The abysmal information security at Trump properties has probably already compromised US secrets
Propublica and Gizmodo sent a penetration-testing team to Mar-a-Lago, the Trump resort that has been at the center of series of controversial potential breaches of US military secrecy (for example, loudly discussing sensitive information about the North Korean missile launch in the club’s full, public dining room); they discovered that it would be child’s play to hack the Mar-a-Lago networks, and that indeed, the networks have almost certainly already been hacked.
The team found multiple unsecured wireless networks, unsecured and open wireless printers, misconfigured routers, an unsecured website from which they could “download a database that appears to include sensitive information on the club’s members and their families” and more.
They also inspected other Trump properties in which the president has conducted sensitive, highly secret government business, and found more open wifi networks from which they could access internal networks that relied on a 13-year-old software tool to protect it.
American presidents usually holiday at Camp David, a property secured by the US military with resources drawn from a $64m annual technology maintenance budget and a $2m budget earmarked for “defense solutions, personnel, techniques, and best practices to defend, detect, and mitigate cyber-based threats” (these budgets also cover the White House’s information security).
By contrast, Mar-A-Lago budgets $442,931 for security. Last year, the Trump Organization paid $50,000 “to settle charges brought by the New York attorney general that it had not properly disclosed the loss of more than 70,000 credit card numbers and 302 Social Security numbers” that were leaked “due to poor security.”
A Trump Organization spokesperson says that Mar-a-Lago follows “cybersecurity best practices.”