Less than a month before he was elected president, Donald Trump promised to make cybersecurity “an immediate and top priority for my administration.” He had talked about technology often on the campaign trail—mostly to attack Hillary Clinton for using a private email server when she was Secretary of State. But less than two weeks into his presidency, it’s Trump and his team who have struggled to plug important security holes, some of which are reminiscent of Clinton’s troubles.
Rather than sparking an uproar, the problems have largely been buried the by other changes and crises of the Trump administration’s first days. But even without the distracting firehose of executive orders, announcements, and tweets, half of America wouldn’t blink at the new president’s computer-security shortcomings. That’s because cybersecurity, like just about everything else, has become burdened with political baggage.
Here’s a short rundown of the security problems that dogged Trump’s White House during his first week as president:
- President Trump still uses his personal smartphone—and according to an analysis at Android Central, it’s a Samsung Galaxy S3, a phone first introduced in 2012. “A Galaxy S3 does not meet the security requirements of the average teenager, let alone the purported leader of the free world,” wrote Nicholas Weaver, a researcher at the International Computer Science Institute in Berkeley, in Lawfare. It’s safe to assume that the president’s Android phone has already been compromised by at least one foreign intelligence service, Weaver wrote, and is giving foreign agents constant access to Trump’s location, or recording everything that’s said near the device at all times.
- Several of Trump’s top staffers, meanwhile, appear to have been using private email addresses hosted by the Republican National Committee until last week. Kellyanne Conway, Jared Kushner, Sean Spicer, and Steve Bannon all had email addresses that ended in rnchq.com, Newsweek reported, opening them up to hacking attacks—as well as to some of the same criticisms that were leveled at Clinton during the campaign.
- The Twitter accounts of several of those same advisors—as well as the official @POTUS and @VP accounts—were found to have poor security settings that can make it easy to guess the email addresses associated with them. The @POTUS and @VP accounts had been secured with private Gmail addresses, as were accounts belonging to Bannon, Trump’s chief strategist, and Spicer, his press secretary. If any of those personal email addresses were compromised—via a spearphishing attack, for example, which was how hackers got into John Podesta’s emails—the connected Twitter accounts could easily be taken over, too. As Joseph Bernstein wrote in BuzzFeed earlier this month, a takeover of Trump’s Twitter accounts could lead to a national-security disaster in any number of ways.
- On the topic of Twitter: Since taking over the official @PressSec account, Spicer has twice tweeted, and then quickly deleted, a meaningless string of letters and numbers. They may have been his Twitter passwords.
- The one person in Trump’s inner circle who’s specifically designated to advise him on cybersecurity matters, Rudy Giuliani, doesn’t seem very qualified for the job. The former New York City mayor started a cybersecurity consulting company after the end of his mayoralty—but as Zach Whittaker wrote in ZDNet, it’s very unclear what the company actually does. In his public statements on cybersecurity, Giuliani has compared hacking to cancer, and hackers to the Mafia. His company’s website, now inactive, was plagued with security issues. And he only discovered Signal, the gold standard of secure messaging, a few weeks ago, when “one of my cybersecurity experts downloaded it for me,” he told The Wall Street Journal.