Courtesy of Mother Jones:
Four years ago, the Trump Organization experienced a major cyber breach that could have allowed the perpetrator (or perpetrators) to mount malware attacks from the company’s web domains and may have enabled the intruders to gain access to the company’s computer network. Up until this week, this penetration had gone undetected by President Donald Trump’s company, according to several internet security researchers.
In 2013, a hacker (or hackers) apparently obtained access to the Trump Organization’s domain registration account and created at least 250 website subdomains that cybersecurity experts refer to as “shadow” subdomains. Each one of these shadow Trump subdomains pointed to a Russian IP address, meaning that they were hosted at these Russian addresses. (Every website domain is associated with one or more IP addresses. These addresses allow the internet to find the server that hosts the website. Authentic Trump Organization domains point to IP addresses that are hosted in the United States or countries where the company operates.) The creation of these shadow subdomains within the Trump Organization network was visible in the publicly available records of the company’s domains.
The subdomains and their associated Russian IP addresses have repeatedly been linked to possible malware campaigns, having been flagged in well-known research databases as potentially associated with malware. The vast majority of the shadow subdomains remained active until this week, indicating that the Trump Organization had taken no steps to disable them. This suggests that the company for the past four years was unaware of the breach. Had the infiltration been caught by the Trump Organization, the firm should have immediately decommissioned the shadow subdomains, according to cybersecurity experts contacted by Mother Jones.
Now this is both interesting and troubling for a number of reasons, not the least of which is that using hacked information to blackmail people is a tried and true Russian tactic, which could help to explain why Donald Trump is so clearly Putin's little bitch.
The other troubling part is that if these remained active until this week that means they were fully functional during these first months of the Trump presidency, and there is no telling how much data they could have mined during that time. And if the Trump Organization and White House have not performed a huge cyber security sweep they could STILL be gathering information.
Keep in mind that Trump once bragged that the reason the DNC had been hacked and the RNC had not, which is a lie by the way, is because the Republicans had better cyber security.
I would suggest that this new information drives a stake right through that argument.
From the article:
This week, a researcher named C. Shawn Eib wrote a blog post highlighting the existence of the shadow subdomains, which had been referenced in a Twitter thread several weeks ago. Eib noted that “more than 250 subdomains of domains registered to the Trump Organization redirect traffic to computers in St. Petersburg, Russia.”
Another computer security expert, who also asked not to be named, notes that this network of shadow subdomains may have been established by a criminal enterprise looking to use the Trump Organization’s computer system as the launching pad for various cyberattacks on other individuals or entities. But, he adds, this breach also could be exploited by state or nonstate actors attempting to infiltrate the Trump Organization. “At the least,” he remarks, “it shows the Trump Organization has been badly run.”
In his blog post, Eib notes, “With an organization of this size, and with the added security concerns and scrutiny that a presidential campaign and victory would entail, it would be inexcusable for this to not have been discovered by their IT department. Any basic security audit would show the existence of these subdomains, and what servers they’re leading to. This is sloppy at best, and potentially criminally negligent at worst, depending on the traffic that is being run through these servers.”
Mother Jones reached out to the Trump Organization for comment, and they essentially denied the accuracy of this reporting.
Of course they did.
By the way also keep in mind that just this summer Donald Trump floated the idea of creating a joint cyber security unit with the Kremlin.
Four years ago, the Trump Organization experienced a major cyber breach that could have allowed the perpetrator (or perpetrators) to mount malware attacks from the company’s web domains and may have enabled the intruders to gain access to the company’s computer network. Up until this week, this penetration had gone undetected by President Donald Trump’s company, according to several internet security researchers.
In 2013, a hacker (or hackers) apparently obtained access to the Trump Organization’s domain registration account and created at least 250 website subdomains that cybersecurity experts refer to as “shadow” subdomains. Each one of these shadow Trump subdomains pointed to a Russian IP address, meaning that they were hosted at these Russian addresses. (Every website domain is associated with one or more IP addresses. These addresses allow the internet to find the server that hosts the website. Authentic Trump Organization domains point to IP addresses that are hosted in the United States or countries where the company operates.) The creation of these shadow subdomains within the Trump Organization network was visible in the publicly available records of the company’s domains.
The subdomains and their associated Russian IP addresses have repeatedly been linked to possible malware campaigns, having been flagged in well-known research databases as potentially associated with malware. The vast majority of the shadow subdomains remained active until this week, indicating that the Trump Organization had taken no steps to disable them. This suggests that the company for the past four years was unaware of the breach. Had the infiltration been caught by the Trump Organization, the firm should have immediately decommissioned the shadow subdomains, according to cybersecurity experts contacted by Mother Jones.
Now this is both interesting and troubling for a number of reasons, not the least of which is that using hacked information to blackmail people is a tried and true Russian tactic, which could help to explain why Donald Trump is so clearly Putin's little bitch.
The other troubling part is that if these remained active until this week that means they were fully functional during these first months of the Trump presidency, and there is no telling how much data they could have mined during that time. And if the Trump Organization and White House have not performed a huge cyber security sweep they could STILL be gathering information.
Keep in mind that Trump once bragged that the reason the DNC had been hacked and the RNC had not, which is a lie by the way, is because the Republicans had better cyber security.
I would suggest that this new information drives a stake right through that argument.
From the article:
This week, a researcher named C. Shawn Eib wrote a blog post highlighting the existence of the shadow subdomains, which had been referenced in a Twitter thread several weeks ago. Eib noted that “more than 250 subdomains of domains registered to the Trump Organization redirect traffic to computers in St. Petersburg, Russia.”
Another computer security expert, who also asked not to be named, notes that this network of shadow subdomains may have been established by a criminal enterprise looking to use the Trump Organization’s computer system as the launching pad for various cyberattacks on other individuals or entities. But, he adds, this breach also could be exploited by state or nonstate actors attempting to infiltrate the Trump Organization. “At the least,” he remarks, “it shows the Trump Organization has been badly run.”
In his blog post, Eib notes, “With an organization of this size, and with the added security concerns and scrutiny that a presidential campaign and victory would entail, it would be inexcusable for this to not have been discovered by their IT department. Any basic security audit would show the existence of these subdomains, and what servers they’re leading to. This is sloppy at best, and potentially criminally negligent at worst, depending on the traffic that is being run through these servers.”
Mother Jones reached out to the Trump Organization for comment, and they essentially denied the accuracy of this reporting.
Of course they did.
By the way also keep in mind that just this summer Donald Trump floated the idea of creating a joint cyber security unit with the Kremlin.
