Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Security Communications Government Network Networking Privacy Republicans Wireless Networking Politics

Any Half-Decent Hacker Could Break Into Mar-a-Lago (alternet.org) 327

MrCreosote writes: Properties owned and run by the Trump Organization, including places where Trump spends much of his time and has hosted foreign leaders, are a network security nightmare. From a report via ProPublica (co-published with Gizmodo): "We parked a 17-foot motor boat in a lagoon about 800 feet from the back lawn of The Mar-a-Lago Club in Palm Beach and pointed a 2-foot wireless antenna that resembled a potato gun toward the club. Within a minute, we spotted three weakly encrypted Wi-Fi networks. We could have hacked them in less than five minutes, but we refrained. A few days later, we drove through the grounds of the Trump National Golf Club in Bedminster, New Jersey, with the same antenna and aimed it at the clubhouse. We identified two open Wi-Fi networks that anyone could join without a password. We resisted the temptation. We have also visited two of President Donald Trump's other family-run retreats, the Trump International Hotel in Washington, D.C., and a golf club in Sterling, Virginia. Our inspections found weak and open Wi-Fi networks, wireless printers without passwords, servers with outdated and vulnerable software, and unencrypted login pages to back-end databases containing sensitive information. The risks posed by the lax security, experts say, go well beyond simple digital snooping. Sophisticated attackers could take advantage of vulnerabilities in the Wi-Fi networks to take over devices like computers or smart phones and use them to record conversations involving anyone on the premises."
This discussion has been archived. No new comments can be posted.

Any Half-Decent Hacker Could Break Into Mar-a-Lago

Comments Filter:
  • by Nidi62 ( 1525137 ) on Thursday May 18, 2017 @08:06AM (#54440599)
    Trump just wants to make sure that everyone can see we have the best cyber.
  • Heaven forbid (Score:4, Insightful)

    by fluffernutter ( 1411889 ) on Thursday May 18, 2017 @08:07AM (#54440611)
    But heaven forbid, should he be mislead into using a personal email server no one tells him isn't locked down properly.
    • Re:Heaven forbid (Score:5, Insightful)

      by Dunbal ( 464142 ) * on Thursday May 18, 2017 @08:16AM (#54440681)
      There's more than just the email server. There's the destruction of evidence after getting caught. That alone is a big hint that you knew what you were doing was wrong but did it anyway and now you don't want to get caught.
      • Re: (Score:3, Insightful)

        There's the destruction of evidence after getting caught.

        There's no evidence that Trump made secret recordings much less destroyed them.

        • Re: Heaven forbid (Score:3, Informative)

          by Anonymous Coward

          he's talking about Mrs. Clinton.

          • he's talking about Mrs. Clinton.

            This topic is about Trump, who is being investigated for obstruction of justice.

            • by Dunbal ( 464142 ) *
              The original topic is actually about security at Mar-a-Lago if you want to split hairs, pedant. Discussions tend to vary back and forth around a topic, kind of like music. How interesting is a song that repeats the same fucking note? Oh wait, that's rap.
      • She had a right to delete personal emails. Maybe they should reconsider allowing that.
        • Re: (Score:2, Informative)

          by Dunbal ( 464142 ) *

          When the police comes into your house with a warrant I'm pretty sure you're not allowed to lock certain rooms and bar them from going in there. THEY decide what is "personal" and what is "evidence" - not you. In fact if you DO tell them "please don't look in that drawer" that is the FIRST place they're going to look.

          The deleted personal emails were personal only because we have Hillary's word for it... and the toilet at the crackhouse is running not because someone flushed some drugs down there but someon

  • by GLMDesigns ( 2044134 ) on Thursday May 18, 2017 @08:08AM (#54440615)
    Now. Show me that you were able to do more than break into the equivalent of Starbucks public network.
    • Re: (Score:3, Insightful)

      Now. Show me that you were able to do more than break into the equivalent of Starbucks public network.

      Do you not think the actual problem is Trump's private retreat has security the equivalent of a starbucks?

