Following the news that Donald Trump's campaign website leaks intern resumes:
Lee Munson, security researcher for Comparitech.com reacts: “Love him or hate him, Donald Trump has a real shot at the White House in the upcoming US elections. Should that worry the security-conscious among you? - Hell yeah!
Even if you are not concerned by his request to Russian President Vladimir Putin to cyber-attack his country to boost his chances of being elected, the fact that his own website allegedly has more leaks than Hillary Clinton’s private email server should be enough to convince you that American information assets are at peril.
Not that such concerns are only the preserve of ‘The Donald’. In what is arguably the most cyber-attacked nation on earth, the federal government’s inability to protect its own citizens’ data at the Office of Personnel Management, and elsewhere, shows the self-proclaimed keeper of the worldwide web has much work to do before and after its people go to the polls on November 8.”
Tim Erlin, Director, Security and IT Risk Strategist at Tripwire says: “Cybersecurity isn’t a partisan issue. Both Democrats and Republicans alike are capable of misconfiguring settings and failing to patch vulnerabilities.
Campaigns are often difficult entities to secure. They aren’t permanent organizations, and their staff and needs change rapidly. Campaigns do handle sensitive information routinely, and securing that data needs to be part of their charter from the start.”
Robert Page, Lead Penetration Tester at Redscan, says: “Vulnerabilities like the one affecting the official website of Donald Trump are all too common, enabling hackers to bypass authorisation controls to access sensitive files.
While in this instance, the breach appears not to have been particularly serious, intrusions like this can be significantly more damaging if hackers research site file naming conventions to conduct wider, more targeted brute force attacks.
A cyber breach can cause severe reputational damage to an individual or organisation so it’s important that websites are regularly penetration tested by security experts to ensure that flaws, such as the one highlighted here, are addressed.”
Jonathan Sander, VP of Product Strategy at Lieberman Software, adds: "The Trump website leak could have happened to anyone - anyone who is more concerned about business results than security. When you put it that way, it sounds as if the Trump campaign was extremely careless with this data, but the sad truth is that's not the exception, it is the rule. Some person likely set up the system in the most expedient way possible, and no one reviewed the security until someone acted like a bad guy, which is the story of most breaches. There's also a question here about the design of the system itself encouraging better security in how it walks the user through set up. In the end, this falls to the person hired by Trump to do this configuration, someone who may today be heading towards the iconic "you're fired" right from the man who made it famous."