Slashdot Mirror
Any Half-Decent Hacker Could Break Into Mar-a-Lago (alternet.org)
MrCreosote writes: Properties owned and run by the Trump Organization, including places where Trump spends much of his time and has hosted foreign leaders, are a network security nightmare. From a report via ProPublica (co-published with Gizmodo): "We parked a 17-foot motor boat in a lagoon about 800 feet from the back lawn of The Mar-a-Lago Club in Palm Beach and pointed a 2-foot wireless antenna that resembled a potato gun toward the club. Within a minute, we spotted three weakly encrypted Wi-Fi networks. We could have hacked them in less than five minutes, but we refrained. A few days later, we drove through the grounds of the Trump National Golf Club in Bedminster, New Jersey, with the same antenna and aimed it at the clubhouse. We identified two open Wi-Fi networks that anyone could join without a password. We resisted the temptation. We have also visited two of President Donald Trump's other family-run retreats, the Trump International Hotel in Washington, D.C., and a golf club in Sterling, Virginia. Our inspections found weak and open Wi-Fi networks, wireless printers without passwords, servers with outdated and vulnerable software, and unencrypted login pages to back-end databases containing sensitive information. The risks posed by the lax security, experts say, go well beyond simple digital snooping. Sophisticated attackers could take advantage of vulnerabilities in the Wi-Fi networks to take over devices like computers or smart phones and use them to record conversations involving anyone on the premises."
Dumb news organization admits it broke the law!
Trump just wants to make sure that everyone can see we have the best cyber.
The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
Because Trump himself configured all of these insecure WiFi points, and not some clubhouse staffer making $12/hr?
But heaven forbid, should he be mislead into using a personal email server no one tells him isn't locked down properly.
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
Now. Show me that you were able to do more than break into the equivalent of Starbucks public network.
If you're scared of your govt then you need to further restrict its powers
Vote 3rd Party in 2016 and beyond
That Trump would spend top dollar on network security. But this is the same guy who tweets and calls old buddies on an insecure cellphone. Your tax dollars at work.
Open wifi isn't necessarily a security risk. Every Starbucks has one.
Good thing that you pointed this out..
In other words, you know that violating the CFAA has draconian penalties and you want some stupid script kiddie to take the risk for you....
After all, they're the ones who gave Trump the money to build the place!
Or do you only make excuses for that when Hillary! does it?
Nah, no double standard here at all.
Ever think the network is set up to attract ........
Since Trump had no chance at being elected, why would anyone bother hacking into his/his company's stuff? Especially since he was not in government service, unlike certain other candidates at the time.
Now, it's completely different, of course, but at the time it would have been a waste of time/resources.
1. Was this done with written permission from the network owner? If not, you opened yourself up to legal action by the network owner if they choose to pursue it.
2. Good job identifying "weak" encryption. Probably WEP. Open wifi that was probably open for guests to connect to. Not impressed.
3. Can you provide more details on the servers running outdated software and then provide proof that those outdated versions have security vulnerabilities that newer versions fix?
4. Expand on "unencrypted login pages to back-end databases containing sensitive information" and how you arrived at that conclusion, please.
Please write a HOWTO so we all can learn how to connect to an open wifi network. This sounds awesome. Great story, Gizmodo/BeauHD!
Most hotels in the US now seem to provide wifi. In my experience it is secured by either an easily available password or a login page. Many guests expect easy to use wifi.
In such circumstances is it possible to have secure wifi?
Did they send you a bill for the porn you watched?
HACK THE PLANET!
Wanna buy a shirt?
https://www.redbubble.com/people/stealthfinger/shop?asc=u
I wonder how many public networks Camp David has.
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
OH MY GOD!!! You found open wi-fi at a hotel! STOP THE PRESSES! How can this be allowed to happen, that a hotel has open wifi that anyone can connect to in order to register at the captive portal for internet access?
I have a feeling you will be intercepted and detained if you try this during a Trump visit.
The exclusion zone for boats, cars and aircraft is pretty invasive and I believe their choice of locations would be off limits.
