Slashdot Mirror
Any Half-Decent Hacker Could Break Into Mar-a-Lago (alternet.org)
MrCreosote writes: Properties owned and run by the Trump Organization, including places where Trump spends much of his time and has hosted foreign leaders, are a network security nightmare. From a report via ProPublica (co-published with Gizmodo): "We parked a 17-foot motor boat in a lagoon about 800 feet from the back lawn of The Mar-a-Lago Club in Palm Beach and pointed a 2-foot wireless antenna that resembled a potato gun toward the club. Within a minute, we spotted three weakly encrypted Wi-Fi networks. We could have hacked them in less than five minutes, but we refrained. A few days later, we drove through the grounds of the Trump National Golf Club in Bedminster, New Jersey, with the same antenna and aimed it at the clubhouse. We identified two open Wi-Fi networks that anyone could join without a password. We resisted the temptation. We have also visited two of President Donald Trump's other family-run retreats, the Trump International Hotel in Washington, D.C., and a golf club in Sterling, Virginia. Our inspections found weak and open Wi-Fi networks, wireless printers without passwords, servers with outdated and vulnerable software, and unencrypted login pages to back-end databases containing sensitive information. The risks posed by the lax security, experts say, go well beyond simple digital snooping. Sophisticated attackers could take advantage of vulnerabilities in the Wi-Fi networks to take over devices like computers or smart phones and use them to record conversations involving anyone on the premises."
Trump just wants to make sure that everyone can see we have the best cyber.
The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
Now. Show me that you were able to do more than break into the equivalent of Starbucks public network.
If you're scared of your govt then you need to further restrict its powers
Vote 3rd Party in 2016 and beyond
There's more than just the email server. There's the destruction of evidence after getting caught. That alone is a big hint that you knew what you were doing was wrong but did it anyway and now you don't want to get caught.
Seven puppies were harmed during the making of this post.
They did not connect to the unprotected networks (i.e. networks that are open, by design). They also did not connect to the weakly protected networks (which would have been illegal, but their point was that hackers and foreign governments could easily access them).
#DeleteFacebook
Dumb news organization admits it broke the law!
Did they? I don't know the specifics of the law in regards to WiFi, but this seems(according to the first half of TFS) no different than someone turning on their laptop in the parking lot of a hotel and noticing that the hotel is one network that they could potentially log onto w/o encryption.
That being said, if that's all they did, then it also doesn't prove one way or the other how secure it is. Most resorts and such have public WiFi. Many don't require any log on at all. As long as all they can do is access the internet and no internal systems, it's working as intended. I've stayed in places that also have unsecured printers outside of the regular network for guests to use.
Our inspections found weak and open Wi-Fi networks, wireless printers without passwords, servers with outdated and vulnerable software, and unencrypted login pages to back-end databases containing sensitive information.
Open WiFi and printers are to be expected for guests to use, as long as they are on a separate network from anything that's not intended to be public. The rest of this statement contradicts the previous statement of:
We resisted the temptation.
Either they did log onto the network and were doing some snooping (in which case they may have broken the law), or they didn't and made this up.
Yes it is "just a country club". The real question you should be asking is should such a place be used for business that needs to remain secret? No governmental official should be conducting sensitive business in their home office or anywhere else.
1. Was this done with written permission from the network owner? If not, you opened yourself up to legal action by the network owner if they choose to pursue it.
Listening to SSID broadcast is hardly illegal.
Some people encrypt by using rot-13 twice. I prefer the more secure method of using rot-1 a total of twenty six times.
This comment will be a long way down the page. At time of writing, there are several comments above all modded to 4/5 saying "hotels have open wifi". Well done.
Did no one read "wireless printers without passwords, servers with outdated and vulnerable software, and unencrypted login pages to back-end databases containing sensitive information" ? Clearly the mods didn't read it any more than the commenters.
