There have been many accusations flying back and forth over the last year alleging that Russian hackers played an instrumental role in
winning the presidential election. So many in fact, that the mere mention of the Republican leader now irresistibly conjures up images of cybercrime, regardless of whether or not these accusations will eventually be proven true. But hackers have had an association with Trump well before he decided to make a career for himself in politics. The Trump Organization has been on the receiving end of a major cybersecurity breach. The worst part? Hardly anyone even noticed that the multi-billion dollar corporation had even been compromised. That's a pretty scary concept when you remember that the man who owns that same company is now the man holding America's nuclear codes.
Back in 2013, a covert group of hackers managed to gain access to the Trump Organization’s domain account in order to create approximately 250 so-called "shadow" subdomains. The way shadow subdomains work is relatively simple, but the consequences can be catastrophic if they're left unchecked. Hackers first acquire login credentials via phishing and key-logging, then go on to build a vast number of seemingly harmless subdomains nested within the main account. This effectively gives cybercriminals an effective screen through which they can send out spam and malware from legitimate domains, which make the attacks harder for authorities to detect. Recently,
passwords using a similar method.
Not only this, but all of the Trump Organization's subdomains ultimately led to a Russian IP address, not hosted at the
authentic Trump Organization server in the United States. Since then, these Russian-tailored
subdomains, and the foreign IP addresses behind them, have repeatedly been linked to malware campaigns, viruses and other forms of online fraud and embezzlement. It was only in the last quarter of 2017 that the shadow subdomains were identified, which means that they had been active within the Trump Organization for more than four years. If the infiltration been detected, then their IT experts would have taken swift steps to disable and decommission the shadow subdomains.
The exact methods by which the hackers managed to breach security is contested, but one explanation is more likely than the rest. The Trump Organization’s GoDaddy domain registration account has been named as a weak point in the corporation's cybersecurity.
For several years now, the Trump Organization has been engaged in the process of
registering a number of potentially-lucrative domain names for future use. For example, BarronTrump.com, DonaldTrump.org, ChicagoTrumpTower.com and CelebrityPokerDealer.com have all been purchased by the company.
The Russian hackers obviously intend to launch compromising attacks in order to swindle vulnerable internet users into handing over sensitive information. In fact, the IP addresses associated with the fake subdomains have been found to be linked to a particular Russian IP address which is infamous for deploying malware known as an "exploit kit."
Exploit kits are packages of software which are designed to scan for
software vulnerabilities
in
client
machines, with the ultimate intention of the hacker exploiting these weaknesses in order to upload malignant code. Programs such as Apple Quicktime
or
Mozilla Firefox are known to be particularly weak, and a recent study conducted by Solutionary’s Security Engineering Research Team discovered that roughly about 70 per cent of exploit kits ultimately come from the Russian Federation.
In a recent blog post,
Security Researcher
stated: "All known Trump domains are registered through GoDaddy, and many of the primary domains are hosted on GoDaddy shared servers. Nonetheless, there are multiple subdomains whose traffic is routed to servers in St. Petersburg, Russia. Traffic to these subdomains goes through a backbone in Italy, proceeds to Moscow, goes to a server located hundreds of miles away to the east, then finally arrives at a server in St. Petersburg."
Typically, when cybersecurity experts are alerted to malware damaging their networks, they report the shadow subdomain to public malware databases. Many of the Trump-related subdomains have already been flagged as malware carriers by IT professionals in the past, who went on to upload references
to the offending subdomains to the malware research database VirusTotal. VirusTotal
lists
the findings of cybersecurity firms that analyse suspicious URLs.
In response to reports of hacking, the Trump Organization released the following blanket denial: "There has been no 'hack' within the Trump Organization and the domain names [in question] do not host active websites and do not have any content. Publishing anything to the contrary would be highly irresponsible. Moreover, we have no association with the 'shadow domains' you reference … and are looking into your inquiry with our third-party domain registrar. There is no malware detected on any of these domains and our security team takes any and all threats very seriously."
However, despite their dismissal of the evidence, it should be noted that
records related to the relevant subdomains have already begun disappearing and for the Trump Organization to admit to malware would have a catastrophic effect on shares.
But why would hackers target the Trump Organization, and not the White House or the federal government itself? Well, the answer is obvious: it's far easier for enemies of the state to attack a private corporation than the US intelligence agencies, or the offices of the president, since the cybersecurity surrounding these institutions will be airtight. However, if someone were to gain access to the Trump Organization's domain, then they could, in theory, use their nested malware to gain access to the largest repository of information regarding the president on the planet. This information could be used as leverage, be used by terrorists to assassinate or blackmail Trump, or sold to the highest bidder.
President Trump is currently under investigation by the FBI for his supposed links to Russian cybercriminals, and
,
but only time will tell whether this recently-discovered security breach will serve to prove him innocent or guilty of the crimes his administration has been accused of. At any rate, at a time in which international tensions are already at an all-time high, and Trump seems to be hell-bent on provoking a war with North Korea, the idea that the White House could be compromised is one that chills me to the core. Even
.
