Any Half-Decent Hacker Could Break Into Mar-a-Lago (alternet.org) 93

Posted by BeauHD from the private-investigators dept.
MrCreosote writes: Properties owned and run by the Trump Organization, including places where Trump spends much of his time and has hosted foreign leaders, are a network security nightmare. From a report via ProPublica (co-published with Gizmodo): "We parked a 17-foot motor boat in a lagoon about 800 feet from the back lawn of The Mar-a-Lago Club in Palm Beach and pointed a 2-foot wireless antenna that resembled a potato gun toward the club. Within a minute, we spotted three weakly encrypted Wi-Fi networks. We could have hacked them in less than five minutes, but we refrained. A few days later, we drove through the grounds of the Trump National Golf Club in Bedminster, New Jersey, with the same antenna and aimed it at the clubhouse. We identified two open Wi-Fi networks that anyone could join without a password. We resisted the temptation. We have also visited two of President Donald Trump's other family-run retreats, the Trump International Hotel in Washington, D.C., and a golf club in Sterling, Virginia. Our inspections found weak and open Wi-Fi networks, wireless printers without passwords, servers with outdated and vulnerable software, and unencrypted login pages to back-end databases containing sensitive information. The risks posed by the lax security, experts say, go well beyond simple digital snooping. Sophisticated attackers could take advantage of vulnerabilities in the Wi-Fi networks to take over devices like computers or smart phones and use them to record conversations involving anyone on the premises."

  • Trump just wants to make sure that everyone can see we have the best cyber.
  • But heaven forbid, should he be mislead into using a personal email server no one tells him isn't locked down properly.

    • Re: (Score:2)

      by Dunbal ( 464142 ) *
      There's more than just the email server. There's the destruction of evidence after getting caught. That alone is a big hint that you knew what you were doing was wrong but did it anyway and now you don't want to get caught.

      • Re: (Score:2)

        by creimer ( 824291 )

        There's the destruction of evidence after getting caught.

        There's no evidence that Trump made secret recordings much less destroyed them.

      • She had a right to delete personal emails. Maybe they should reconsider allowing that.

        • Re: (Score:1)

          by doggo ( 34827 )

          Stop picking on Ivanka!

        • Re: (Score:3)

          by Dunbal ( 464142 ) *

          When the police comes into your house with a warrant I'm pretty sure you're not allowed to lock certain rooms and bar them from going in there. THEY decide what is "personal" and what is "evidence" - not you. In fact if you DO tell them "please don't look in that drawer" that is the FIRST place they're going to look.

          The deleted personal emails were personal only because we have Hillary's word for it... and the toilet at the crackhouse is running not because someone flushed some drugs down there but someon

  • Wow. You da man. Accessing a public network! (Score:5, Insightful)

    by GLMDesigns ( 2044134 ) on Thursday May 18, 2017 @09:08AM (#54440615)
    Now. Show me that you were able to do more than break into the equivalent of Starbucks public network.

    • Now. Show me that you were able to do more than break into the equivalent of Starbucks public network.

      Do you not think the actual problem is Trump's private retreat has security the equivalent of a starbucks?

  • That Trump would spend top dollar on network security. But this is the same guy who tweets and calls old buddies on an insecure cellphone. Your tax dollars at work.
    • Really? You would secure a public network? This is like Starbucks or any hotel public access network. It's not meant for secure communications. Anybody going there probably connects via a company supplied and supported VPN anyway.

      • Re: (Score:2)

        by creimer ( 824291 )

        You would secure a public network?

        Yes. At this moment I'm on the express bus and using wifi, which requires that I agree to the terms of access. No agreement, no access. That's different from a wide open access point.

        • How is it different? I earn $55k doing IT support in Silicon Valley and I don't see the difference.

          • Re: (Score:2)

            by creimer ( 824291 )

            I earn $55k doing IT support in Silicon Valley and I don't see the difference.

            Only a douchebag would brag about making proverty wages in Silicon Valley. :p

      • Re: (Score:2)

        by idji ( 984038 )
        It's not about building a VPN back to your secure network. it is about someone sitting outside Mar a Lago and controlling a computer near a table that Trump is talking to the Japanese Prime Minister at and listening/watching in on the conversation, or knowing who is a guest there.
        • Surely the answer to that is not to allow computers in secure environments. Mar-a-lago is a country club.
        • No. They're access the public network. This is a public space. It's a golf course. Public events are held there. Accessing the public network doesn't mean anything. Why would the public access for golfers be secured?

          If a golfer wanted to send confidential information back to his office then he would use a VPN, just like he does in any public space.

          Re your scenario - that would only be possible when they are strolling through the public areas - i'm pretty sure the Secret Service of both the US and J
  • Open wifi isn't necessarily a security risk. Every Starbucks has one.
    • Except for the ones in Seattle. Because Directors Rules. They only have dial-up.
  • Good thing that you pointed this out..

  • You resisted the temptation? (Score:3)

    by Drewdad ( 1738014 ) on Thursday May 18, 2017 @09:11AM (#54440647)

    In other words, you know that violating the CFAA has draconian penalties and you want some stupid script kiddie to take the risk for you....

  • Is secure hotel wifi possible? (Score:4, Interesting)

    by ardmhacha ( 192482 ) on Thursday May 18, 2017 @09:27AM (#54440751)

    Most hotels in the US now seem to provide wifi. In my experience it is secured by either an easily available password or a login page. Many guests expect easy to use wifi.

    In such circumstances is it possible to have secure wifi?

  • HACK THE PLANET!
  • I wonder how many public networks Camp David has.

  • I have a feeling you will be intercepted and detained if you try this during a Trump visit.

    The exclusion zone for boats, cars and aircraft is pretty invasive and I believe their choice of locations would be off limits.

    Then there is the whole, what did you actually hack into? A lightly defended public WiFi network where the WEP key is on a sign in the lobby? Heck, even the Point of Sale and reservations systems? How's that an issue for national security? It's not like we don't already know when Trump is

  • All they had to do was walk in (Score:4, Informative)

    by laughingskeptic ( 1004414 ) on Thursday May 18, 2017 @09:39AM (#54440873)
    and read the sign that says "This month's WiFi Password is GOLF". It's a country club. They assume you belong there, unless you don't look like you belong there. What is the point of securing a network that has a publicly available password?

  • This would be different from a majority of the companies and some government networks... how? Security has always been an after thought for most companies as it is deemed too expensive. Maybe the hacking will escalate the costs to a point that they will start paying attention to it a little more.

    • It's different because these places are open to the general public, and they want to provide amenities like WiFi access and printers to people they haven't screened. They *want* some of their systems to be easy to access. That doesn't mean they use those systems for anything proprietary or confidential.

  • They went all James Bond on folks and pointed their " hacker-antenna " at the building and found weak or unprotected access points.

    And ?

    Guest access is typically open access which would explain the latter pretty quickly.
    Weak access could be any number of networks, but not necessarily one that would be useful to anyone.

    I swear, the media is going full Autistic when it comes to trying to destroy EVERYTHING that is Donald Trump. If the information is negative, or can be spun into a negative light, they are ma

  • "Any Half-Decent Hacker Could Break Into Pretty Much Any Hotel, Coffee Shop or Car Dealership In The Country Because Their Networks Are Set Up By Someone Who Has No Clue About Security."

    FTFY

