Republican presidential candidate Donald J. Trump has a worryingly insecure internet setup.
Websites representing Trump’s organisation — his hotels, golf courses, realty business, and more — are all running internet server technology that’s riddled with holes, according to a security architect speaking with Vice’s Motherboard.
The news might not be such a big deal in another election, but Trump has repeatedly leaned into his opponent, Democratic presidential nominee Hillary Clinton, for her use of an insecure private email server while serving as Secretary of State.
“Running outdated software and operating systems for your publicly facing email infrastructure is problematic, especially when you’re a high profile organisation,” security architect Kevin Beaumont told Motherboard. Beaumont is the man who discovered the holes in the Trump organisation’s internet security.
He first tweeted about the holes on October 17:
Quick update on Trump corp email servers – all internet accessible, single factor auth, no MDM, Win2003, no security patching. pic.twitter.com/nIMTa9UmdL
— Kevin Beaumont (@GossiTheDog) October 17, 2016
“During an election where cybersecurity is such a big issue, I was a little amazed at what I saw,” he said.
More problematically, the internet security holes in Trump’s organisation also affect email servers; in several instances, email servers of Trump’s are running software that has reached “end-of-life” status — the company that originally made said software (Microsoft in this case) will no longer issue security patches and updates. And that leaves it vulnerable to attack.
Due to the age of the software and the setup of the system, the Trump organisation isn’t using industry-standard safety measures like two-factor authorization, which enables users to confirm authenticity through their mobile phone (or another third-party factor).