Tag Archives: Trump

Security news for the Week Ending May 24, 2019

SalesForce Gives Users Access To All of Your Company’s Data

In what can only be called an Oops, SalesForce deployed a script last Friday that gave users of certain parts of SalesForce access to all of the data that a company had on the system.  The good news is that it didn’t show you anyone else’s data,  but it did give users both read and write access to all of their company’s data.

In order to fix it, Salesforce took down large parts of its environment, causing some companies that depend on SalesForce to shut their company down and send employees home.

This brings up the issue of disaster recovery and business continuity.  Just because it is in the cloud does not mean that you won’t have a disaster.  It is not clear if replicating your SalesForce app to another data center would have kept these companies working.  Source: ZDNet.

Google Tracks Your Online Purchases Through GMail

While this is probably not going to show up as a surprise, Google scans your emails to find receipts from online purchases and stores them in your Google purchase history at https://myaccount.google.com/purchases .  This is true whether you use Google Pay or not.  One user reported that Google tracked their Dominos Pizza and 1-800-Flowers purchases, as well as Amazon, among other stores.

You can delete this history if have masochistic tendencies, but I doubt anyone is going to do that because it requires you to delete the underlying email that caused it to populate the purchase, one by one.  There is also no way to turn this “Feature” off.

It appears that it keeps this data forever.

Google said they are not using this data to serve ads, but they did not respond to the question about if they use it for other purposes.  Source: Bleeping Computer.

President Trump Building An Email List to Bypass Social Media

Welcome to the world of big data.  The Prez has created a survey for people to submit information about how they have been wronged by social media.  And get you subscribed to his email list.  Nothing illegal.  Nothing nefarious.  Just a big data grab.

If you read the user agreement, it says you “grant the U.S. Government a license to use, edit, display, publish, broadcast, transmit, post, or otherwise distribute all or part of the Content.  (NOTE: That “content” includes your email address and phone number).  The license you grant is irrevocable and valid in perpetuity, throughout the world, and in all forms of media.” 

This seems to be hosted on the Whitehouse.Gov servers.  It is not clear who will have access to this data or for what purpose.  Source: Vice.

Colorado Governor Declares Statewide Emergency After Ransomware Attack

Last year the Colorado Department of Transportation suffered a ransomware attack.  Initially the state thought it was getting a handle on the attack, but ten days later it came back.

It was the first time any state had issued a Statewide Emergency for a cyberattack.  Ever!  Anywhere!

It had the affect that the state was able to mobilize the National Guard, call in resources from other departments, activate the state Department of Homeland Security and Emergency Management and get help from the FBI and the US Department of Homeland Security.  It also allowed them to call for “Mutual Aid”, the process where neighboring jurisdictions  – in this case neighboring states – provided assistance.

It worked and since then, other states have begun to do this.

When you have a disaster, even a cyber disaster, you need a lot of resources and an emergency declaration is one way to do it. Source: StateScoop.


Latest Breach – 885 Million Records

First American Financial, one of the largest title insurance companies, exposed 885 million records going back to 2003 due to a software design flaw.  The records include all kinds of sensitive records that are associated with real estate closings.  Source:  Krebs on Security.

Facebooktwitterredditlinkedinmailby feather

Trump Organization Hacked 4 Years Ago (And Didn’t Know It)

Reports are coming out that the Trump organization suffered a hack, Bigly, as the President would say, around four years ago and, we assume, did not know about it until a week ago.  The only alternative explanation is that they did know about and chose to let the hacker stay inside their network for four years.  Either explanation is problematic.

What happened?  The heart of any Internet based corporate world is DNS or the Domain Name System.   DNS is where you define every web site in the organization and all of the parameters of those sites.  If a hacker controls your DNS he or she can shut down access to your web servers or point them to a different place (such as to porn sites as we have seen in the past).

Apparently, based on reports shown to the media, hackers took over the Trump organization’s DNS and added hundreds of sub-domains under a variety of Trump domains.

