Hackers possibly operating out of Russia hacked at least 195 web addresses belonging to the US President Donald Trump Organization or his personal family four years ago, according to a report from the Associated Press.
According to the report, the Trump Organization never admitted that the addresses were hacked, but neglected to repair some of the hijacked domains until contacted by AP reporters. Users who attempted to access the compromised websites were instead redirected to servers in St. Petersburg, Russia, which experts said contained malware.
Many of the affected web addresses were previously unused by the Trump Organization, which operates 3,300 addresses in total. Businesses often purchase domain names to prevent them being used maliciously by the company’s enemies.
Security experts told the AP that hackers likely accessed the websites through hosting site GoDaddy.com, by altering the domain registration records. Accounts at GoDaddy.com are regularly subjected to phishing attacks, which seek to trick users into providing usernames and passwords.
The affected web addresses included donaldtrump.org, donaldtrumpexecutiveoffice.com, donaldtrumprealty.com and barrontrump.com, and were hijacked over August and September of 2013.
According to the AP’s investigation, the hackers were unable to access actual server computers at the Trump Organization or other Trump assets.
GoDaddy.com’s CEO declined to comment to the AP on specific customer accounts. A cybersecurity expert told the news service that the failure to detect the breaches likely were the result of inadequate practices at the Trump Organization.
“There’s no way something like this could go by in the Bloomberg empire without this being seen,” Farsight Security CEO Paul Vixie told the news service, adding: “This is beyond me. I have simply never seen a benefit accrue from an attack of this kind. I’m at a loss, unless it’s a demonstration of capabilities.”