Then there is the whole, what did you actually hack into? A lightly defended public WiFi network where the WEP key is on a sign in the lobby? Heck, even the Point of Sale and reservations systems? How's that an issue for national security? It's not like we don't already know when Trump is there and when he's not... What else you got? The ability to charge Trump's room for some pay-per-view movie? Yea that might embarrass him I guess...
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Fox News reporting.
and read the sign that says "This month's WiFi Password is GOLF". It's a country club. They assume you belong there, unless you don't look like you belong there. What is the point of securing a network that has a publicly available password?
move the masses? our imaginary secrets would become infused with each others'... that's the spirit,, cease fire stand down,, free the innocent stem cells,, no bomb us more mom us,, hugs not thugs... help end the neverending wmd on credit religious abuse franchise holycost in our lifetime.. some still calling this 'weather'? thanks again
This would be different from a majority of the companies and some government networks... how? Security has always been an after thought for most companies as it is deemed too expensive. Maybe the hacking will escalate the costs to a point that they will start paying attention to it a little more.
Well known Russian spies like Kizlyak might break into his network, and get top secrets, maybe even 'code word' level secrets. Oh wait, all they have to do is visit Trump and ask him and he'll tell them.
There's still the matter of the two spies, one FSB and one ex-FSB which fit the profile of two US contacts source to verify the pee memos. They were arrested for treason just after Trump got the unredacted version of the memos listing the sources that confirmed parts of the memo as true.
So who gave Putin the names of these (likely) US agents? Was that another one of Trumps telephone calls?
http://www.cbsnews.com/news/russia-treason-fsb-spies-kaspersky-labs-us-intelligence-denies-cia-hacking/
"MOSCOW -- Russian news agencies are reporting that former members of the domestic security agency and a cybersecurity expert have been formally charged with treason."
"Reports emerged last week that three officials of the Federal Security Service (FSB) and an executive for cybersecurity company Kaspersky Labs had been arrested for treason. Government officials haven’t commented on the case .... citing a named Russian official said to be close to the Kremlin, Mikhailov was the leader of a covert hacking group known by the name “Humpty Dumpty” that “cooperated with the Ukrainian SBU (security service), which is the same as working for the CIA; he worked with them, which is obviously treason.”
So likely CIA agent names were given to Putin shortly after Trump got access to that data.
McMasters tried to misdirect the leak that you witnessed Trump give to the Russians. But was there all the time? i.e. could Trump have given them more details of other secrets? Trump seems to feel comfortable giving top secrets to Russian spies likes its an everyday thing, so I wonder how much he said that McMasters didn't witness in that session alone.
They went all James Bond on folks and pointed their " hacker-antenna " at the building and found weak or unprotected access points.
And ?
Guest access is typically open access which would explain the latter pretty quickly.
Weak access could be any number of networks, but not necessarily one that would be useful to anyone.
I swear, the media is going full Autistic when it comes to trying to destroy EVERYTHING that is Donald Trump. If the information is negative, or can be spun into a negative light, they are making sure the entire world hears about it. 24/7 Regardless if there is any truth to it or not.
Lots and lots of rumors, " secret sources ", and whatnot, but not a shred of concrete evidence.
WTF has happened to journalistic integrity ?
https://platzdermars.blogspot....
I did a quick wireless network scan when I was down there in February and I could get in to the network in less than a few hours from off-site. You had better believe the FBI has that place under surveillance.
Mar-a-lago is a commercial resort and not a secure government facility. Should they have better security? Yes. Is this any reflection the Trump administrations ability to run the country. No. As long as the administration and any visiting dignitaries do not have any assets on those networks who cares.
Before you get your panties in a twist, I don't think the man should even be running a frozen banana stand but bandwagon articles like this distracts from other things that are actual grounds for concern and impeachment. Like firing the director of the FBI because he wouldn't stop an investigation you didn't like (which Trump himself admit was the reason in the interview Lester Holt). Or the fact that the administration's defense of his given classified information to the Russians was that he never reads security briefs in enough detail to know the sources or identifying information that would compromise the sources (seriously).
