Hack­ers hi­jacked at least 195 Trump in­ter­net ad­dresses

Austin American-Statesman Sunday - - MORE OF TODAY’S TOP NEWS - By Tami Ab­dol­lah

WASH­ING­TON — Four years ago, well be­fore the furor over al­le­ga­tions Moscow med­dled in the 2016 elec­tion that put Don­ald Trump in the White House, at least 195 web ad­dresses be­long­ing to Trump, his fam­ily or his busi­ness em­pire were hi­jacked by hack­ers pos­si­bly op­er­at­ing out of Rus­sia, The As­so­ci­ated Press has learned.

The Trump Or­ga­ni­za­tion de­nied the do­main names were ever com­pro­mised. But a re­view of in­ter­net records by the AP and cy­ber­se­cu­rity ex­perts shows oth­er­wise. And it was not un­til this past week, af­ter the Trump camp was asked about it by the AP, that the last of the tam­pered-with ad­dresses were re­paired.

Af­ter the hack, com­puter users who vis­ited the Trump-re­lated ad­dresses were un­wit­tingly redi­rected to servers in St. Peters­burg, Rus­sia, that cy­ber­se­cu­rity ex­perts said con­tained ma­li­cious soft­ware com­monly used to steal pass­words or hold files for ran­som. Whether any­one fell vic­tim to such tac­tics is un­clear.

A fur­ther mys­tery is who the hack­ers were and why they did it.

The dis­cov­ery rep­re­sents a new twist in the Rus­sian hack­ing story, which up to now has fo­cused mostly on what U.S. in­tel­li­gence of­fi­cials say was a cam­paign by the Krem­lin to try to un­der­mine Demo­crat Hil­lary Clin­ton’s can­di­dacy and ben­e­fit Trump’s.

It is not known whether the hack­ers who tam­pered with the Trump ad­dresses are the same ones who stole Demo­cratic of­fi­cials’ emails and em­bar­rassed the party in the heat of the cam­paign last year. Nor is it clear whether the hack­ers were act­ing on be­half of the Rus­sian gov­ern­ment.

The af­fected ad­dresses, or do­main names, in­cluded don­aldtrump.org, don­aldtrumpex­ec­u­tive­of­fice. com, don­aldtrumpre­alty. com and bar­rontrump.com. They were com­pro­mised in two waves of at­tacks in Au­gust and Septem­ber 2013, ac­cord­ing to the re­view of in­ter­net records.

Many of the ad­dresses were not be­ing used by Trump. Busi­nesses and pub­lic fig­ures com­monly buy ad­dresses for pos­si­ble fu­ture use or to pre­vent them from fall­ing into the hands of ri­vals or en­e­mies. The Trump Or­ga­ni­za­tion and its af­fil­i­ates own at least 3,300 in all.

Ac­cord­ing to se­cu­rity ex­perts, the hack­ers hi­jacked the ad­dresses by pen­e­trat­ing and al­ter­ing the do­main reg­is­tra­tion records housed at GoDaddy.com, a seller of web ad­dresses.

Ac­counts at GoDaddy, like at any site that re­quires a user name and pass­word, are of­ten sub­ject to ma­li­cious mes­sages known as phish­ing at­tacks, which are de­signed to trick peo­ple to re­veal that per­sonal in­for­ma­tion to hack­ers.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.