Trump Organization's 'problematic' cybersecurity risks email hack — report
The Trump Organization could be wide open to email attacks based on the findings of Kevin Beaumont, a cyber security expert and researcher.
“I decided to Google ‘trump email address’ to see what their systems looked like,” Beaumont told Fortune. “I did not see what I expected.”
By using public records, Beaumont discovered that the Trump Organization is using Microsoft Windows 2003 for their email servers. The last time Microsoft offered support and patches for Windows 2003 was in July 2015, meaning that the decade-old server has been open to attacks and hacks for over a year.
Windows 2003 does not employ many of the security measures that have come to be necessary in 2016, such as two-factor authentication or mobile device management options.
Beaumont also pointed out that almost all aspects of the server are unsupported by Microsoft.
The Outlook Web App is here: https://t.co/VG723VcOAh - everything from OS to IIS to Exchange is unsupported. ActiveSync running too.— Kevin Beaumont (@GossiTheDog) October 17, 2016
“Running outdated software and operating systems for your publicly facing email infrastructure is problematic, especially when you're a high profile organization,” Beaumont told Motherboard. “During an election where cybersecurity is such a big issue, I was a little amazed at what I saw.”
The Trump Organization responded to the discovery by sending a statement to Motherboard, saying: "The Trump Organization deploys best in class firewall and anti-vulnerability technology with constant 24/7 monitoring. Our infrastructure is vast and leverages multiple platforms which are consistently monitored and upgraded using current cyber security best practices."
Trump corp have issued a statement saying it doesn't matter if they run Exchange on Win 2003 internet because they have a firewall. pic.twitter.com/F6FmjFE6nN— Kevin Beaumont (@GossiTheDog) October 18, 2016
On Tuesday, Trump’s campaign released his plan for cybersecurity, which includes “[establishing] detailed protocols and mandatory cyber awareness training for all government employees while remaining current on evolving methods of cyber-attack.”