      • Mar-a-lago is a resort.
        • It is. It is the personal resort of the president of the USA where he goes every weekend and I assume does at least a little bit of work. A resort that is now also filled with lots of people rich and powerful enough to buy access to it plus secret service, fbi and whatever else alphabet agency is relevant. A resort just like any other.
          • "I assume does at least a little bit of work"

            Bingo. You hit the problem. What does that have to do with open access points?
            • Because it's a lot easier to break a network open once you're in. It's not that there's open access points, that's be be expected really. The problem is all the other shitty security. Once someone is in there's no telling where they could go and what they could get is only limited by what's on the network. I wonder how much the members register would be worth? That's before you get to any real sensitive information that might be on there. Do you really expect Trump to vigilant with any of that? If it's as
        • Mar-a-lago is a resort.

          Mar-a-lago is the "Southern White House", according to Trump.

          • Agreed. So what is the real problem here? You get bonus points if you can figure it out (hint: it isn't "open wifi at a public resort")
            • Agreed. So what is the real problem here?

              An open wifi router doesn't matter when Orange Julius is blabbing codeword-level secrets in a bugged Oval Office and appoints foreign agents to his cabinet?

              Did I guess right?

        • Re: (Score:2, Informative)

          Mar-a-lago is a resort.

          So is Camp David. Which one is more secure for national security?

      • by GLMDesigns ( 2044134 ) on Thursday May 18, 2017 @08:47AM (#54440939)
        Sorry this is a public resort. It's a golf club, public events are held there. And yes. Trump has a private residence there. I'm pretty sure there is more than one network there.

        This is analogous to Trump owning the Waldorf Hotel and having a suite there and someone hacking the hotel's public network. Big deal. Again, that's the equivalent of hacking a Starbucks.
    • Now. Show me that you were able to do more than break into the equivalent of Starbucks public network.

      The point of the report was to show the state of security regarding locations where the President of the United States often conducts official business.

      By comparison, who gives a flying fuck about Starbucks hotspots and spying on arguments over avocado toast recipes between two hipster douchebags.

      • "where the President of the United States often conducts official business"

        Gee. See any problem here? What does that have to do with open access points at a public resort?
  • That Trump would spend top dollar on network security. But this is the same guy who tweets and calls old buddies on an insecure cellphone. Your tax dollars at work.
    • Really? You would secure a public network? This is like Starbucks or any hotel public access network. It's not meant for secure communications. Anybody going there probably connects via a company supplied and supported VPN anyway.
      • You would secure a public network?

        Yes. At this moment I'm on the express bus and using wifi, which requires that I agree to the terms of access. No agreement, no access. That's different from a wide open access point.

        • How is it different? I earn $55k doing IT support in Silicon Valley and I don't see the difference.
          • I earn $55k doing IT support in Silicon Valley and I don't see the difference.

            Only a douchebag would brag about making proverty wages in Silicon Valley. :p

      • by idji ( 984038 )
        It's not about building a VPN back to your secure network. it is about someone sitting outside Mar a Lago and controlling a computer near a table that Trump is talking to the Japanese Prime Minister at and listening/watching in on the conversation, or knowing who is a guest there.
        • Surely the answer to that is not to allow computers in secure environments. Mar-a-lago is a country club.
        • No. They're access the public network. This is a public space. It's a golf course. Public events are held there. Accessing the public network doesn't mean anything. Why would the public access for golfers be secured?

          If a golfer wanted to send confidential information back to his office then he would use a VPN, just like he does in any public space.

          Re your scenario - that would only be possible when they are strolling through the public areas - i'm pretty sure the Secret Service of both the US and J
    • by cyberchondriac ( 456626 ) on Thursday May 18, 2017 @10:48AM (#54441817) Journal

      This whole story screams spin to me, by simple omission of critical details and wording. Humans tend to fill in the blanks with their imaginations. Note that the article states only that they "found 3 weakly encrypted WLANs". Not a word on what other WLANs they may have found (or maybe couldn't detect). So why assume the 3 that they mentioned that they found are the **only** 3 WLANs that they actually found? This article is likely a half-truth, made to create a particular impression. "Hey, we detected 5 WLANs at Mar-a-lago, but look, 3 of them are a security joke! Let's harp on that. " People are going way out of their way to bash Trump with glee, so this seems not at all improbable.
      They don't say anything like, "all of the WLANs we found were insecure", or even, "all three WLANS we could detect were insecure", nor do they say, "3 out of the 4 WLANS we found were weakly encrypted" either. This is vague-speak.
      Obviously, there are going to be a few normal consumer grade WLANs there, it's a freaking public resort, first and foremost. It's also possible that Trump doesn't use the wireless at all if he's conducting business there, it seems likely his WH security people would recommend using cabled LAN only. He may not be that tech saavy, but the staff should be.

