Any Half-Decent Hacker Could Break Into Mar-a-Lago

MrCreosote writes: Properties owned and run by the Trump Organization, including places where Trump spends much of his time and has hosted foreign leaders, are a network security nightmare. From a report via ProPublica (co-published with Gizmodo): "We parked a 17-foot motor boat in a lagoon about 800 feet from the back lawn of The Mar-a-Lago Club in Palm Beach and pointed a 2-foot wireless antenna that resembled a potato gun toward the club. Within a minute, we spotted three weakly encrypted Wi-Fi networks. We could have hacked them in less than five minutes, but we refrained. A few days later, we drove through the grounds of the Trump National Golf Club in Bedminster, New Jersey, with the same antenna and aimed it at the clubhouse. We identified two open Wi-Fi networks that anyone could join without a password. We resisted the temptation. We have also visited two of President Donald Trump's other family-run retreats, the Trump International Hotel in Washington, D.C., and a golf club in Sterling, Virginia. Our inspections found weak and open Wi-Fi networks, wireless printers without passwords, servers with outdated and vulnerable software, and unencrypted login pages to back-end databases containing sensitive information. The risks posed by the lax security, experts say, go well beyond simple digital snooping. Sophisticated attackers could take advantage of vulnerabilities in the Wi-Fi networks to take over devices like computers or smart phones and use them to record conversations involving anyone on the premises."

Incoming law enforcement

Dumb news organization admits it broke the law!

Re:Incoming law enforcement

[The+Grim+Reefer]

Dumb news organization admits it broke the law!

Did they? I don't know the specifics of the law in regards to WiFi, but this seems(according to the first half of TFS) no different than someone turning on their laptop in the parking lot of a hotel and noticing that the hotel is one network that they could potentially log onto w/o encryption.

That being said, if that's all they did, then it also doesn't prove one way or the other how secure it is. Most resorts and such have public WiFi. Many don't require any log on at all. As long as all they can do is access the internet and no internal systems, it's working as intended. I've stayed in places that also have unsecured printers outside of the regular network for guests to use.

Our inspections found weak and open Wi-Fi networks, wireless printers without passwords, servers with outdated and vulnerable software, and unencrypted login pages to back-end databases containing sensitive information.

Open WiFi and printers are to be expected for guests to use, as long as they are on a separate network from anything that's not intended to be public. The rest of this statement contradicts the previous statement of:

We resisted the temptation.

Either they did log onto the network and were doing some snooping (in which case they may have broken the law), or they didn't and made this up.

Re:Incoming law enforcement

[Lordpidey]

We resisted the temptation.

Either they did log onto the network and were doing some snooping (in which case they may have broken the law), or they didn't and made this up.

Or, another thing they could have done, is idly listen to the network, and notice that there was printer communication on the network.

Re:Incoming law enforcement

[ganjadude]

seems gawker is still alive sadly

Re:Incoming law enforcement

[shilly]

Most resorts and such have public WiFi.

Most resorts are not used by the President of the United States to conduct his business.

Re:Incoming law enforcement

For the same reason he has international meetings and talks about air strikes in between the main course and dessert in the completely open and unvetted surroundings of the maralago public dining room.

Because he's a venal moron who wants government money to come directly to him.

Re:Incoming law enforcement

[BronsCon]

You're considering the wrong issue. It's not about what visitors might transmit over those networks (which don't appear to be for visitor use in the first place), but the records stored within. There is literally no way a VPN is relevant here.

Re:Incoming law enforcement

[Aighearach]

Because information that would not be sensitive if it relates to an average person or business is sensitive when it relates to the office of the President of the United States.

Things like location and movements of regular people are merely a privacy concern, not a security concern, but movements of people who work for or are meeting with the President of the United States are important secrets. Whatever backend services are connected to the hotspots, they contain sensitive information relating to national security! That's true even if it is just for off-hours internet access. Just having people connected in some way to the office of the President walking in range of a hotspot with electronics in their pocket could be a risk, even if they aren't "connecting" intentionally to any network.

ridiculous story is ridiculous

Because Trump himself configured all of these insecure WiFi points, and not some clubhouse staffer making $12/hr?

Re:ridiculous story is ridiculous

[Feyshtey]

You make a pretty significant assumption that he uses the same network thats configured for use by any schmoe that is at the resort. You also assume that the whole network is not layered and secured appropriately for the level of business being conducted.

