Engel, House Dems Write to White House Warning of Cybersecurity Deficiencies at Trump Properties
Washington D.C. –- (RealEstateRama) — Congressman Eliot Engel, the Ranking Member on the House Foreign Affairs Committee and a top Member on the House Energy and Commerce Committee, penned a letter to White House Counsel Donald McGahn signed by 23 of his House colleagues urging the White House to take immediate action to secure vulnerable networks at Trump properties, including Mar-a-Lago.
Recent reports have highlighted network vulnerabilities at several Trump properties where the President often spends time vacationing, taking meetings, and hosting foreign leaders. Among other deficiencies, these reports uncovered weakly encrypted wifi networks at Mar-a-Lago, unsuitable for protecting vital information. Full text of the letter can be found below:
June 7, 2017
The Honorable Donald McGahn
Counsel to the President
The White House
1600 Pennsylvania Avenue, NW
Washington, DC 20500
Dear Mr. McGahn:
Recent reports have highlighted serious network vulnerabilities at several Trump properties including and especially the Mar-a-Lago Club in Palm Beach, Florida. In light of these reports, we write to urge you to take all necessary steps to immediately secure the networks at Mar-a-Lago, and at the President’s other personal properties where he plans to execute the Office of the President of the United States. Cybersecurity experts noted that these vulnerabilities “could be used to remotely turn on the microphones and cameras of devices connected to the network.” Cyber-criminals and nation states have both the incentive and the ability to hack these networks to obtain sensitive information critical to our national security and international diplomacy. To leave these networks unsecured undermines our national priorities and the trust the American people place in the Office of the President.
Since taking office in January, the President has spent a substantial amount of time at Mar-a-Lago and has even hosted several foreign leaders there. The President has openly strategized and discussed national security issues on the club’s open-air terrace. Much of the information transmitted to Mar-a-Lago, and the President’s communications while there, are undoubtedly as sensitive as the information and communications that pass through the White House.
Recent reporting by ProPublica and Gizmodo unfortunately brought to light many cyber vulnerabilities that raise questions about the security of information at the retreat. This reporting found unsecured printers on the premises of the resort. Notably, a single unsecured wireless printer can create a back door within a network, creating a full network-wide vulnerability. More generally, unsecured wireless printers can also allow unauthorized persons to intercept sensitive information. To address these problems, the Defense Information Systems Agency requires military facilities to disable all wireless printing features.
Reporting also uncovered a weakly encrypted Wi-Fi network at Mar-a-Lago. The network in question uses a form of encryption that security researchers, for more than a decade, have found unsuitable for protecting sensitive information. Indeed, the U.S. Army prohibits the use of this weak form of encryption. In the Army’s Information Assurance Best Business Practice guide, the Army’s chief information officer notes that this form of encryption has “fundamental flaws that allow for the rapid compromise of the encryption using readily available tools.”
Finally, reporting also demonstrated Mar-a-Lago’s public facing website included unencrypted login pages to back-end databases containing sensitive information. Similarly, cyber authorities note that logging into a server remotely with an unencrypted protocol is a major risk. Until these vulnerabilities are addressed, we are concerned that sensitive or even classified information could be readily accessible to cyber criminals or nation states.
While the Government Accountability Office is currently investigating this matter, the White House must act immediately to secure the potentially sensitive information on these systems. Cybersecurity experts note that the data on these networks may already be stolen and the systems may already be compromised. Time is of the essence, and we urge your office to take immediate action. The risks are too high, and these vulnerabilities are too glaring to wait.
Eliot L. Engel; Mike Doyle; Brendan F. Boyle; Yvette D. Clarke; Diana DeGette; Anna G. Eshoo; Dwight Evans; Alcee L. Hastings; Sheila Jackson Lee; Pramila Jayapal; Barbara Lee; Ted W. Lieu; Doris Matsui; James P. McGovern; Jerry McNerney; Grace Meng; Donald M. Payne, Jr.; Scott Peters; Jamie Raskin; Bobby L. Rush; John Sarbanes; Carol Shea-Porter; Paul Tonko; Peter Welch.
Members of Congress
Jeff Larson et al., Any Half-Decent Hacker Could Break Into Mar-a-Lago, ProPublica (May 17, 2017).
Steve Holland, For Trump, Mar-a-Lago Is Place to Break the Ice With China’s Xi, Reuters (Apr. 5, 2017).
David A. Fahrenthold and Karen DeYoung, Trump Turns Mar-a-Lago Club Terrace Into Open-Air Situation Room, Washington Post (Feb. 13, 2017).
Vince Font, Risks of Unsecured Printers, Notebook Review (Dec. 1, 2016).
Defense Information Systems Agency, Multifunction Device and Network Printers Security Technical Implementation Guide (STIG) Overview, Version 2, Release 9 (Jan. 27, 2017).
Peter Sayer, Don’t Use WEP for Wi-Fi Security, Researchers Say, Computerworld (Apr. 4, 2007).
U.S. Army CIO/CG-6, Wireless Security Standards Version 4.0, Information Assurance Best Business Practice (June 26, 2017).
ProPublica, supra note 1.
Web Server/Site Administration Must Be Performed Over a Secure Path, STIG Viewer,
Letter from U.S. Government Accountability Office to Senator Elizabeth Warren (Mar 24, 2017).
ProPublica, supra note 1.