1. News

Weak password or 'phishing' emails may explain takeover of Buckhorn's tweets, experts say

Tweets posted from Buckhorn's account include threats against Tampa International Airport and others along with racist and pornographic images.
The Twitter account of Tampa Mayor Bob Buckhorn was hacked early on Feb. 21, 2019.
Published Feb. 21

TAMPA — The messages were too vile to look at, so different from the Tampa boosting that usually flows from the city's tweeter-in-chief they drew immediate attention.

Even at 4 in the morning.

Early Thursday, someone took over @BobBuckhorn, the Tampa mayor's Twitter account, and posted some 60 tweets with images and messages containing racism, child pornography, and a bomb threat aimed at Tampa International Airport.

The hackers also changed the mayor's name on the account to "Bob Cuckhorn" and replaced his image.

Tampa police said the threats did not appear to be credible. An investigation is under way and the FBI has agreed to help, said police spokesman Steve Hegarty.

Ashley Bauman, spokeswoman for Buckhorn, said in a news release, "this was clearly not Mayor Buckhorn."

The last message actually sent by the mayor before the attack, on Wednesday evening, welcomed the NCAA Women's Final Four basketball tournament to Tampa this April.

Buckhorn's account, with more than 52,000 followers, was suspended early Thursday, cleared and restored shortly before noon.

The city used the attack to issue a warning about the use of digital communications.

"We urge residents to change their passwords," Bauman said, "and continue to alert officials when they see an unlikely change in account activity."

Buckhorn, who was out of town Thursday, learned about the attack immediately. In addition to the mayor, Bauman and two of her staff members have access to the mayor's Twitter account.

The city of Tampa and police have reviewed other social media accounts, Hegarty said, and found no evidence of other attacks.

The tweeted threat against Tampa International Airport read, "@FlyTPA I have hidden a bomb in a package somewhere at the Tampa International airport. Looking forward to seeing some minorities die."

Airport officials tweeted a statement reiterating that police didn't view the threats as credible but were "taking appropriate action to ensure the safety" of passengers.

The airport is operating under normal conditions, the statement read.

A local cybersecurity expert said the account likely was taken over in one of two ways.

One is exploiting bad password management, said Stu Sjouwerman, founder and chief executive of KnowBe4, a Clearwater-based cybersecurity firm.

Whoever manages the account may have used a weak password that was easy to guess, or other digital accounts may have been compromised and found to contain the Twitter account's password, said Sjouwerman, who has no direct knowledge of the attack.

The other possibility, he said, could be phishing — sending messages from a fake email account that look similar to a real, trusted account. Typically, he said, these accounts come with links that, once clicked, give hackers access via a program called a "key logger" to every keystroke a user makes.

After reading copies of the tweets provided by the Times, Sjouwerman surmised the attack could be the work of "some digital delinquents active at 4CHAN doing it for the LULZ." Translation: 4chan is a website where users can generally post anonymously and lulz means malicious acts, like hacking, done for amusement and attention.

His explanations were echoed by Sri Sridharan, managing director and chief executive of the Florida Center for Cybersecurity at the University of South Florida.

"They had to have access to do the kind of damage they have done," Sridharan said.

Investigators with the Department of Homeland Security were apprised of the attack and agreed with this assessment.

"They had the same conclusion as I did," Sridharan said. "Someone hacked into the password and had a field day."

"This is pretty disgusting stuff," he added. "It's impossible to figure out, at this stage, who could have done this." Fortunately, Sridharan said, the attack didn't cause much damage.

"This was a PR stunt more than anything else," he said. "It was a lot of mischief someone did for bragging rights."

Tampa has experienced the breach of a public agency's social media before.

In January 2015, Twitter and YouTube accounts belonging to U.S. Central Command, headquartered at MacDill Air Force Base, temporarily were taken over by a group calling itself the CyberCaliphate.

The group claimed to be aligned with the Sunni insurgent group Islamic State but actually was connected to Russian hackers, British authorities told the Washington Examiner.

The CentCom hacks appeared to be unsophisticated and no classified information or networks were accessed, authorities said.

But the hackers did manage to post unclassified information, CentCom said, such as the names and addresses of retired U.S. military officers, PowerPoint slides about military operations in Asia, and threats against U.S. military personnel.

The command, which oversees U.S. military operations in the Middle East and Southwest Asia, is treating the incident as cybervandalism.

Contact Howard Altman at Follow @haltman.


  1. Toby Johnson is the new principal of Martinez Middle School. MARLENE SOKOL  |  Times staff
    The School Board also suspended Martinez Middle’s former principal.
  2. Former NFL running back Warrick Dunn spends time with new homeowner LaToya Reedy and her son, AnTrez, at 918 43rd St. S. SCOTT KEELER  |  Times
    The retired Tampa Bay Buccaneer running back partnered with Habitat for Humanity and others to give a hardworking nursing assistant and her son the home of their dreams.
  3. Duke Energy Co. workers are competing in a line worker competition in Kansas this week. | [Courtesy of Duke Energy Florida] Duke Energy Florida
    Four Duke Energy Florida competitors are from Tampa Bay, as well as two coaches.
  4. An 18 month-old girl died after being left in a car Monday. No charges are expected, police say. WFTS  |  Courtesy of
    No charges are expected after 18 month-old girl was left in a Jeep as her father took a truck to work, police say.
  5. University of South Florida forensic anthropologist Erin Kimmerle pieces together a skull that might have been Amelia Earhart's. SANDRA C. ROA  |  University of South Florida
    DNA from a skull found in 1940 could prove whether the famous aviator has been found.
  6. Alexandra Toigo, 32 and Sabrina Pourghassem, 23, pose for a photo at Hofbrauhaus St. Petersburg holding their signature beer mugs during Oktoberfest 2018. "LUIS SANTANA  |  TIMES"  |  Tampa Bay Times
    The beer hall’s property owners filed a lawsuit saying the restaurant missed its rent starting in August.
  7. Port Tampa Bay on Tuesday agreed to sell a half-acre it owns near the Florida Aquarium for $4.7 million to Streams Capital of Tampa, which is looking at building a 33-story condominium and hotel tower. RICHARD DANIELSON | Times
    The buyer, Streams Capital of Tampa, is looking at building a 33-story tower with a hotel, condominiums and retail.
  8. Nearly a year after it was left abandoned and half-sunk off the Tampa side of the Howard Frankland Bridge, a salvage crew finally raised and towed the Moonraker II to the Courtney Campbell boat ramp. It is slated to be crushed. OCTAVIO JONES  |  Times
    The boat was an eyesore to those who live off Tampa Bay. Then it became a political statement. Now it’s been towed and will soon be crushed.
  9. Republican Sen. Joe Gruters said Florida consumers are required to pay the sales tax, but rarely do so if online sellers don't collect it.
    The Senate Commerce and Tourism Committee unanimously approved the bill Tuesday.
  10. Stephanie Vold, a medical assistant and intake specialist for OnMed, holds the door while Austin White, president and CEO of the company, talks with a nurse practitioner during a demonstration of their new telehealth system at Tampa General Hospital on Tuesday. The hospital is the first to deploy the OnMed station and plans to install them at other locations. OCTAVIO JONES  |  Times
    The closet-size “office” with a life-size screen is another example of the changing face of medicine.