Trump’s cybersecurity practices have been a ‘Sad!’ sight

In his first week as president, Donald Trump has provided fodder for a thousand columns, not many of which will shine a good light on him. But this is a tech column, so let me focus on a lesser discussed, but still critical, component of the Trump administration: cybersecurity.

Trump and his administration have been unfathomably bad in ensuring their email correspondence and social media accounts will be properly protected. A few prominent cybersecurity researchers now believe that it is probably more accurate to assume Trump’s smartphone and accounts are compromised by hackers.

Trump is still sending his tweets from his personal, unsecured Android phone — he has previously said it was a Samsung Galaxy — from the White House, according to The New York Times. Trump was supposed to trade that phone for a more secure one when he entered the White House. Some of his aides rightly protested the refusal, because that phone is a ticking time bomb waiting to go off.

Assuming it’s a Samsung Galaxy S3 or S4, made from 2012 or 2013, Trump’s phone is already too geriatric to fight back against the most common phishing tactics used by hackers nowadays. That phone is so old that hacking it would be a worthwhile homework assignment for some undergraduate classes, according to UC Berkeley cybersecurity researcher Nicholas Weaver.

Weaver continues in his blog: “The working assumption should be that Trump’s phone is compromised by at least one — probably multiple — hostile foreign intelligence services and is actively being exploited … Security experts were rightly aghast to learn that Secretary Hillary Clinton kept her BlackBerry in her secure office in the State Department. This is far worse.”

Other problems with Trump’s Twitter account were discovered in the past week. The account was linked to a Gmail account — most likely that of Trump’s social media director Dan Scavino — with no two-factor authentication.

Two-factor authentication, an extra layer of security where the account user is sent a code via text to confirm their identity, is now considered the basic standard of a secure social media or email account. But Trump’s Twitter account did not have it until it was brought to his staff’s attention on Twitter.

The people working for Trump have been as bad as Trump in maintaining even the bare minimum in cybersecurity. Press secretary Sean Spicer twice tweeted incoherent strings of numbers and letters that may very well have been his passwords. Spicer, along with other Trump staffers, like Steve Bannon and Kellyanne Conway, were using private Republican National Committee emails, according to Newsweek. (The email accounts were either deleted or changed.)

While it is not illegal to use private emails outside of the White House email, Trump staffers should know better than to rely on using private RNC emails, especially considering how they raised hell and “Lock her up” chants against Clinton and her emails following the Democratic National Convention hack.

I understand that people around Trump’s age can be confused by the proper ways to secure their emails and phones and whatnot. But unlike my parents, who have been hacked before, or possibly you and me, the President of the United States has unlimited resources and no excuse not to shore up his cyber defenses when entering office.

I am relieved the White House finally came to its senses and fixed its most glaring problems. And perhaps you may use this for your own educational benefit, too. But if this is just the beginning, the White House is just asking for a future leak of emails or other sensitive data.

On Thursday, Facebook COO Sheryl Sandberg criticized Trump’s reinstatement of the global gag rule, which bans federal funding for any international nongovernmental organizations that offer any abortion services.

“The best way to prevent abortion is through more family planning services, not fewer,” Sandberg wrote on her Facebook profile.

In tech circles, Sandberg’s stance against Trump was a long time coming — and maybe a bit late. Many in the tech press have noticed that Sandberg, a best-selling author who championed female worker’s empowerment in her book “Lean In” and a well-known Democratic donor, went silent after the election. It became clearly apparent when Sandberg, who is very active on Facebook, did not share anything about the Women’s March.

Many wonder how much Sandberg’s first anti-Trump statement was sparked by an essay written by veteran Silicon Valley journalist Sarah Lacy in her tech news website PandoDaily, calling Sandberg out for her “deafening post-November silence.” It was published on Thursday morning, hours before Sandberg’s global gag rule critique.

“Sandberg has a choice,” Lacy wrote. “She can prioritize what she’s told the world she believes in or she can prioritize her fiduciary duty. Unfortunately, she finds herself — and the world finds itself — in a position where those two things are in conflict.”

As we dive deeper into the Trump presidency, we will see more of these conflicts come to the fore in Silicon Valley.

Source:http://www.sfexaminer.com/trumps-cybersecurity-practices-sad-sight/