The White House Network May Be Secure, but Trump Properties Are Not

President Trump spends a significant amount of time away from the White House at his own real estate properties, where some experts worry he is potentially exposing his and his staff’s digital communications to prying eyes.

President Trump’s preference for spending weekends at his family-owned properties has become a hot-button partisan issue. While the president’s critics have their reasons for attacking that preference, there’s one thing that Americans on both sides of the aisle should be able to agree on: wherever Trump is staying, it’s important that his communications remain secure.

But a revealing report by ProPublica and Gizmodo makes clear that in many instances, the president’s network security leaves much to be desired. A number of Trump’s weekend haunts — including The Mar-a-Lago Club in Palm Beach, FL, the Trump National Golf Clubs in Bedminster, NJ, and Sterling, VA, and the Trump International Hotel in Washington, D.C. — maintain poor cyber security protocols.

For context, consider the fact that the Defense Information Systems Agency spent more than $64 million to maintain the communications networks at the White House and Camp David in 2016; it spent an additional $2 million on “defense solutions, personnel, techniques, and best practices to defend, detect, and mitigate cyber-based threats” to those two critical locations. Conversely, the total security budget — covering both cyber and physical security — of Mar-a-Lago in 2016 was just under $443,000.

There is simply no way for the president’s private properties to uphold the same kind of strict cyber security measures practiced at places like the White House or the military-run Camp David. As a result, the likes of Mar-a-Lago are exposed to a wide variety of potential cyber security threats.

Lackluster Cyber Security at the Trump Family’s Properties

First, the authors of the ProPublica and Gizmodo exposé revealed that they encountered both a Wi-Fi-enabled printer/scanner and a misconfigured, unencrypted wireless router at Mar-a-Lago. A moderately skilled hacker would have little trouble gaining access to every document the printer/scanner processed, and depending on how the device is hooked up to Mar-a-Lago’s wireless infrastructure, could even use it as an entry point to infiltrate the property’s entire network.

The router presents similar concerns, and could represent an even wider entryway into the Mar-a-Lago network. Such unauthorized wireless devices are referred to as rogue access points by network security specialists, and are installed without the permission of the administrator due either to ignorance of the security threats it presents or a deliberate effort to exploit them.

After renting a small motorboat in order to get closer to the property, the reporters discovered an additional cyber security soft spot: three wireless networks protected only by Wired Equivalent Privacy (WEP) encryption. WEP encryption is so weak and outdated that, in 2015, the FBI managed to hack a WEP-protected wireless LAN in just three minutes. While there’s no evidence that President Trump connects any of his devices to these networks, the mere possibility of the president or another high-level official using such easily compromised networks is certainly concerning.

Even if President Trump takes advantage of the portable secure communications equipment his predecessors did, a sophisticated hacker could exploit the WEP-encrypted Mar-a-Lago networks and seize control of any smartphone, tablet, or computer connected to them, effectively transforming these devices into mobile audio recorders.

The cyber security protocols in place at the Trump family’s other properties leave just as much to be desired. The Trump National Golf Club in Bedminster, NJ, maintains two open Wi-Fi networks (networks that don’t require a password to join), and any unencrypted information transmitted over these networks is highly susceptible to interception. At Trump National Golf Club in Sterling, VA, the ProPublica and Gizmodo reporters found an improperly configured backend server that could enable anybody to intercept administrators’ login credentials, thereby gaining access to all of the club’s digital systems.

Evaluating Your Own Cyber Security Risks

Ultimately, the cyber security flaws discovered at the Trump family’s private properties are all too common in large commercial networks around the country. Fortunately, enterprises that are worried about their own network security have seasoned experts they can turn to. At Turn-key Technologies, Inc, we routinely conduct thorough audits of a wide variety of network setups and, when there’s a problem, provide IT teams with the detailed guidance they need to resolve their network issues.

If you’re at all unsure about the integrity of your network, sign up for one of our free Network Security Assessments. Simply fill out the form and one of our experts will be in touch within 24 hours.

By Craig Badrick

10.03.2017

Sign up for the TTI Newsletter