Slashdot Mirror

← Back to Stories (view on slashdot.org)

Donald Trump Running Insecure Email Servers (theregister.co.uk)

Posted by msmash on from the pol-and-kettles dept.

Donald Trump has slammed Hillary Clinton for using private email servers numerous times, but it turns out his inboxes aren't that secure either. From a report on The Register: Security researcher Kevin Beaumont discovered the Trump organization uses a hopelessly outdated and insecure internet setup. Servers on the Trump Organization's domain, TrumpOrg.com, are using outdated software, run Windows Server 2003 and the built-in Internet Information Server 6 web server. Microsoft cut off support for this technology in July 2015, leaving the systems unpatched for the last 15 months. In addition, Beaumont said he'd found that emails from the Trump Organization failed to support two-factor authentication. That's particularly bad because the Trump Organization's web-based email access page relies on an outdated March 2015 build of Microsoft Exchange 2007, he says. "Windows Server 2003, IIS 6 and Exchange 2003 went end of life years ago. There are no security fixes. They don't have basics down," the UK-based researcher concludes. Beaumont's findings are based simply on inspecting publicly available information rather than actively scanning for vulnerabilities or attempting to gain access to insecure systems, a point lost on Trump supporters who have reported him to the Feds.

41 of 445 comments (clear)

  1. But . . . by reboot246 · · Score: 5, Insightful

    Trump is not the Secretary of State. He doesn't have the country's classified documents on his server.

    1. Re:But . . . by Anonymous Coward · · Score: 5, Insightful

      Exactly. Thread closed.

    2. Re:But . . . by Software · · Score: 5, Insightful

      One of Trump's frequent arguments is that he's so much better than Clinton because he "hires the best people." This story puts the lie to that.

    3. Re:But . . . by Anonymous Coward · · Score: 5, Insightful

      Exactly right. This article REEKS of whiny liberal finger pointing. When he's Secretary of State and hides an email server in his bathroom at his house, then you have a scandal. Kevin Beaumont comes off like a juvenile, as do the author and anyone citing this "article" as some kind of "gotcha" moment.

      But liberals, who claim keeping a server in your bathroom closet when your the Secretary of State is a "non issue", will undoubtedly continue to show their hypocrisy with this.

    4. Re:But . . . by ScentCone · · Score: 5, Informative

      As if the Secretary of State even had access to the truly classified documents...

      Yes, the SoS does have access to such. And is regularly briefed on stuff that's much, much more sensitive than merely "classified." The person holding that job is on the short list of people in line for the presidency if a small number of particularly bad things happen.

      The documents Clinton had slopping around on her home computer included things that were considered so sensitive that the intel community insisted not on merely having the contents redacted, but on the documents not even being abstractly described (in terms of dates, to/from info, let alone the actual content).

      --
      Don't disappoint your bird dog. Go to the range.
    5. Re:But . . . by amRadioHed · · Score: 4, Insightful

      Sure, what would a multi-billion dollar organization need security for? That makes sense.

      --
      We hope your rules and wisdom choke you / Now we are one in everlasting peace
    6. Re:But . . . by amiga3D · · Score: 4, Insightful

      House Chairman on the intelligence committee has a very high clearance and there were many of the documents that even he wasn't cleared for. The fact that she had highly classified material on the private server is indisputable. The only dispute is whether it was a crime or not. Basically the FBI accepted her explanation that she's an idiot and I have to agree, she is. Arrogance is it's own kind of stupidity.

    7. Re:But . . . by unixisc · · Score: 5, Insightful

      Trump is not the Secretary of State. He doesn't have the country's classified documents on his server.

      Precisely! It's not like Trump has overridden the State Department and insisted in substituting their secure servers for his insecure ones. It just happens that his organization uses servers that it bought way back 12 years ago, and didn't consider it worthwhile getting onto the Microsoft upgrade treadmill. Can't say that I would fault them.

      But they might do well to look into migrating to either Linux or one of the BSDs, so that this is not an issue going forward

    8. Re:But . . . by amiga3D · · Score: 2

      I know how they work. He stated that he didn't have a "high enough clearance" to read the damn things. I don't know what it was or what classification it was as he couldn't even really talk about what little they let him know about it. Evidently Mrs. Clinton didn't know how they work. I expect her briefing got pencil whipped.