These roughly 250 sub-domains were all hosted in Russia.  The Mother Jones article below provides a link to a list of those domains.

These domains were pointing to one of 17 IP addresses owned by the Petersburg Internet Network, known for hosting a lot of cyber criminals.

Two weeks ago a researcher came to Mother Jones with this information;  The anti virus firm Kaspersky (who has been in the news lately) said that many of those sub-domains were, in fact, serving up malware.  Last week a researcher tweeted about it.

Trump said that the domains were not CURRENTLY serving up malware (which appears to be true) and they have no association with those sub domains.  If that is true, then the only reasonable explanation is that they were hacked and didn’t know it.

I am sure there will be more about this in the news.

Information for this post came from Mother Jones.

Facebooktwitterredditlinkedinmailby feather

Trump Senior Staff Using Same Hackable Private Email as Hillary

I generally stay away from politics in this blog, but this item is an interesting intersection of security and politics. And, it is pretty unique.  Most non-public sector businesses don’t have to worry about this.  While they may or may not let employees use their business email for personal reasons, there are no laws or regulations governing that.  Which makes this situation unique.  And very interesting. Sooooo…..

Politicians are an interesting breed.

After Trump spent months on the campaign trail saying that Hillary Clinton was a criminal for using a private email server, that she risked state secrets and that she should be locked up, Newsweek is reporting that Kellyanne Conway, Jared Kushner, Sean Spicer and Steve Bannon have active email accounts on the private RNC email server.

This is the same email system that George W. Bush used and on which he misplaced 22 million emails.  You may remember that Trump also complained about some 30,000 emails on Hillary’s private email server that were deleted.

Politicians can talk out of one side of their mouth to complain about what an opponent does and then do it themselves.

Now that it has come to light, the staffers are no  longer using those accounts.

But, just like Trump complained about Hillary, we have no idea what the senior Trump staff may have used that server for.

We do believe that Bush used that very same server to evade transparency rules.

We have not yet heard from the White House that while they may no longer be using the RNC email server that they are not using any other private email servers.

This is the same kind of servers that Trump complained about on the campaign trail were not secure.  And, at least until yesterday, they, themselves, were using.

Of course we have no idea what they used those email accounts for – or didn’t.  The law does NOT prohibit them from using private email accounts for non-government business.  It does require them to forward any government business email that is received on a private account to the government within 20 days.

A former Obama White House official said that they were trained on the issue of using private emails from day 1 and a former Obama administration lawyer said that they did an enormous amount of training on compliance.

That being said, we likely will never know what is on these servers – those accounts were likely wiped within an inch of their life.

Part of the problem is that some White House staff work part time or in an unpaid capacity for the RNC.  As soon as that happens, mischief is almost certain to follow.

Since FBI Director Comey said that Hillary Clinton’s use of a personal email server was “extremely careless”, I assume he will come out as publicly and as vocally about the Trump team’s use of similar servers.

The RNC said that those email accounts were only used for email distribution lists.  Who knows.  That is certainly possible.  Or not.

Stay tuned.

We definitely live in interesting times.

Information for this post came from Newsweek.

Facebooktwitterredditlinkedinmailby feather

Trump Hotels Hacked For Second Time In 12 Months

While The Trump Hotel Collection is “investigating” yet another breach at their luxury hotel chain, Brian Krebs is reporting that three different sources in the financial sector have told him that they have noticed “a pattern of fraud” that suggests that hackers have breached security at some, if not all, properties in the Trump hotel chain.

Just last July the Trump organization was dealing a cyber security breach. Possibly this is a new attack; possibly they did not clean out all the traces of the old attack.

I assume that they will make a statement once they are done investigating.

In the mean time, it is an embarrassment for the luxury hotel chain to be breached twice in less than a year.

After Krebs reported the earlier breach, Eric Trump, Donald Trump’s son and the executive in charge of the hotels issued a statement that “Like virtually every other company these days, we have been alerted to potential suspicious credit card activity and are in the midst of a thorough investigation to determine whether it involves any of our properties,”.  Basically, he said, to quote Tom Peters, We’re no worse than anyone else.  But we are no better either.

