Trump’s Turn to Face Questions Over Poor Email Security
Donald Trump’s corporate email servers are running outdated and unpatched software, exposing them to hackers, according to a security researcher.
Security architect Kevin Beaumont scanned publicly available records to find the email infrastructure used by the presidential candidate’s numerous businesses is running the no-longer supported Windows Server 2003 and Internet Information Server (IIS) 6.
Running unpatched software is a major security oversight which could allow attackers to find and exploit vulnerabilities, allowing them to access corporate emails.
What’s more, there’s apparently no two-factor authentication switched on for users, meaning their accounts are vulnerable to password phishing or brute force attacks.
The revelations are somewhat ironic given that the Republican candidate has repeatedly attacked rival Hillary Clinton for being a national security risk over her use of private emails for state business.
Cybersecurity has in fact been a major talking point throughout the campaign, with the US government blaming Russia for a cyber espionage campaign against the Democratic National Committee, and suspicions the Kremlin is also targeting state level election infrastructure.
However, it’s by no means the first time Trump’s IT set-up has been found wanting in terms of cybersecurity.
Just last month a researcher found 20 intern CVs stored on an insecure Amazon cloud server, allowing anyone who wanted to access them.
Trump Hotels has also been hacked numerous times and the credit card details of customers stolen.
In one incident, payment info-stealing malware was found to have been active for more than a year, between May 2014 and June 2015.
A statement from the former reality TV star’s office had the following:
"The Trump Organization deploys best in class firewall and anti-vulnerability technology with constant 24/7 monitoring. Our infrastructure is vast and leverages multiple platforms which are consistently monitored and upgraded using current cyber security best practices."
Source: Information Security Magazine