The breach of the right-wing provocateur was simply a way of “stirring up some drama,” the attacker tells WIRED. But the damage could have been much worse.
THE HACKER WHO claims to have compromised the Twitter account of right-wing commentator Matt Walsh last night says he meant no harm—though he was clearly in a position to exact some. The whole purpose of the attack, he says, was to stir up controversy and sow chaos on Twitter.
If that was all he was after, well, mission accomplished.
Walsh’s account first appeared compromised Tuesday night after a series of out-of-character posts appeared on his feed. They included jabs at fellow conservative media figures, including colleague and Daily Wire host Ben Shapiro. In a tweet directed at Shapiro, the hacker, who goes by the alias Doomed, wrote: “You Know What You Did, You Are A Closeted Homosexual And Hide Behind Being Jewish.”
Other tweets included “Joe Rogan Is A Pedophile,” and “I Can Confirm Andrew Tate Kidnapped And R*ped Those Girls,” a reference to the former British kickboxer and controversial misogynist arrested in Romania last year on allegations of human trafficking.
Walsh, who hosts a Daily Wire podcast named after himself, has been frequently characterized as an “online troll.” He’s previously described himself as a “theocratic fascist,” claims to believe anime is “satanic,” and pushed for state executions of doctors who provide minors with gender-affirming care.
Due to his efforts to foment attacks against the LGBTQ community online and in media, denigrating trans people in particular as “groomers,” Walsh drew criticism more recently over a series of resurfaced remarks in which he refers to girls as young as 16 as being the “most fertile.”
“The intent was to make funny tweets, as Matt Walsh likes to ‘trigger’ people,” said Doomed, who declined to provide his real name. “We caused no financial harm, threatened anyone, [nor] ruined anything.” It was merely, he says, “a few silly words on social media.”
A pinned tweet on Walsh’s profile, which was suspended a few hours after the hacks began, read: “My Pronouns Are That/N***a.”
The hack was accomplished, Doomed says, using a technique known as SIM swapping. The attack typically involves hackers tricking a cellular provider into switching a victim’s phone number to a SIM card the hackers control, rather than the one in the victim’s phone. Doomed, however, claims Walsh’s phone was compromised with the help of an “insider.”
In addition to his Twitter account, Walsh’s Google and Microsoft accounts appeared to have been compromised, granting Doomed unfettered access to the right-wing host’s private emails.
Several screenshots were provided as proof of the intrusion, including an apparent copy of Walsh’s W2 tax form, which lists his employer as Bentkey Services, LLC, the publisher of the Daily Wire. (Business records list Shapiro as the company’s director.) Other images included a direct message on Twitter from Shapiro from 2017; emails between Walsh and the conservative commentator Steven Crowder, host of the Louder with Crowder podcast, dated March 2014; and a photo of Walsh holding up a paper dated November 2020—apparently used to authenticate some type of accompanying message.
- BUSINESSOpenAI’s CEO Says the Age of Giant AI Models Is Already OverWILL KNIGHT
- CULTUREThe Love Is Blind Fiasco Proves Netflix Has a Lot to LearnAMANDA HOOVER
- CULTUREThe Castaways Who Built a Town From Their Wrecked ShipDAVID GRANN
- CULTUREA Final Plea From One of Netflix’s Abandoned DVDsZAK JASON
The emails between Walsh and Crowder are largely benign, with Crowder introducing himself before he and Walsh begin opining about the imminent collapse of the cable news industry (which has thus far failed to materialize) and the growing obsolescence of talk radio. “Talk about shrinking marketshares,” Walsh, a former terrestrial radio host himself, remarks. Walsh goes on to say that his primary goal is growing his personal brand for profit: “There’s certainly plenty of money to be made when you can get millions of hits online, and I’m a capitalist and I have a family, so I’ve decided to start getting serious about that.”
Other screenshots appear to show the hacker in the midst of compromising Walsh’s accounts, triggering authenticating requests received on the SIM-swapped device—attacks Walsh could have prevented by using an authentication app instead of receiving security codes via SMS, or by upgrading his defenses with a USB token such as a YubiKey. Twitter announced in February that it would no longer offer SMS authentication to people who don’t subscribe to its Blue service, a move security experts say is nonsensical.
“SMS is dogshit for security,” Doomed says.
The hacker, who acknowledged he was merely “bored” and felt like “stirring up some drama,” also used Walsh’s account to plug what he called a “silly ironic LGBTQ rap song” written by a friend. One tweet read: “I Ain’t A Gangsta, I’ma Sassy Shoota.” Vice News first reported on the meaning behind the tweet (though the hacker says promoting the song was not really his primary goal).
“I noticed he panicked and removed his iCloud and stuff,” Doomed says, adding he didn’t really care what Walsh had stored on it. “I literally only wanted his Twitter account to make stupid tweets. And it worked, both sides are arguing over it.”
Likely to the chagrin of Walsh’s online detractors, Doomed says he has no plans to continue plaguing the self-described “fascist,” telling WIRED that he’s already signed out of Walsh’s accounts and has even tried returning his access. (Attempts at contacting Walsh have so far failed, Doomed says.)
A WIRED email to Walsh went unanswered. However, understandably, he may not be immediately reachable for comment.