Billy_Pilgrim
Member
https://www.channel4.com/news/trump-cyber-tsar-giuliani-among-swathes-of-hacked-top-appointees
Passwords used by Donald Trumps incoming cyber security advisor Rudy Giuliani and 13 other top staff members have been leaked in mass hacks, a Channel 4 News investigation can reveal.
Passwords used by Donald Trumps incoming cyber security advisor Rudy Giuliani and 13 other top staff members have been leaked in mass hacks, a Channel 4 News investigation can reveal.
Passwords are publicly available for key members of Trumps cabinet, White House policy directors and aides and some of his most senior advisors, this programme has discovered.
Digital security issues including allegations of Russian hacking to try to influence the outcome of the US presidential elections have dominated the headlines as Trumps team prepares to take command of the worlds most powerful country.
NEW YORK, NY - JANUARY 12: Former New York City Mayor Rudy Giuliani speaks to reporters at Trump Tower, January 12, 2017 in New York City. President-elect Trump continues to hold meetings Trump Tower. (Photo by Drew Angerer/Getty Images)
The appointment of Giuliani, the former mayor of New York City, has been criticised by people in the cyber security community, who have highlighted exploitable security flaws on his own website.
But Giuliani says he has given over 300 speeches on digital security, and told Fox News earlier this month: American corporations and the American government is not paying attention to ubiquitous hacking that is now going on.
Lt Gen Michael Flynn has also been hacked in the past and Channel 4 News has seen a number of passwords used by the former military intelligence officer.
He will become President Trumps national security advisor from Friday; a crucial role stationed inside the White House itself and reporting directly to Trump.
Lt. Gen. Michael Flynn arrives for a meeting with US President-elect Donald Trump at Trump Tower December 12, 2016 in New York. / AFP / TIMOTHY A. CLARY (Photo credit should read TIMOTHY A. CLARY/AFP/Getty Images)
Staff whose accounts also appear to be affected by the hacks in recent years include people who will from Friday at 12pm take roles as:
the Secretary for the Interior
the Secretary for Labour
the Press Secretary
the Director of the Domestic Policy Council
the Director of the National Trade Council
Head of Social Media
Chief Trade Negotiator
Director of Oval Office operations
and many others
Trumps team have not commented on this story.
Mass breaches
The passwords of the appointees were hacked in mass breaches of websites like Dropbox, LinkedIn, MySpace, and others between 2012 and 2016.
The passwords are accessible from original leaks of the data, but even more easily accessible from website charging a fee of just $4 (£3.20).
With some staffers using the same simple passwords for multiple sensitive websites, experts say the hacks may have left them vulnerable to further hacks perhaps by foreign powers.
There is no way to check how widely the hacked passwords have been reused by the incoming government officials without actually logging in and testing them which is illegal under British law.
Hacks of celebrities for instance of Twitter accounts or explicit photos sometimes occurred by hackers using precisely this method of reusing passwords that have already been leaked.
Cyber security analyst Troy Hunt, who runs the online service HaveIBeenPwned.com to notify users of data breaches, told Channel 4 News that the leaks could be problematic.
Hunt said: How many passwords have we got that have been reused in different places and are the same as they were five years ago even a decade ago. Weve got a long tail of info that weve left on the web now.
The problem here is that a little bit like all of us, we have this propensity to reuse our passwords.
And lets say someone from Trumps team has data leaked and it appears on a totally unrelated forum somewhere and someone takes those credentials and accesses the individuals Gmail.
If this is an individual in a position of power or influence they may well have discussions in their personal mail that could be compromising.
Cyber security analyst Troy Hunt
If this is an individual in a position of power or influence they may well have discussions in their personal mail that could be compromising.
And if they dont then the attacker who gains access to that Gmail may then use that account to begin conversation with other people in the contact list, impersonate them, elicit information from other individuals.
It then just opens up a door to a raft of much bigger problems.
The revelations come after Trump boasted in a press conference of how the Republicans had better cyber security than the Democrats, saying: They did a very poor job. They couldve had hacking defense, which we had.
Unlike Hillary Clintons campaign team, the Trump team officials were not targeted specifically but rather had their details leaked along with many others but the hack would have made it easier for intruders to take control of their accounts.
The release of hacked emails belonging to Hillary Clintons campaign manager occurred just weeks before the US election.
Some pundits say it helped Donald Trump win the race.