Some businesses owned by Republican presidential nominee Donald J. Trump have a worryingly insecure internet setup.
Websites representing Trump’s organization – his hotels, golf courses, realty business, and more – are running internet server technology that’s riddled with holes, according to a security architect speaking with Vice’s Motherboard.
Trump has repeatedly criticized his Democratic counterpart, Hillary Clinton, for her use of an insecure private email server while she served as secretary of state.
“Running outdated software and operating systems for your publicly facing email infrastructure is problematic, especially when you’re a high profile organization,” security architect Kevin Beaumont told Motherboard. Beaumont is the man who discovered the holes in the Trump Organization’s internet security.
He first tweeted about the holes on Monday:
Quick update on Trump corp email servers – all internet accessible, single factor auth, no MDM, Win2003, no security patching. pic.twitter.com/nIMTa9UmdL
— Kevin Beaumont (@GossiTheDog) October 17, 2016
“During an election where cybersecurity is such a big issue, I was a little amazed at what I saw,” he said.
More problematically, the internet security holes in Trump’s company also affect email servers; in several instances, email servers of Trump’s are running software that has reached “end-of-life” status, meaning the company that originally made said software (Microsoft in this case) would no longer issue security patches and updates. And that leaves it vulnerable to attack.
Because of the age of the software and the setup of the system, the Trump Organization isn’t using industry-standard safety measures like two-factor authorization, which enables users to confirm authenticity through their mobile phone (or another third-party factor), according to Beaumont.
However, a Trump organization spokesperson told Business Insider, “The Trump Organization deploys best in class firewall and anti-vulnerability technology with constant 24/7 monitoring. Our infrastructure is vast and leverages multiple platforms which are consistently monitored and upgraded using current cyber security best practices.”