Two dozen House Democrats have sent a letter to White House counsel Donald McGahn, warning that digital security holes at the Trump Organization’s clubs and hotels are risks to national security and the secrecy of classified information.
“The White House must act immediately to secure the potentially sensitive information on these systems,” said the letter, which was signed by 24 Congress members and went to McGahn last week.
Their concerns were in response to an article published last month by ProPublica and Gizmodo that documented the cybersecurity vulnerabilities at properties the president has frequented since being elected. Our reporting found unencrypted login pages, servers running outdated software, accessible printers, and Wi-Fi networks that were open to anyone close enough to access them.
We were able to detect vulnerable networks at Mar-a-Lago — Trump’s “Southern White House” — from a small motorboat about 800 feet from the club on Florida’s Intracoastal Waterway. We also found open Wi-Fi networks at the grounds of the Trump golf courses in Bedminster, New Jersey, and accessible Wi-Fi-enabled printers at Trump’s course in Sterling, Virginia.
“To leave these networks unsecured undermines our national priorities and the trust the American people place in the Office of the President,” the letter warned.
The White House and the Trump Organization did not comment on the letter.
Rep. Eliot Engel, D-N.Y., the letter’s author, said the vulnerabilities revealed by our story demand immediate action, but he’s received no response from the administration so far. “It needs to be addressed quickly. Potentially every minute something is leaking,” he said. “It is too late to close the henhouse after the foxes come in.”
Since becoming president, Donald Trump has spent time at his clubs on most weekends and has met with foreign dignitaries like Japan’s Prime Minister Shinzo Abe and Chinese President Xi Jinping at Mar-a-Lago.
In February, members of Mar-a-Lago posted pictures of a dinner meeting between Trump and Abe on the patio of the club. Cybersecurity experts warned that sophisticated hackers could turn guests’ cellphones into clandestine listening devices if they gained access to the networks at the club.
Hackers may not need to travel to each of the Trump Organization’s clubs and hotels in order to gain access. We found that the Trump Hotel in Washington, D.C., was hosting a server running software that is more than a decade old and is still accessible from the internet.
After we notified the company that administers the Trump clubs’ websites about our findings, they disabled an insecure login page that lead to a database of sensitive information that we found on Mar-a-Lago’s website. However, the company, called Clubessential, has not locked down its customer documentation website, which includes usernames and passwords to internal accounts and is accessible to anyone with an internet connection.
Clubessential did not respond to a request for comment.
“Cyber-criminals and nation states have both the incentive and the ability to hack these networks to obtain sensitive information critical to our national security and international diplomacy,” the Congress members’ letter said.
Since our visits to Trump’s properties in early May, the president has spent four weekends at his clubs.
“He’s the president of the United States,” Engel said. “We should make sure he’s secure wherever he is.”