Donald Trump has taken aim at Hillary Clinton’s email usage, but the security of his own systems aren’t exactly stellar, according to a new report.
Security researcher Kevin Beaumont analyzed the email servers used by the Trump Organization and found that they are outdated and running obsolete software, putting the company at risk of getting hacked.
Quick update on Trump corp email servers – all internet accessible, single factor auth, no MDM, Win2003, no security patching. pic.twitter.com/nIMTa9UmdL
— Kevin Beaumont (@GossiTheDog) October 17, 2016
Beaumont, who spoke to Motherboard about his findings, says he was “amazed” at what he discovered.
The Trump Organization, he says, uses mail servers for a Trump.org domain running Windows Server 2003, an operating system that Microsoft no longer supports and updates. Those servers use IIS 6.0, which is “particularly dangerous” when it’s allowed to run unpatched, Beaumont says.
Even worse, Beaumont found the servers only employ single-factor authentication instead of the two-factor authentication that has become a near-necessity in today’s security landscape.
In a statement to Motherboard, the Trump Organization insisted it uses “best in class firewall and anti-vulnerability technology with constant 24/7 monitoring.”
Beaumont gathered his data from publicly available site reports. “I have no interest in accessing these systems,” he told Motherboard, but their current security settings mean they are wide open for someone with nefarious intent to take advantage.
The findings are especially interesting given this election cycle. The Trump campaign, after all, has been hitting Hillary Clinton hard about a private email server she used while serving as Secretary of State. Trump argues that Clinton used unsafe cyber-security practices and could, in turn, put US cyber interests at risk if she’s elected president. The Trump Organization presumably does not traffic in confidential information, but if Beaumont’s findings are correct, this could be a case of the pot calling the kettle black.
The news also comes against the backdrop of an ongoing drip of leaked emails from the Clinton campaign. The emails were obtained by WikiLeaks after being stolen by Russian hackers, according to US officials.