  • Open wifi isn't necessarily a security risk. Every Starbucks has one.
    • Except for the ones in Seattle. Because Directors Rules. They only have dial-up.
  • Good thing that you pointed this out..
  • by Drewdad ( 1738014 ) on Thursday May 18, 2017 @08:11AM (#54440647)

    In other words, you know that violating the CFAA has draconian penalties and you want some stupid script kiddie to take the risk for you....

  • by ardmhacha ( 192482 ) on Thursday May 18, 2017 @08:27AM (#54440751)

    Most hotels in the US now seem to provide wifi. In my experience it is secured by either an easily available password or a login page. Many guests expect easy to use wifi.

    In such circumstances is it possible to have secure wifi?

    • Why would it need to be secure? Against what? Being used?
    • Re: (Score:3, Informative)

      by AmiMoJo ( 196126 )

      Yes. WPA2 provides isolation between users, for example, so you can't simply wireshark everyone else's traffic. WEP is broken and doesn't provide adequate isolation any more.

      If their APs/routers are using WEP, chances are they are out of date and vulnerable to other attacks. If someone can get into the router, they can change things like the default gateway, DNS settings or maybe tunnel traffic through their own VPN.

      I'm surprised that the security services have not helped them to secure their systems, consi

  • HACK THE PLANET!
  • I wonder how many public networks Camp David has.
    • Re: Public WiFi (Score:2, Flamebait)

      by Entrope ( 68843 )

      Given that Camp David isn't a public resort or golf course or whatever, probably none. How far below room temperature is your IQ?

  • by bobbied ( 2522392 ) on Thursday May 18, 2017 @08:36AM (#54440841)

    I have a feeling you will be intercepted and detained if you try this during a Trump visit.

    The exclusion zone for boats, cars and aircraft is pretty invasive and I believe their choice of locations would be off limits.

    Then there is the whole, what did you actually hack into? A lightly defended public WiFi network where the WEP key is on a sign in the lobby? Heck, even the Point of Sale and reservations systems? How's that an issue for national security? It's not like we don't already know when Trump is there and when he's not... What else you got? The ability to charge Trump's room for some pay-per-view movie? Yea that might embarrass him I guess...

  • by laughingskeptic ( 1004414 ) on Thursday May 18, 2017 @08:39AM (#54440873)
    and read the sign that says "This month's WiFi Password is GOLF". It's a country club. They assume you belong there, unless you don't look like you belong there. What is the point of securing a network that has a publicly available password?
    • by Nidi62 ( 1525137 )

      and read the sign that says "This month's WiFi Password is GOLF". It's a country club. They assume you belong there, unless you don't look like you belong there. What is the point of securing a network that has a publicly available password?

      The point is probably that Trump is at Mar a Lago at least once a month and has already been reported having policy discussions out in the open in public. If someone were to get into the network and compromise a few machines to use as listening or recording devices, they might find something out a good 6 hours before Trump tweets it. That's a significant security risk.

  • This would be different from a majority of the companies and some government networks... how? Security has always been an after thought for most companies as it is deemed too expensive. Maybe the hacking will escalate the costs to a point that they will start paying attention to it a little more.

    • It's different because these places are open to the general public, and they want to provide amenities like WiFi access and printers to people they haven't screened. They *want* some of their systems to be easy to access. That doesn't mean they use those systems for anything proprietary or confidential.

  • Okay, so what ? (Score:4, Insightful)

    by nehumanuscrede ( 624750 ) on Thursday May 18, 2017 @08:51AM (#54440973)

    They went all James Bond on folks and pointed their " hacker-antenna " at the building and found weak or unprotected access points.

    And ?

    Guest access is typically open access which would explain the latter pretty quickly.
    Weak access could be any number of networks, but not necessarily one that would be useful to anyone.

    I swear, the media is going full Autistic when it comes to trying to destroy EVERYTHING that is Donald Trump. If the information is negative, or can be spun into a negative light, they are making sure the entire world hears about it. 24/7 Regardless if there is any truth to it or not.

