Trump Cyber Advisor Giuliani Runs Outdated, Hackable Website
After word came that US President-elect Donald Trump has tapped former New York City mayor Rudy Giuliani as his cybersecurity advisor, industry reaction has been swift—and negative.
After his press conference on Tuesday, Trump said that he planned to assemble “some of the greatest computer minds anywhere in the world” to head up cyber-policy and recommendations. The Giuliani pick came soon after, with the Trump transition team saying that Giuliani will share “his expertise and insight as a trusted friend" on cybersecurity, heading up a leadership panel of private-sector experts. During a phone call with the media, Giuliani said there's an "awful lot of research going on both here, in Israel, in Germany on cyber-defense,” and that tapping that brain-trust will be his main focus.
But opponents also say that Giuliani specifically, who is chairman of the global-security practice at the Greenberg Traurig law firm and has what he bills as his own security-consulting company, is a terrible pick for the position.
Vice’s tech arm, Motherboard, reported that the security company doesn’t follow what other firms do in the space: “Unlike many other cybersecurity firms, Giuliani Partners does not publish white papers about malware and large-scale hacks, or push for increased adoption of encryption, which would enhance cybersecurity across the board. In fact, it doesn’t talk much about cybersecurity at all, instead choosing to focus on its more traditional anti-crime consulting work.”
The company also runs what experts say is an ancient, easily hackable website, www.giulianipartners.com. Among other things, researchers have taken to Twitter to point out that the site is running expired SSL, doesn't force https, has an exposed CMS login, uses Flash, uses EOL PHP version and has an SSL Lab grade of F.
Rick Hanson, EVP of Skyport Systems and a 30-year security veteran, told us that the pick flies in the face of the need for a serious discussion on cyber.
“We are entering a turbulent time for both cybersecurity and nation state attacks,” he said via email. “As a nation, we need to be cognizant of the state of our infrastructure while continually advising and educating our leadership on possible and imminent threats. The disregard for our cyber safety and disrespect for the cyber community is deeply concerning.”
He also added, “there is a plethora of smart, educated cyber professionals that could provide that advisement. Unfortunately, it may take a serious attack on our infrastructure before this issue is taken seriously. Cybersecurity is not a political pawn, but an urgent issue that needs real advisement and action. It concerns me that cybersecurity is not being taken seriously by our President-elect."
The news came amid a firestorm of controversy over Russia’s alleged hacking operation during the election. Fuel was added to that fire this week, with an unverified intelligence report being made public that alleges collusion between the Trump campaign and Russia, going back “years,” stemming from blackmail on the part of the Russians.
Source: Information Security Magazine