To add to the embarrassment, Donald Trump said, in an interview with the New York Times, that we’re so obsolete in cyber.  He did not offer any suggestions regarding how he would fix that.

If, in fact, his hotels have been hacked, again, his statement will turn out to be correct.  I think he was suggesting that this obsolescence is the government’s fault, but the security at his hotels would be his responsibility.

I am sure this will heat up;  the item only came out yesterday, so stay tuned.

Information for this post came from Krebs On Security.


Facebooktwitterredditlinkedinmailby feather

Donald Trump Hotels Newest Credit Card Hack Victim

BBC is reporting that several of the Trump hotels point of sale systems likely have been hacked.  Trump’s initial response to questions was to decline to comment.  Later, after the news of the breach was published, Eric Trump, Donald’s son, said that like “virtually every other company these days” they had been alerted to suspicious activity and are in the midst of a “thorough” investigation.  They also reminded the media that they “are committed to safeguarding all guests’ personal information”.

Before I fly off the handle, there really isn’t a lot that they can say as they investigate the breach.

However, saying that “like virtually every other company …” reminds me of the old Tom Peters (In Search Of Excellence and many other books) quote.  Peters,  in lamenting how poorly most American businesses were run, said that most businesses fundamental operating principal was “we’re no worse than anyone else“.  That seems to be the principal that the Trump chain is using.

And, to be clear, while there are many, many credit card breaches every year, to say that virtually every other company has had their credit card data hacked is a bit of a stretch.  Even if it were true, to use that as a justification of why they were hacked is probably not going to sit well with the high end customers that his hotels court.

Brian Krebs wrote, in his coverage of the Trump breach, that maybe hackers are doing one last effort to grab credit cards before the October 15 deadline for liability for credit cards.  I would like to dissect that statement because it is problematical.

(a) The October 15th date is when merchants start absorbing liability if they do not have credit card machines that accept chip based credit cards – that the rest of the world has been using for years.

(b) The new cards that your banks will issue will still have a mag stripe on it.  That means, at least to a degree, those cards are still vulnerable.

(c) We will have to see if merchants stop swiping (and therefore collecting) mag stripe data on cards after that date.  IF THEY DO STOP SWIPING THE MAG STRIPES then that data will no  longer be collected and therefore no longer available to hackers.  We are going to have to wait and see what merchants do.

(d) There is no law or rule that will stop merchants from swiping your mag stripe after October 15th and, in fact, many merchants will not have new credit card readers by then, so they will continue to swipe your card.

(e) Banks are worried silly that if it is a little bit harder to use your credit card  you might pay cash (and possibly get a discount!) and they will lose out on the fees.  As a result, they have decided both to leave the mag stripe on the new cards and not require you to use a pin with your chip card – as the rest of the world does – and instead use the totally ridiculous option of having you sign your virtual receipt.  Since NO ONE checks your signature (again, for fear that you might bail on the transaction) this will reduce certain types of fraud but it will not reduce other types.

(f) The October 15th deadline does not apply to a variety of merchants such as gas stations, and, I expect, banks will not have all ATMs upgraded by then either.

(g) The chip card has no effect on Internet based sales and most people expect Internet fraud to go through the roof as hackers move their efforts to ecommerce web sites once it becomes harder to hack places like Trump’s hotels.

This migration to chip cards – and hopefully, eventually, to chip and pin, will take years.  Many years.

Both BBC and Krebs are saying that this breach goes back to February.  If so, this is July, which means that it only took the banks 3 or 4 months to detect the breach and, Trump’s response seems to indicate that they were not aware of the problem at until until the banks told them about it.  Believe it or not, that is pretty quick.

While I am beating on the Trump chain pretty hard, as Tom Peters said, they really ARE no worse than anyone else.

My two cents.

Information for this post came from BBC and Brian Krebs.

Facebooktwitterredditlinkedinmailby feather