"Any Half-Decent Hacker Could Break Into Pretty Much Any Hotel, Coffee Shop or Car Dealership In The Country Because Their Networks Are Set Up By Someone Who Has No Clue About Security."
FTFY
I hope nobody here thinks that this is a Trump-exclusive. He's in really good company, the more exclusive and elitist a club or establishment, the more likely their non-physical security sucks big time. Why? Same reason as everywhere, nobody who could sensibly demand it knows jack shit about it, so why bother throwing money at it? Worse, securing something invariably cuts into its usability. I'm actually surprised those access points had any kind of security. None of the oh-so-important people complained yet that they're too stupid to configure their toy to connect? Oh, sorry, let me rephrase it: None of them complained yet that you idiots cannot configure your computer thingie right so their expensive and highly intelligent device can connect to it? Because MY thing was expensive and it's very high tech, so if it doesn't work, it OBVIOUSLY has to be that you're too stupid to configure YOUR end!
This is basically why security sucks in such places. Not the physical, mind you. But IT security usually is a mess. And as long as there are computer illiterates who dictate what has to be and what must not be, this also will not change.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
TRASHING! TRASHING! ...no, seriously- they are. :(
This comment will be a long way down the page. At time of writing, there are several comments above all modded to 4/5 saying "hotels have open wifi". Well done.
Did no one read "wireless printers without passwords, servers with outdated and vulnerable software, and unencrypted login pages to back-end databases containing sensitive information" ? Clearly the mods didn't read it any more than the commenters.
Whilst I agree it's a bit of a thin piece, the places where the president goes for 'private stuff' matter. If he's doing a press day talking to kids in school or whatever, then there's no benefit hacking a printer to listen in to what he says. However, when he's hosting someone and playing a friendly round of golf and hanging out in the clubhouse as if the two of them are just two guys and not heads of state - then all of a sudden stuff like open wifi and hackable printers and servers starts to matter a lot more. I have no idea if all that stuff gets switched off when the place gets 'secured' though - knowing that would have made this article a lot more useful.
Just like an unlocked door does not constitute poor security, unless it takes you to a room full of swag or information you should not see. Merely finding some APs (that could simply have been APs on someone's phone) does not make a story.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
he needs to get a tattoo and trenchcoat to walk in there with his secret caddyshack club and spoolspam the printer with thousands of veiny prObama advertisements.
Lookout Donald! oh who is tgis instatiable creature that walks among mere men? So edgy!
Golden$hower$
"We parked a 17-foot motor boat in a lagoon about 800 feet from the back lawn of The Mar-a-Lago Club in Palm Beach and pointed a 2-foot wireless antenna that resembled a potato gun toward the club."
All joking aside, this is an excellent way to get shot. Do not point anything that looks like a 2 foot cannon at the secret service.
Weaselmancer
rediculous.
Just because you find them doesn't mean they aren't bait. It might not be totally complete to say there is no security without going end-to-end and proving it. By going end-to-end and proving it, you would likely incur the wrath of the secret service, and possibly break federal law, so ... I don't recommend (in any way) doing that. Your jail time is on you.
open wifi with an captive portal?
... do it.
It little behooves the best of us to comment on the rest of us.
Which would be, um, evidence.
...are you suggesting that a commercial resort and property organization doesn't have NSA-grade elint protection? /shock.
Curious that many of the people railing about this likely would just as vociferously insist that the Secretary of State talking about classified info her own private shitty email server is "JUST FINE, NOTHING TO SEE HERE FOLKS".
Trumps a narcissistic boob, but this is pretty much going to be the standard for any politician that's NOT from a cultivated political class - ie anyone who has any life other than politics.
-Styopa
I thought we wanted policy discussions to be done out in the open in public? Isn't that called transparency?
Or do you have information about classified information being disclosed in public?
I've done work for two "exclusive" old-money country clubs in my city and both of them are cheap as hell. The members have all the money in the world when it comes to the damn golf course, but IT is dead last on spending.