    9. Re:But . . . by TheGratefulNet · · Score: 2

      you can't fault him/them??

      seriously?

      public facing email servers that run OLD MS software and its 'not a big deal'?

      what planet do you live on? because here on earth, it IS a big deal.

      it shows he does not care (his people, that is) or they are short-changed funding (that's worth noting) and attention to detail is not something his org values (also worth noting).

      all this matters. its a statement about his management and what his people (that he hires) care about; or even worse, are ABLE to understand enough to care about.

      the guy has more money than anyone would ever need, and yet he cheaps out on software updates on PUBLIC FACING SERVERS.

      stupid. beyond stupid. its actually reckless.

      NOT THE KIND OF GUY I WANT RUNNING MY COUNTRY.

      yes, this detail does matter. especially when he's so fond of throwing dirt on other peoples' mistakes.

      --

      --
      "It is now safe to switch off your computer."
    10. Re: But . . . by Rei · · Score: 2

      Don't be silly. Russia's paid trolling agency is headquartered in St. Petersburg, not Moscow.

      --
      "99 dead duelists of Dios on the wall. 99 dead duelists of Dios! Take one's ring, pass it around..."
    11. Re: But . . . by KenHansen · · Score: 4, Informative

      His National Security briefings are received in-person, not presented as emailed PPT presentations... You know, once upon a time it was considered a good security technique to change the identity signatures of your server to mid-lead would-be hackers. I'' not saying that Trump's IT team did this, but the basis of this 'report' is that some, without ever attempting to hack into the servers, used 'public records' to determine he was running Windows Server 2003 & IIS 6. I find it hard to believe it never occurred to anyone to try and hack into his servers, or if it did occur to them that they were found to be impenetrable... Bottom line, a lazy reporter extrapolated a story out of a few server identification response strings. Wow.

    12. Re: But . . . by KenHansen · · Score: 2

      Trumporg.com redirects to trump.com - what does trump.com run on? BTW, trumporg.com is NOT his campaign website - it's a brochure web site with very little else on it and appears to be hosted on cloudflare-ngix web servers.

    13. Re:But . . . by AmiMoJo · · Score: 3, Insightful

      It shows that he is at least as incompetent as she is. In fact it's part of a pattern of behaviour, where he claims to have the best people but it turns out to be untrue, e.g. Trump University.

      It's also rather interesting that the Russians or whoever hacked the DNC looking to weaken their campaign, but didn't hack him even though they easily could have. Or more likely they did, but didn't release the stolen data.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    14. Re: But . . . by kilfarsnar · · Score: 2, Informative

      Hillary was responsible for deaths at Beghazi.

      How many hearings did the Republicans hold on this issue? They investigated it over and over. And they came up with nothing. If they had found anything they would have run with it. And yet here you are, still fucking that chicken.

      --
      "What the American public doesn't know is what makes them the American public." -Ray Zalinsky (Tommy Boy)
    15. Re: But . . . by unixisc · · Score: 2

      ngix - isn't this the web server for the BSDs? In which case, it seems to me that it's very secure. Are they running the Windows Server 2003 in the cloud, under this environment?

    16. Re:But . . . by aquacrayfish · · Score: 3, Insightful

      Since when do you 'need the best people' to understand that running a currently unsupported OS from 2003 is a bad thing? That isn't hard to understand or update.

    17. Re: But . . . by notatree · · Score: 2

      No, but nice try: http://www.snopes.com/clinton-...

    18. Re:But . . . by thegarbz · · Score: 2

      This story puts the lie to that.

      Does it? Or maybe he hired people who were smart enough to obfuscate the identity of a server by claiming it's something else. Or do you believe that neither were people trying to hack trump, nor could they figure out how to break IIS 6 on an obsolete unsupported OS? /Posted from Mosaic 2 running Windows 95. Honest.

  2. As much as I dislike Trump ... by MacTO · · Score: 4, Insightful

    These allegations are different from the Clinton allegations. They point to possible incompetence in maintaining a private email system, in contrast to allegations of violating govenment policies and regulations regarding a government official. Had Trump done something like this while working in government rather than campaigning for office, the allegations would hold more weight.

    1. Re:As much as I dislike Trump ... by ScentCone · · Score: 2

      If his team can't do the job now, why would we expect them to do any better if they get elected

      Because "his team" isn't going to be the people running the elaborately secure IT infrastructure that protects internal/secure communications at the White House. Which you know. So what's your point, exactly, other than spreading FUD?

      --
      Don't disappoint your bird dog. Go to the range.
    2. Re:As much as I dislike Trump ... by smooth+wombat · · Score: 5, Informative

      So she was following the example of Bush who didn't preserve millions of emails as the law requires so he could hide his illegal activities from FOIA requests.