This article is itself a rather glaring misdirection, giving limited information in the context of it being all inclusive of the resort's security posture. It's like saying that because every reputable hotel in the world has freely accessible wifi that all hotel chains are easily hackable to their core. This is a hack job of a "report" done with blatantly biased slant and omission of detail.

This is the equivalent of saying that because there are 1000's of US Government websites that face the public domain on port 80 that the federal government as a whole is ripe for intrusion.

Heaven forbid

[fluffernutter]

But heaven forbid, should he be mislead into using a personal email server no one tells him isn't locked down properly.

Re:Heaven forbid

[Dunbal]

There's more than just the email server. There's the destruction of evidence after getting caught. That alone is a big hint that you knew what you were doing was wrong but did it anyway and now you don't want to get caught.

Re:Heaven forbid

[__aaclcg7560]

There's the destruction of evidence after getting caught.

There's no evidence that Trump made secret recordings much less destroyed them.

Re: Heaven forbid

[Tulsa_Time]

Actually the new special counsel can go back into the Obama administration and the Hillary case... be careful what you asked for...

Re: Heaven forbid

Perhaps you could provide evidence of your claim. Oh, that's right, you are a non-paid stupid DNC shill that attempts to make up his own talking points and shows how stupid he is day after day. It isn't happening.

Special prosecutor appointed to look into Russia meddling with US election. Didn't see Trump listed there. As a matter of fact I expect Debbie Schultz and Donna Brazile to be indicated by the time Muller is done. After all we do have actual EVIDENCE they interfered with a US election, the DNC primary, Debbie actually breaking FEC laws in the process.

You may be the dumbest poster on /. day after day. You don't know what you are talking about most of the time and then threaten to shoot people when its pointed out. And then, just to be sure to alienate people who MIGHT be on your side, you post links to your blog over and over to make sure absolutely everyone here hates you. Bennett Hassleton used to be the most disliked poster here, but you have easily taken his place. Congratulations.

And remembers, Seth Rich is the one who leaked DNC emails to WikiLeaks. You are running out of things Russia could have even possibly done at this point. Perhaps we will find out who was hired to kill Mr. Rich. That would be fun to learn.

Re: Heaven forbid

[Tulsa_Time]

Comey already testified that no one had tried to stop the investigation.. so unless he was perjuring himself.... there is nothing to it.

Re: Heaven forbid

[Feyshtey]

Manufactured?

Like the admitted Fast and Furious initiative?
Like the admitted IRS Targeting?
Like the admitted and provable lie that Benghazi was because of a video?
Like the admitted falsehood that "the cops acted stupidly"?
Like the admitted inappropriate conversation of the former President and husband of a subject of FBI investigation having a private meeting with the head of the FBI in a private jet hours before the FBI decides that despite significant findings of negligence that the investigation is not even being handed over to prosecutors?

Sorry, but the "manufactured" scandals all bore fruit. There was just a total lack of will by the press to report it let alone pursue it and instead used every opportunity to excuse it simply because it ran counter to their own political interests. The lack of public pressure that resulted allowed Democrats to quietly move along with little consequence. And apparently you bought into their bullshit hook, line and sinker.

Re: Heaven forbid

[Skuld-Chan]

I don't think there's any evidence that President Obama obstructed justice in any of those investigations. For the "cops acted stupidly" - Obama personally apologized to the cop involved and even went out to lunch with him.

On Benghazi - again no obstructed justice and the Republican Party carried out no less than 7 investigations and found nothing (and if you're thinking only 7 - that's actually more house/senate investigations than 9/11 got).

I mean most of that stuff - the Justice department investigated and found that a lot people made some bad mistakes - nothing malicious.

Wow. You da man. Accessing a public network!

[GLMDesigns]

Now. Show me that you were able to do more than break into the equivalent of Starbucks public network.

Re:Wow. You da man. Accessing a public network!

[stealth_finger]

Now. Show me that you were able to do more than break into the equivalent of Starbucks public network.

Do you not think the actual problem is Trump's private retreat has security the equivalent of a starbucks?

You resisted the temptation?

[Drewdad]

In other words, you know that violating the CFAA has draconian penalties and you want some stupid script kiddie to take the risk for you....

Re:Open wifi

[110010001000]

Yes it is "just a country club". The real question you should be asking is should such a place be used for business that needs to remain secret? No governmental official should be conducting sensitive business in their home office or anywhere else.

