Trump’s Organization got compromised by Hackers 4 years Ago

In 2013, Hackers apparently gained access to the Trump Organization’s domain booking account and created at least 250 website subdomains that cybersecurity specialists refer to as “shadow” subdomains. Each one of these shadow Trump subdomains guided to a Russian IP address, implying that they were hosted at these Russian addresses. Every website domain is connected with one or more IP addresses. These locations allow the internet to find the server that receives the website. Authentic Trump Organization domains point to IP locations that are hosted in the United States or countries where the organization operates. The production of these shadow subdomains within the Trump Organization system was visible in the publicly available studies of the company’s domains.

The subdomains and their associated Russian IP addresses have frequently been linked to possible malware attacks, having been flagged in well-known research databases as likely associated with malware. The vast bulk of the shadow subdomains remained active until this week, showing that the Trump Organization had taken no steps to damage them. This suggests that the company for the past four years was ignorant of the breach. Had the infiltration been caught by the Trump Organization, the firm should have quickly decommissioned the shadow subdomains, according to cybersecurity specialists contacted by Mother Jones.

The existence of these shadow subdomains implies a possible security compromise within Trump’s business system that created the potential for unknown actors using these Trump Organization subdomains to launch cyber attacks that could trick computer users anywhere into handing over sensitive data and unknowingly allow the attackers path to their computers and network. In fact, the IP addresses affiliated with the fake subdomains are connected to an IP address for at least one domain before used by hackers to deploy malware known as an “exploit kit,” which can allow an attacker to gain a machine user’s passwords and logins or to take over another network and gain access to the files within it.