      Got it.

      --
      We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
    3. Re:As much as I dislike Trump ... by Tesen · · Score: 4, Insightful

      Except the White House/State Department told her she could set up her own server.

      And the fact that past administrations did the same damn thing. Shit, I still want those 22 million Bush era emails back.Nay, the email situation, the Benghazi attacks (another right wing hack job) stems from decades of mismanagement and unfortunately the old saying holds true: "Here is the new boss, who is the same as the old boss".

      I would take the Clinton email situation a little more seriously if The Congress didn't target her specifically to take down and give previous administrations free passes. Seriously, Clinton is a result of what the "oversight" committees have let run loose and wild for decades. The entire point of the three branches of government were controls and oversights, so we have 13 embassy attacks with 60 dead prior to Benghazi, ZERO, ZERO investigations or people held accountable, status-quo oh well, more peons where they came from. We have the Bush administration using RNC servers for government correspondence to avoid FOI too and contrary to what you all may believe, the RNC is not the government, it is simply a political organization (you can start one too if you wanted!), nothing done or said, no one held accountable.

      If you think Trump is an outsider and will not fall victim to the above you would be mistaken; Trump did not get to where he is without rubbing elbows with the political and financial elite; I mean shit, Trump by his own admissions is one of the financial elite as he says he is worth billions of dollars (definitely got a taxpayer bail out, by not paying nearly a billion dollars in taxes, sounds like an elitist to me). If we have learned anything over the last decade and a half (thank you Mr. Snowden) that the elite think they can do whatever they want. Trump is a prime example of this (as is Clinton).

      Trump also claims that he is the best at everything because he hires the best people; this email server may contain nothing that can be used against Trump (whether publicly of privately), but it does show a lack of critical thinking. Out of one side of his mouth he is taking Hillary to task about her insecure email environment that was compromised with sensitive material on it, and the other side of his mouth he is so arrogant he has not even tried to clean his own house...

      Bottom line: If Trump gets in, we are totally and utterly fucked, if Hillary gets in, we are a lot less fucked, but still fucked...

      Reach around anyone?

    4. Re:As much as I dislike Trump ... by smooth+wombat · · Score: 4, Insightful

      And yet time and again Clinton is used to point out this or that even though he hasn't been president for well over a decade.

      Make your mind up. If the lies and criminal acts of Bush and Cheney can't be used in a discussion than neither can Bill Clinton.

      And no, crimes of past president's are not irrelevant. They are very relevant since they show the hypocrisy of people who will excuse those crimes but suddenly become appalled when someone else does the exact same thing. If you didn't consider it a crime then you can't consider it a crime now.

      You can't have it both ways hypocrite.

      --
      We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
    5. Re:As much as I dislike Trump ... by dbIII · · Score: 2

      It is entirely relevant since those others who did far more extreme things of a similar type are not being called criminals.

    6. Re:As much as I dislike Trump ... by Gussington · · Score: 3, Insightful

      When someone points out Hillary's crimes there is always someone that pops up with "well Bush did this" or Cheney did that...the crimes of past presidents are irrelevant to discussion. We're talking about Hillary being a criminal, stay on topic

      Except in law it does matter, because the law has to be consistent. So if want to convict Hillary, you'll also have to line up Colin Powell, Condi Rice, and George W Bush.
      The simple fact is everyone did it, including Trump, which is why it's a non-issue. You can't convict them all.

  3. Far be it for me to defend the moron... by Type44Q · · Score: 3, Insightful

    Far be it for me to defend the moron... but did the dipshit who posted this bother to consider that Trump isn't the fucking Secretary of State and it therefore doesn't fucking matter.

    1. Re: Far be it for me to defend the moron... by ChrisMaple · · Score: 2

      Insecure email setups matter if you handle classified material; insecure email setups matter when their use is illegal.

      --
      Contribute to civilization: ari.aynrand.org/donate
  4. Re:Let's repeat it again, Hillary fans... by PopeRatzo · · Score: 4, Interesting

    Trump isn't the Secretary of State and don't handle classifieds documents.

    UNDERSTOOD ?

    Donald Trump is being given national security briefings, so who knows?

    --
    You are welcome on my lawn.
  5. trumporg.com? by rduke15 · · Score: 4, Funny

    He couldn't decide between getting an .org or a .com domain, so he took trumporg.com?
    Anyway, trumpcom.org is still available if someone has an idea of something to do with it...

