Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsHackers Compromised Trump Organization 4 Years Ago. The perpetrators have possible ties to Russia
Four years ago, the Trump Organization experienced a major cyber breach that could have allowed the perpetrator (or perpetrators) to mount malware attacks from the companys web domains and may have enabled the intruders to gain access to the companys computer network. Up until this week, this penetration had gone undetected by President Donald Trumps company, according to several internet security researchers.
In 2013, a hacker (or hackers) apparently obtained access to the Trump Organizations domain registration account and created at least 250 website subdomains that cybersecurity experts refer to as shadow subdomains. Each one of these shadow Trump subdomains pointed to a Russian IP address, meaning that they were hosted at these Russian addresses. (Every website domain is associated with one or more IP addresses. These addresses allow the internet to find the server that hosts the website. Authentic Trump Organization domains point to IP addresses that are hosted in the United States or countries where the company operates.) The creation of these shadow subdomains within the Trump Organization network was visible in the publicly available records of the companys domains.
. . .
The subdomains and their associated Russian IP addresses have repeatedly been linked to possible malware campaigns, having been flagged in well-known research databases as potentially associated with malware. The vast majority of the shadow subdomains remained active until this week, indicating that the Trump Organization had taken no steps to disable them. This suggests that the company for the past four years was unaware of the breach. Had the infiltration been caught by the Trump Organization, the firm should have immediately decommissioned the shadow subdomains, according to cybersecurity experts contacted by Mother Jones.
Two weeks ago, a computer security expert, who wishes to remain unidentified, contacted Mother Jones and provided the list of the shadow Trump Organization subdomains. He explained what he believed had happened. Some hackeror grouphad gained access to the Trump Organizations GoDaddy domain registration account. Like many companies, the Trump Organization has registered a long list of domain names, many of which it has never put to use. Some examples: BarronTrump.com, DonaldTrump.org, ChicagoTrumpTower.com, CelebrityPokerDealer.com, and DonaldTrumpPyramidScheme.com.The existence of these shadow subdomains suggests a possible security compromise within Trumps business network that created the potential for unknown actorsusing these Trump Organization subdomainsto launch attacks that could trick computer users anywhere into handing over sensitive information and unknowingly allow the attackers access to their computers and network. In fact, the IP addresses associated with the fake subdomains are linked to an IP address for at least one domain previously used by hackers to deploy malware known as an exploit kit, which can allow an attacker to gain a computer users passwords and logins or to take over another computer and gain access to the files within it.
In 2013, a hacker (or hackers) apparently obtained access to the Trump Organizations domain registration account and created at least 250 website subdomains that cybersecurity experts refer to as shadow subdomains. Each one of these shadow Trump subdomains pointed to a Russian IP address, meaning that they were hosted at these Russian addresses. (Every website domain is associated with one or more IP addresses. These addresses allow the internet to find the server that hosts the website. Authentic Trump Organization domains point to IP addresses that are hosted in the United States or countries where the company operates.) The creation of these shadow subdomains within the Trump Organization network was visible in the publicly available records of the companys domains.
. . .
The subdomains and their associated Russian IP addresses have repeatedly been linked to possible malware campaigns, having been flagged in well-known research databases as potentially associated with malware. The vast majority of the shadow subdomains remained active until this week, indicating that the Trump Organization had taken no steps to disable them. This suggests that the company for the past four years was unaware of the breach. Had the infiltration been caught by the Trump Organization, the firm should have immediately decommissioned the shadow subdomains, according to cybersecurity experts contacted by Mother Jones.
Two weeks ago, a computer security expert, who wishes to remain unidentified, contacted Mother Jones and provided the list of the shadow Trump Organization subdomains. He explained what he believed had happened. Some hackeror grouphad gained access to the Trump Organizations GoDaddy domain registration account. Like many companies, the Trump Organization has registered a long list of domain names, many of which it has never put to use. Some examples: BarronTrump.com, DonaldTrump.org, ChicagoTrumpTower.com, CelebrityPokerDealer.com, and DonaldTrumpPyramidScheme.com.The existence of these shadow subdomains suggests a possible security compromise within Trumps business network that created the potential for unknown actorsusing these Trump Organization subdomainsto launch attacks that could trick computer users anywhere into handing over sensitive information and unknowingly allow the attackers access to their computers and network. In fact, the IP addresses associated with the fake subdomains are linked to an IP address for at least one domain previously used by hackers to deploy malware known as an exploit kit, which can allow an attacker to gain a computer users passwords and logins or to take over another computer and gain access to the files within it.
http://www.motherjones.com/politics/2017/11/hackers-compromised-the-trump-organization-4-years-ago-and-the-company-never-noticed/
InfoView thread info, including edit history
TrashPut this thread in your Trash Can (My DU » Trash Can)
BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks)
0 replies, 572 views
ShareGet links to this post and/or share on social media
AlertAlert this post for a rule violation
PowersThere are no powers you can use on this post
EditCannot edit other people's posts
ReplyReply to this post
EditCannot edit other people's posts
Rec (1)
ReplyReply to this post