Whilst I agree it's a bit of a thin piece, the places where the president goes for 'private stuff' matter. If he's doing a press day talking to kids in school or whatever, then there's no benefit hacking a printer to listen in to what he says. However, when he's hosting someone and playing a friendly round of golf and hanging out in the clubhouse as if the two of them are just two guys and not heads of state - then all of a sudden stuff like open wifi and hackable printers and servers starts to matter a lot more. I have no idea if all that stuff gets switched off when the place gets 'secured' though - knowing that would have made this article a lot more useful.
Most resorts and such have public WiFi.
Most resorts are not used by the President of the United States to conduct his business.
Why would the Russians care? They get invited to the White House to receive the classified information they want - no need for hacking.
For the same reason he has international meetings and talks about air strikes in between the main course and dessert in the completely open and unvetted surroundings of the maralago public dining room.
Because he's a venal moron who wants government money to come directly to him.
Because he's an arrogant prick who thinks that he can do whatever he wants without consequences.
Mr. Hu is not a ninja.
You make a pretty significant assumption that he uses the same network thats configured for use by any schmoe that is at the resort. You also assume that the whole network is not layered and secured appropriately for the level of business being conducted.
This article is itself a rather glaring misdirection, giving limited information in the context of it being all inclusive of the resort's security posture. It's like saying that because every reputable hotel in the world has freely accessible wifi that all hotel chains are easily hackable to their core. This is a hack job of a "report" done with blatantly biased slant and omission of detail.
This is the equivalent of saying that because there are 1000's of US Government websites that face the public domain on port 80 that the federal government as a whole is ripe for intrusion.
"But we have to pass the bill so that you can find out what is in it,..." - Nancy Pelosi
Manufactured?
Like the admitted Fast and Furious initiative?
Like the admitted IRS Targeting?
Like the admitted and provable lie that Benghazi was because of a video?
Like the admitted falsehood that "the cops acted stupidly"?
Like the admitted inappropriate conversation of the former President and husband of a subject of FBI investigation having a private meeting with the head of the FBI in a private jet hours before the FBI decides that despite significant findings of negligence that the investigation is not even being handed over to prosecutors?
Sorry, but the "manufactured" scandals all bore fruit. There was just a total lack of will by the press to report it let alone pursue it and instead used every opportunity to excuse it simply because it ran counter to their own political interests. The lack of public pressure that resulted allowed Democrats to quietly move along with little consequence. And apparently you bought into their bullshit hook, line and sinker.
"But we have to pass the bill so that you can find out what is in it,..." - Nancy Pelosi
I've done work for two "exclusive" old-money country clubs in my city and both of them are cheap as hell. The members have all the money in the world when it comes to the damn golf course, but IT is dead last on spending.
One of the clubs had to resort to screwing framed pictures to the wall in some areas of the club because members had been caught "borrowing" pictures to display at home. The expensive floral arrangements had to be hidden until after the regular ladies' bridge game because the "ladies" would either take the arrangements completely or create a "take home" arrangement with a big chunk of the flowers. Food, booze, cans of pop, etc. have to be kept under lock and key or under the watch of an employee, at both clubs members were caught literally loading their trunk with cases of stuff.
Members routinely call up and challenge their food and beverage bills, demanding that drink orders and entire meals be refunded because of errors in billing or complaints about the quality of the food. The AR employee tells me that one member in particular demands refunds every month, picking out the most expensive meals on her bill and claiming "these meals were unsatisfactory and I won't pay for them."
IT spending of course suffers. When we put together upgrade proposals (for amounts totaling maybe $20-30k), we occasionally have to meet with board members who present "Google shopping" lists of prices from unknown vendors (likely selling grey market or unlabeled refurbs) and explain why our prices "are so high."
It is no surprise to me that club IT sucks, because club management sucks and members don't want to pay for anything.
You're considering the wrong issue. It's not about what visitors might transmit over those networks (which don't appear to be for visitor use in the first place), but the records stored within. There is literally no way a VPN is relevant here.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.