    $ whois trumpcom.org
    NOT FOUND
    >>> Last update of WHOIS database: 2016-10-19T23:47:43Z

    1. Re:trumporg.com? by ScentCone · · Score: 3, Insightful

      He couldn't decide between getting an .org or a .com domain, so he took trumporg.com?

      He is involved in several hundred business ventures and holdings. Collectively, those companies are and have for a long time been referred to as "The Trump Organization." And it's a business, so a .com domain of a shortened version of his company's familiar name makes sense. All of which you know, so the question is why you're pretending to be dumb so you can toss out some lame, faux-misinformed ridicule in hopes of scoring a couple of pointless points with low information readers.

      --
      Don't disappoint your bird dog. Go to the range.
  6. Classified documents. by galabar · · Score: 2

    He better get those servers secured. We wouldn't want to leak any classified documents. Hey, wait a minute... :/

  7. Also by Xenographic · · Score: 2, Funny

    The man can't even hide his bald head. If there was anything juicy to leak, you'd think they'd have already leaked it by now because it's pretty clear that he has a server that anyone could've robbed ages ago.

    If you want juicy Hillary quotes, you read her FBI files or the Podesta dump. If you want juicy Trump quotes, you can just read his damn Twitter feed.

  8. Are they asking to be hacked? by hawguy · · Score: 3, Informative

    Seems like they just put out a call to be hacked:

    The Trump Organisation responded to Beaumont’s criticism by putting out a statement to the media saying that its web setup is shielded behind a firewall.

    The Trump Organization deploys best in class firewall and anti-vulnerability technology with constant 24/7 monitoring. Our infrastructure is vast and leverages multiple platforms which are consistently monitored and upgraded using current cyber security best practices.

  9. Re:You Trump supporters and your damn facts by vux984 · · Score: 4, Informative

    So what if he is just a private citizen and doesn't even have access to (supposedly) secure government servers.

    Nobody is expecting him to be using servers audited and monitored by the NSA.

    They expect him to be using servers that aren't running EOL versions of Windows 2003. Because, in Trump's own word's...

    "Iâ(TM)m going to surround myself only with the best and most serious people. We want top of the line professionals."

    I

  10. Re:Let's repeat it again, Hillary fans... by random_ID · · Score: 2

    Trump isn't the Secretary of State and don't handle classifieds documents. UNDERSTOOD ?

    I'm not generally a grammar nazi, but seeing a Trump supporter post like this is pretty damn funny.

  11. This changes the hacks by dirk · · Score: 4, Interesting

    So this certainly puts a different spin on the DNC and Clinton email hacks. It certainly looks more and more like they were politically motivated. A curious child could hack this setup and yet there has been no release of documents from the Trump campaign's email servers. If it truly was about just sharing information, why would they not attack both sides? The longer it goes, the more it looks like someone (or someones) is purposely trying to influence the election with the hacks and leaks. If Wikileaks was really about just releasing information, why would they be slowly releasing the hacked emails over time before the election instead of just releasing them all at once? IT's not like the scrub person information from them, so what is the purpose of slowly dishing them out if not to keep it in the news and influence people?

    --

    "Information wants to be expensive" - Stewart Brand, the same guy who said "Information wants to be free"
  12. Re:Exactly by bigwheel · · Score: 2

    I'd get a laugh if Trump's IT people did it on purpose, trolling for a sucker that thinks he's an easy target. What better way to get some fool to download and open a doc, and unleash a trojan horse.

  13. Yeah, it's SOOO hard to hack old IIS servers. by Xenographic · · Score: 4, Insightful

    Are you actually trying to make people here on Slashdot believe that it takes a state actor to hack an old IIS server?

    Are you actually telling me that none of the people worried that Trump will start a nuclear war would be willing or able to dump the contents of an old IIS server if they could find anything juicy in there?

    I bet someone already DID steal it and are having trouble finding anything more interesting than the stuff he puts on Twitter. I wonder if CNN will try to tell us that looking through a Trump dump is illegal if they ever get one?

  14. Re:A kind of Godwin's law. . . by Idou · · Score: 2

    I might have unnecessarily put "ir" in front of "regardless", but you unnecessarily put a hyphen in nonstandard in a GRAMMAR NAZIS POST. I mean, come on!

    --
    Sdelat' Ameriku velikoy Snova!
  15. Not uninteresting by XXongo · · Score: 3, Insightful

    Exactly. Thread closed.

    Just because he is not secretary of state does not mean that it's uninteresting that his e-mail servers are not secure.

    It does bring up an interesting question: so, why are only DNC email being leaked? If the Trump servers are also insecure, why aren't we seeing leaks of them?