The Russians might

Well known Russian spies like Kizlyak might break into his network, and get top secrets, maybe even 'code word' level secrets. Oh wait, all they have to do is visit Trump and ask him and he'll tell them.

There's still the matter of the two spies, one FSB and one ex-FSB which fit the profile of two US contacts source to verify the pee memos. They were arrested for treason just after Trump got the unredacted version of the memos listing the sources that confirmed parts of the memo as true.

So who gave Putin the names of these (likely) US agents? Was that another one of Trumps telephone calls?

http://www.cbsnews.com/news/russia-treason-fsb-spies-kaspersky-labs-us-intelligence-denies-cia-hacking/

"MOSCOW -- Russian news agencies are reporting that former members of the domestic security agency and a cybersecurity expert have been formally charged with treason."

"Reports emerged last week that three officials of the Federal Security Service (FSB) and an executive for cybersecurity company Kaspersky Labs had been arrested for treason. Government officials haven’t commented on the case .... citing a named Russian official said to be close to the Kremlin, Mikhailov was the leader of a covert hacking group known by the name “Humpty Dumpty” that “cooperated with the Ukrainian SBU (security service), which is the same as working for the CIA; he worked with them, which is obviously treason.”

So likely CIA agent names were given to Putin shortly after Trump got access to that data.

McMasters tried to misdirect the leak that you witnessed Trump give to the Russians. But was there all the time? i.e. could Trump have given them more details of other secrets? Trump seems to feel comfortable giving top secrets to Russian spies likes its an everyday thing, so I wonder how much he said that McMasters didn't witness in that session alone.

Okay, so what ?

[nehumanuscrede]

They went all James Bond on folks and pointed their " hacker-antenna " at the building and found weak or unprotected access points.

And ?

Guest access is typically open access which would explain the latter pretty quickly.
Weak access could be any number of networks, but not necessarily one that would be useful to anyone.

I swear, the media is going full Autistic when it comes to trying to destroy EVERYTHING that is Donald Trump. If the information is negative, or can be spun into a negative light, they are making sure the entire world hears about it. 24/7 Regardless if there is any truth to it or not.

Lots and lots of rumors, " secret sources ", and whatnot, but not a shred of concrete evidence.

WTF has happened to journalistic integrity ?

Here, there and everywhere

[Opportunist]

I hope nobody here thinks that this is a Trump-exclusive. He's in really good company, the more exclusive and elitist a club or establishment, the more likely their non-physical security sucks big time. Why? Same reason as everywhere, nobody who could sensibly demand it knows jack shit about it, so why bother throwing money at it? Worse, securing something invariably cuts into its usability. I'm actually surprised those access points had any kind of security. None of the oh-so-important people complained yet that they're too stupid to configure their toy to connect? Oh, sorry, let me rephrase it: None of them complained yet that you idiots cannot configure your computer thingie right so their expensive and highly intelligent device can connect to it? Because MY thing was expensive and it's very high tech, so if it doesn't work, it OBVIOUSLY has to be that you're too stupid to configure YOUR end!

This is basically why security sucks in such places. Not the physical, mind you. But IT security usually is a mess. And as long as there are computer illiterates who dictate what has to be and what must not be, this also will not change.

Re:You would think...

[cyberchondriac]

This whole story screams spin to me, by simple omission of critical details and wording. Humans tend to fill in the blanks with their imaginations. Note that the article states only that they "found 3 weakly encrypted WLANs". Not a word on what other WLANs they may have found (or maybe couldn't detect). So why assume the 3 that they mentioned that they found are the **only** 3 WLANs that they actually found? This article is likely a half-truth, made to create a particular impression. "Hey, we detected 5 WLANs at Mar-a-lago, but look, 3 of them are a security joke! Let's harp on that. " People are going way out of their way to bash Trump with glee, so this seems not at all improbable.
They don't say anything like, "all of the WLANs we found were insecure", or even, "all three WLANS we could detect were insecure", nor do they say, "3 out of the 4 WLANS we found were weakly encrypted" either. This is vague-speak.
Obviously, there are going to be a few normal consumer grade WLANs there, it's a freaking public resort, first and foremost. It's also possible that Trump doesn't use the wireless at all if he's conducting business there, it seems likely his WH security people would recommend using cabled LAN only. He may not be that tech saavy, but the staff should be.

Re:Working as intended

Why would a hacker need to break in though? All you need to do is just talk with Trump to get classified info.