front end. It does not have ActivityPub enabled and lacks a bunch of features.
  https://en.wikipedia.org/wiki/Truth_Social#Software
- Never saw security flaw now as a real problem. You just have to live with the fact that there is one. And you will suffer when it's used. Security flaw later is a real problem.

Do twitter next.
- Fuck it, take down the entire internet
  
  It's been tried. A huge percentage of the internet runs on Amazon web services... And a massive ddos attack on that barely bumped it beyond the level of holiday shopping.
  To get anywhere on "taking down the internet" they'd probably have to physically take out many sites across the globe.

Iran pls hack Elon Musk's Twitter account and post "I'm a mean old Nazi who sucks ass at Path of Exile 2"
- No, post an unhinged rant where he doesn't say he's a nazi, but he talks in detail about how he sucks at video games phrased as bragging, then shits on gamers for noticing, and says a buncha shit like the 14 words and junk.
- Does that game have swords yet? Last time I played, not all classes were there.
- Not just Elon's account, shut the whole site down!
- ...we need a hack to prove that?

Lol. Lmao, even

Thank you for your attention to this matter.
- We have a president who issues fascistic edicts from the toilet and then phrases them like a Karen in her first term on her HOA or Condo board.

they have to start differentiating a ddos attack from an actual breach. one is far more interesting than the other
- I work in tech and I hate it when non-security people talk about it.
  It's really painful to read about "a new hack that can affect billions of accounts" from a source, only to learn its some new social phishing method.

It seems like they just did us all a favor.
- May just be the only thing that saves this country. Fewer people on social media is good for society at this point.

Is this how we find out that Truth Social was running even harder on hopes and dreams than 4chan was?

Small fries given the proved concept behind the colonial pipeline hack

A little part of me makes me happy that Truth Social isn't even recognizable by name. It's "US President Donald Trump’s social media platform"
- I'm happy that the news over here has to continually specify "the messaging service X". Though I wish they would avoid potential confusion and also say "formerly known as Twitter".
  
  "the messaging service X"
  Yes but which messaging service?

Good, now leak all the spicy dms.

Iran is kinda goated for this not gonna lie!

The best hacking. Everyone knows it. Everyone says it.

I'll bet Donakd Trump is very upset!

I bet it's the US.
They're already starting the 💀Iranian sleeper cell terrorists!!!!😱 scaremongering in the press.
These kinds of reports in the media are the first step in a known pattern of priming and nudging to rally up the public for another war.

Andrew Tated
- Andrew Tate's site was based on some OSS software that they didn't credit (in violation of the license) and was an old version with known vulnerabilities. Which is why it got hacked.
  I don't know if Truth Social is in the same boat, but it's possible. I think I heard it's just Mastodon with federation turned off? Or am I thinking of some other crappy alt-right site?
  
  It certainly had some Mastodon code but I think they sent them a C&D and they removed the it.

Would this count as a retaliation, which Trump warned them against?

isitdown reports its been down for over five days, which is quite pleasant.

Lmfao

173 comments