One of the clubs had to resort to screwing framed pictures to the wall in some areas of the club because members had been caught "borrowing" pictures to display at home. The expensive floral arrangements had to be hidden until after the regular ladies' bridge game because the "ladies" would either take the arrangements completely or create a "take home" arrangement with a big chunk of the flowers. Food, booze, cans of pop, etc. have to be kept under lock and key or under the watch of an employee, at both clubs members were caught literally loading their trunk with cases of stuff.
Members routinely call up and challenge their food and beverage bills, demanding that drink orders and entire meals be refunded because of errors in billing or complaints about the quality of the food. The AR employee tells me that one member in particular demands refunds every month, picking out the most expensive meals on her bill and claiming "these meals were unsatisfactory and I won't pay for them."
IT spending of course suffers. When we put together upgrade proposals (for amounts totaling maybe $20-30k), we occasionally have to meet with board members who present "Google shopping" lists of prices from unknown vendors (likely selling grey market or unlabeled refurbs) and explain why our prices "are so high."
It is no surprise to me that club IT sucks, because club management sucks and members don't want to pay for anything.
The special counsel will get anything by sending the FBI in, no need for hackers.
Good luck wit it, I don't think there are ANY Wi-Fi points at all.
You just figured out how to access the guest network of a resort. You now have the computer skills of a 8 year old. Do you want a prize for your amazing find you fucking retarded click bate piece of shit?
Sorry, you're making shit up, whilst turnuptrump DID yell "GET HIM OUT OF HERE! GET HIM OUT!" to someone who had 100% the right to be there by the American constitution.
Meanwhile not one democratic politician ever said to riot.
So I don't remember anyone scanning President Obama Chicago home, Hawaii locations, celebrity homes he spent time in, golf courses, etc.
We are talking about a resort or golf club. It's the normal practice to have the wifi either open or insecure. I don't see what's the big security issue here. You have to be damn ignorant to believe the president is connected to this network from an insecure device or without a secure VPN. Not sure why BeauHD posted such a dumb article in slashdot... astonishing..
We get it already... progressives are insane with anger and outrage and will light stuff on fire, beat people up, smash windows, shout-down anybody who disagrees with them, and engage in cyber crimes to demonstrate how outraged they are that Hillary ran into a ditch - basically any tactic the SA would actually deplyed in the 1930s or would have deployed had the tech existed.
Gizmodo again? Seriously? I thought they just finished bragging about their attempts to spearphish the Trump Team to prove that anybody could be as dumb as Team Hillary's John Podesta. (except, of course, nobody on the Trump team actually fell for it)
I guess RAGE is allthey got these days and its how they show "love" and "openness" and "tolerance" and "inclusiveness" and "diversity" and all that other touchy-feely bull excrement they shovel into the empty heads of 6-year-olds and Miss America contestants...
There's no evidence that Trump made secret recordings much less destroyed them.
No, of course not. That was just Trumplethinskin shooting its mouth off, "you wanna accuse my of being like Nixon? Well you better hope there are no tapes ..." Hugely stupid even to mention tapes when comparisons with Nixon are being drawn ... how to make up for that? "Oh I know I'll have Kissinger in the Oval Office when I allow US journalists access ... and hey may as well allow Americans into to the WH, those damn Russkie reporters leaked photos of me with my Russkie pals anyway". And nice timing Donald, Comey one day Lavrov the next ... you trollin' us dude?
You can't make this stuff up. How wrong I was to be upset about the election result! Honestly, I had no idea how much I would enjoy the Trump presidency, is Schadenfreude always this much fun? I'm wearing a permanent smile. Got my fingers crossed Donald C. Holster will last at least a year, but fearful he won't last 3 months :(
President Pence is gonna be so damn dull.
Please someone hack Mar-a-lago. Steal some emails. PLEASE.
Then we can chant, "Lock him up", at the next rally.
... but, this isn't a story.
If you have proof that machines hosting sensitive information are connected to these networks or that sensitive information is being transmitted insecurely over these networks, then that would be a story. But, you don't. And why don't you? Because it likely didn't happen.
Trump does plenty of real stupid shit. There is absolutely no need to manufacture fake stupid shit to accuse him of.