    Lots and lots of rumors, " secret sources ", and whatnot, but not a shred of concrete evidence.

    WTF has happened to journalistic integrity ?

  • by tobiasly ( 524456 ) on Thursday May 18, 2017 @09:04AM (#54441073) Homepage

    "Any Half-Decent Hacker Could Break Into Pretty Much Any Hotel, Coffee Shop or Car Dealership In The Country Because Their Networks Are Set Up By Someone Who Has No Clue About Security."

    FTFY

  • by Opportunist ( 166417 ) on Thursday May 18, 2017 @09:12AM (#54441105)

    I hope nobody here thinks that this is a Trump-exclusive. He's in really good company, the more exclusive and elitist a club or establishment, the more likely their non-physical security sucks big time. Why? Same reason as everywhere, nobody who could sensibly demand it knows jack shit about it, so why bother throwing money at it? Worse, securing something invariably cuts into its usability. I'm actually surprised those access points had any kind of security. None of the oh-so-important people complained yet that they're too stupid to configure their toy to connect? Oh, sorry, let me rephrase it: None of them complained yet that you idiots cannot configure your computer thingie right so their expensive and highly intelligent device can connect to it? Because MY thing was expensive and it's very high tech, so if it doesn't work, it OBVIOUSLY has to be that you're too stupid to configure YOUR end!

    This is basically why security sucks in such places. Not the physical, mind you. But IT security usually is a mess. And as long as there are computer illiterates who dictate what has to be and what must not be, this also will not change.

  • A long way down.... (Score:5, Interesting)

    by coofercat ( 719737 ) on Thursday May 18, 2017 @09:19AM (#54441147) Homepage Journal

    This comment will be a long way down the page. At time of writing, there are several comments above all modded to 4/5 saying "hotels have open wifi". Well done.

    Did no one read "wireless printers without passwords, servers with outdated and vulnerable software, and unencrypted login pages to back-end databases containing sensitive information" ? Clearly the mods didn't read it any more than the commenters.

    Whilst I agree it's a bit of a thin piece, the places where the president goes for 'private stuff' matter. If he's doing a press day talking to kids in school or whatever, then there's no benefit hacking a printer to listen in to what he says. However, when he's hosting someone and playing a friendly round of golf and hanging out in the clubhouse as if the two of them are just two guys and not heads of state - then all of a sudden stuff like open wifi and hackable printers and servers starts to matter a lot more. I have no idea if all that stuff gets switched off when the place gets 'secured' though - knowing that would have made this article a lot more useful.

  • So there were some open or barely protected wifi access points? That is itself tells you nothing. They are only a security problem if they lead to confidential information. Their presence on its own means nothing.

    Just like an unlocked door does not constitute poor security, unless it takes you to a room full of swag or information you should not see. Merely finding some APs (that could simply have been APs on someone's phone) does not make a story.

  • by swb ( 14022 ) on Thursday May 18, 2017 @11:14AM (#54442025)

    I've done work for two "exclusive" old-money country clubs in my city and both of them are cheap as hell. The members have all the money in the world when it comes to the damn golf course, but IT is dead last on spending.

    One of the clubs had to resort to screwing framed pictures to the wall in some areas of the club because members had been caught "borrowing" pictures to display at home. The expensive floral arrangements had to be hidden until after the regular ladies' bridge game because the "ladies" would either take the arrangements completely or create a "take home" arrangement with a big chunk of the flowers. Food, booze, cans of pop, etc. have to be kept under lock and key or under the watch of an employee, at both clubs members were caught literally loading their trunk with cases of stuff.

    Members routinely call up and challenge their food and beverage bills, demanding that drink orders and entire meals be refunded because of errors in billing or complaints about the quality of the food. The AR employee tells me that one member in particular demands refunds every month, picking out the most expensive meals on her bill and claiming "these meals were unsatisfactory and I won't pay for them."

    IT spending of course suffers. When we put together upgrade proposals (for amounts totaling maybe $20-30k), we occasionally have to meet with board members who present "Google shopping" lists of prices from unknown vendors (likely selling grey market or unlabeled refurbs) and explain why our prices "are so high."

    It is no surprise to me that club IT sucks, because club management sucks and members don't want to pay for anything.

After the last of 16 mounting screws has been removed from an access cover, it will be discovered that the wrong access cover has been removed.

Working...