Reports are coming out that the Trump organization suffered a hack, Bigly, as the President would say, around four years ago and, we assume, did not know about it until a week ago. The only alternative explanation is that they did know about and chose to let the hacker stay inside their network for four years. Either explanation is problematic.
What happened? The heart of any Internet based corporate world is DNS or the Domain Name System. DNS is where you define every web site in the organization and all of the parameters of those sites. If a hacker controls your DNS he or she can shut down access to your web servers or point them to a different place (such as to porn sites as we have seen in the past).
Apparently, based on reports shown to the media, hackers took over the Trump organization’s DNS and added hundreds of sub-domains under a variety of Trump domains.
These roughly 250 sub-domains were all hosted in Russia. The Mother Jones article below provides a link to a list of those domains.
These domains were pointing to one of 17 IP addresses owned by the Petersburg Internet Network, known for hosting a lot of cyber criminals.
Two weeks ago a researcher came to Mother Jones with this information; The anti virus firm Kaspersky (who has been in the news lately) said that many of those sub-domains were, in fact, serving up malware. Last week a researcher tweeted about it.
Trump said that the domains were not CURRENTLY serving up malware (which appears to be true) and they have no association with those sub domains. If that is true, then the only reasonable explanation is that they were hacked and didn’t know it.
I am sure there will be more about this in the news.
Information for this post came from Mother Jones.