Hackers infiltrated the Trump Organisation years ago – so what did they find?
KEY POINTS
- Hackers created at least 250 shadow domains, Mother Jones reported.
- Ultimate aim of the attack was not email theft, cybersecurity experts have said.
- Unlike the DNC hack years later, no information has leaked.
In 2013, hackers with links to Russia allegedly infiltrated the Trump Organisation computer networks, but unlike the Democratic Party attacks years later, did not steal emails.
Instead, Mother Jones reported, the hackers created at least 250 shadow domains that could potentially be used to launch malware attacks from the company's own web addresses.
Several researchers claimed the suspicious domains, despite being in existence for roughly four years, lay undiscovered in the networks until this week.
Hundreds of the URLs were pinging web addresses located in Russia. Some, the publication reported, have been linked to cybercrime campaigns, malware-based cyberattacks and scams in the past.
Responding to the find, the Trump Organisation has denied the discovery constitutes a "hack".
The identities of the hackers remains a mystery.
According to Mother Jones, domains were registered through GoDaddy, with experts saying that means the account itself was compromised. It remains unproven, but the unit may have also gleaned passwords and "access to other computers" in the company.
"This would look like someone had hacked these domains and left the files as a form of defacement, or possibly used them for a spam or malware campaign," wrote researcher C. Shawn Eib in a blog post this week detailing the scope of the subdomain discovery.
He added: "Any basic security audit would show the existence of these subdomains, and what servers they're leading to. This is sloppy at best, and potentially criminally negligent at worst, depending on the traffic that is being run through these servers."
Analysis suggested the shadow domains were created in August 2013 – long before Trump would run for president and the Russian state would launch its alleged influence campaign on the US.
It remains unknown if any sensitive emails – like in the aforementioned DNC hack – were compromised in any of the cyberattacks in recent years. No such data has surfaced.
In a statement, the Trump Organisation said: "There has been no hack within the Trump Organisation and the domain names do not host active websites and do not have any content.
"Publishing anything to the contrary would be highly irresponsible.
"Moreover, we have no association with the 'shadow domains' you reference... and are looking into your inquiry with our third party domain registrar. There is no malware detected on any of these domains and our security team takes any and all threats very seriously."
In 2016, US intelligence said Putin ordered a clandestine campaign during the presidential election in order to influence the outcome of the vote. During this time, Democratic Party emails were leaked to the web in an attempt to hurt Trump's political rival candidate, Hillary Clinton.
Mother Jones said after reaching out for comment, the Trump domains started to disappear.