Any Half-Decent Hacker Could Break Into Mar-a-Lago

MrCreosote writes: Properties owned and run by the Trump Organization, including places where Trump spends much of his time and has hosted foreign leaders, are a network security nightmare. From a report via ProPublica (co-published with Gizmodo): "We parked a 17-foot motor boat in a lagoon about 800 feet from the back lawn of The Mar-a-Lago Club in Palm Beach and pointed a 2-foot wireless antenna that resembled a potato gun toward the club. Within a minute, we spotted three weakly encrypted Wi-Fi networks. We could have hacked them in less than five minutes, but we refrained. A few days later, we drove through the grounds of the Trump National Golf Club in Bedminster, New Jersey, with the same antenna and aimed it at the clubhouse. We identified two open Wi-Fi networks that anyone could join without a password. We resisted the temptation. We have also visited two of President Donald Trump's other family-run retreats, the Trump International Hotel in Washington, D.C., and a golf club in Sterling, Virginia. Our inspections found weak and open Wi-Fi networks, wireless printers without passwords, servers with outdated and vulnerable software, and unencrypted login pages to back-end databases containing sensitive information. The risks posed by the lax security, experts say, go well beyond simple digital snooping. Sophisticated attackers could take advantage of vulnerabilities in the Wi-Fi networks to take over devices like computers or smart phones and use them to record conversations involving anyone on the premises."

Is secure hotel wifi possible?

[ardmhacha]

Most hotels in the US now seem to provide wifi. In my experience it is secured by either an easily available password or a login page. Many guests expect easy to use wifi.

In such circumstances is it possible to have secure wifi?

A long way down....

[coofercat]

This comment will be a long way down the page. At time of writing, there are several comments above all modded to 4/5 saying "hotels have open wifi". Well done.

Did no one read "wireless printers without passwords, servers with outdated and vulnerable software, and unencrypted login pages to back-end databases containing sensitive information" ? Clearly the mods didn't read it any more than the commenters.

Whilst I agree it's a bit of a thin piece, the places where the president goes for 'private stuff' matter. If he's doing a press day talking to kids in school or whatever, then there's no benefit hacking a printer to listen in to what he says. However, when he's hosting someone and playing a friendly round of golf and hanging out in the clubhouse as if the two of them are just two guys and not heads of state - then all of a sudden stuff like open wifi and hackable printers and servers starts to matter a lot more. I have no idea if all that stuff gets switched off when the place gets 'secured' though - knowing that would have made this article a lot more useful.

Far worse than that

[Weaselmancer]

"We parked a 17-foot motor boat in a lagoon about 800 feet from the back lawn of The Mar-a-Lago Club in Palm Beach and pointed a 2-foot wireless antenna that resembled a potato gun toward the club."

All joking aside, this is an excellent way to get shot. Do not point anything that looks like a 2 foot cannon at the secret service.

Re:ridiculous story is ridiculous

[Feyshtey]

You don't become a billionaire (or whatever he is) by tipping your hand to your competitors. You don't make enemies along the way either, who'd love to air your dirty laundry or destroy your reputation, or harm you business in a variety of other ways. With the volume of people that Trump and his empire have stomped on over a period of decades you don't think he's learned to be paranoid? If he hadn't there'd be tons of stories about him to present that the press would be creaming their shorts over just trying to decide which to release first.

Private clubs are cheap as fuck

[swb]

I've done work for two "exclusive" old-money country clubs in my city and both of them are cheap as hell. The members have all the money in the world when it comes to the damn golf course, but IT is dead last on spending.

One of the clubs had to resort to screwing framed pictures to the wall in some areas of the club because members had been caught "borrowing" pictures to display at home. The expensive floral arrangements had to be hidden until after the regular ladies' bridge game because the "ladies" would either take the arrangements completely or create a "take home" arrangement with a big chunk of the flowers. Food, booze, cans of pop, etc. have to be kept under lock and key or under the watch of an employee, at both clubs members were caught literally loading their trunk with cases of stuff.

Members routinely call up and challenge their food and beverage bills, demanding that drink orders and entire meals be refunded because of errors in billing or complaints about the quality of the food. The AR employee tells me that one member in particular demands refunds every month, picking out the most expensive meals on her bill and claiming "these meals were unsatisfactory and I won't pay for them."

IT spending of course suffers. When we put together upgrade proposals (for amounts totaling maybe $20-30k), we occasionally have to meet with board members who present "Google shopping" lists of prices from unknown vendors (likely selling grey market or unlabeled refurbs) and explain why our prices "are so high."

It is no surprise to me that club IT sucks, because club management sucks and members don't want to pay for anything.