AP finds hackers hijacked at least 195 Trump web addresses
AP finds hackers hijacked at least 195 Trump web addresses
The Trump Organization denied the domain names were ever compromised. But a review of Internet records by the AP and cybersecurity experts shows otherwise. And it was not until this past week, after the Trump camp was asked about it by the AP, that the last of the tampered-with addresses were repaired.
After the hack, computer users who visited the Trump-related addresses were unwittingly redirected to servers in St. Petersburg, Russia, that cybersecurity experts said contained malicious software commonly used to steal passwords or hold files for ransom. Whether anyone fell victim to such tactics is unclear.
A further mystery is who the hackers were and why they did it.
The discovery represents a new twist in the Russian hacking story, which up to now has focused mostly on what US intelligence officials say was a campaign by the Kremlin to try to undermine Democrat Hillary Clinton’s candidacy and benefit Trump’s.
It is not known whether the hackers who tampered with the Trump addresses are the same ones who stole Democratic officials’ emails and embarrassed the party in the heat of the campaign last year. Nor is it clear whether the hackers were acting on behalf of the Russian government.
The affected addresses, or domain names, included donaldtrump.org, donaldtrumpexecutiveoffice.com, donaldtrumprealty.com and barrontrump.com. They were compromised in two waves of attacks in August and September 2013, according to the review of Internet records.
Many of the addresses were not being used by Trump. Businesses and public figures commonly buy addresses for possible future use or to prevent them from falling into the hands of rivals or enemies. The Trump Organization and its affiliates own at least 3,300 in all.
According to security experts, the hackers hijacked the addresses by penetrating and altering the domain registration records housed at GoDaddy.com, a seller of web addresses.
Accounts at GoDaddy, like at any site that requires a user name and password, are often subject to malicious messages known as phishing attacks, which are designed to trick people to reveal that personal information to hackers.
Computer users who entered or clicked on one of those Trump addresses probably would have had no idea they were redirected to servers in Russia.
Within days after the AP asked the Trump Organization about the tampering, the affected web addresses were all corrected.
The White House referred questions to the Trump Organization. The FBI did not respond to a request for comment.
GoDaddy spokesman Nick Fuller said the company had no breaches of its system in 2013 and has measures in place to monitor for malicious activity. Fuller would not discuss any customers in particular.
Some cybersecurity experts said there is an outside chance the tampering was a probe — an attempt to test security for an eventual effort to gather information on Trump or his business dealings. But those experts were only guessing.
There was no evidence the hackers ultimately broke into server computers at the Trump Organization or other Trump interests.
“This is beyond me,” said Paul Vixie, CEO of the San Mateo, California-based Internet security company Farsight Security Inc. “I have simply never seen a benefit accrue from an attack of this kind. I’m at loss, unless it’s a demonstration of capabilities.”
Vixie said the Trump Organization’s apparent failure to detect what was happening probably suggests inadequate cybersecurity at the company.
“There’s no way something like this could go by in the Bloomberg empire without this being seen,” Vixie said.
Russian ‘agent’ held on charges of seeking to infiltrate US govt
- Maria helped arrange visits by Torshin and other Russian officials to major political events
- The arrest was announced Monday hours after Trump finished a summit and a press conference with Putin in Helsinki
WASHINGTON: A Russian gun rights enthusiast who built a network of powerful Republican contacts under the direction of a Kremlin power-broker was ordered held without bond Wednesday after FBI counterintelligence agents accused her of conspiring to infiltrate the US government.
US prosecutors said Maria Butina, 29, exploited her close links with the powerful NRA gun lobby while posing as a visiting graduate student to endear herself with senior Republicans, guided by one of Russian President Vladimir Putin’s major political supporters, Alexander Torshin.
Butina was charged in the Washington federal court with acting illegally as an unregistered agent for the Russian government while she lived in Washington over the past three years with her boyfriend, a veteran Republican operative.
They called Butina a “covert Russian agent” who maintained contacts with Russian spies and pursued a mission “to penetrate the US national decision-making apparatus to advance the agenda of the Russian Federation.”
That included offering sex to get a job in a US lobbying group, according to documents filed in court by the Department of Justice.
Butina pleaded not guilty to two criminal charges of conspiring to act as a foreign agent without registering, and acting as a foreign agent. The first charge brings a maximum five years in prison, while the second carries a maximum 10 years.
“This is not a spy case,” her lawyer Robert Driscoll said after Butina appeared in court in an orange jumpsuit.
“The government is speculating that someone is a Russian spy, but thousands of Russians met intelligence operatives” in the United States, he said.
Butina’s arrest Sunday added to the political turmoil in Washington over Russia’s meddling in the 2016 presidential election and allegations that President Donald Trump’s campaign collaborated with the Russians.
The arrest was announced Monday hours after Trump finished a summit and a press conference with Putin in Helsinki, Finland, where the US leader rejected the US intelligence community’s verdict that the Russians meddled to support him over Hillary Clinton in the 2016 race.
Trump reversed that stance a day later under heavy attack from US politicians of both parties.
FBI agents described a long-term operation stretching back as far as 2011 when Torshin met then-National Rifle Association president David Keene and Butina launched a mirror Russian gun rights group named The Right to Bear Arms.
She befriended the Republican operative, unnamed in the indictment but widely identified as Paul Erickson, 56, who opened doors to NRA and Republican circles.
Butina began visiting the United States and was regularly hosted by the NRA and other groups, and became a “life member” of the American gun rights lobby.
Pictures of her meeting prominent Republican governors and congressman, and the powerful leaders of the NRA, are splashed across her social media accounts.
In July 2015, Butina was selected to ask Trump a question about his plans for ties with Russia at a rally in Las Vegas.
“I believe I would get along very nicely with Putin.... I don’t think you’d need the sanctions,” he said, in possibly his first campaign trail pronouncement on the issue.
Her activities ramped up after she moved to the US capital on a student visa in 2016, attending American University graduate school while she lived with Erickson.
Hardly masking her networking efforts, she told colleagues at the school that she had a nearly direct line to Putin.
She helped arrange visits by Torshin and other Russian officials to major political events like the National Prayer Breakfast, as they sought to construct a “back channel” with sympathetic, influential Americans.
Meanwhile Erickson, citing his Russian connections, tried to arrange a meeting between Putin and Trump in early 2016.
And that year Butina reportedly met Trump’s son Donald Trump Jr. at a private dinner in Louisville, Kentucky during the NRA annual convention.
The FBI’s investigation of Butina began before the probe led by Special Counsel Robert Mueller into possible collusion between the Trump campaign and Russia, and the indictment did not involve Mueller’s team.
But the two investigations clearly overlapped, and Butina has already been interviewed by the Senate committee studying Russian meddling.
On Wednesday Moscow said the arrest was a political move seeking undermine the gains of the Helsinki summit.
“This happened with the obvious task of minimizing the positive effect,” of the Trump-Putin meeting, said foreign ministry spokeswoman Maria Zakharova.
“There is an impression the FBI is simply carrying out a clearly political order,” she said.