Two weeks ago, on a sparkling spring morning, we went trawling along Florida’s coastal waterway. But not for fish.
We parked a 17-foot motor boat in a lagoon about 800 feet from the back lawn of the Mar-a-Lago Club in Palm Beach, and pointed a two-foot wireless antenna that resembled a potato gun toward the club. Within a minute, we spotted three weakly encrypted Wi-Fi networks. We could have hacked them in less than five minutes, but we refrained.
A few days later, we drove through the grounds of the Trump National Golf Club in Bedminster, N.J., with the same antenna and aimed it at the clubhouse. We identified two open Wi-Fi networks that anyone could join without a password. We resisted the temptation.
We also visited two of President Donald Trump’s other family-run retreats, the Trump International Hotel in Washington, D.C., and a golf club in Sterling, Va. Our inspections found weak and open Wi-Fi networks, wireless printers without passwords, servers with outdated and vulnerable software, and unencrypted login pages to back-end databases containing sensitive information.
The risks posed by the lax security, experts say, go well beyond simple digital snooping. Sophisticated attackers could take advantage of vulnerabilities in the Wi-Fi networks to take over devices like computers or smart phones and use them to record conversations involving anyone on the premises.
“Those networks all have to be crawling with foreign intruders, not just [Gizmodo and] ProPublica,” said Dave Aitel, chief executive officer of Immunity, Inc., a digital security company, when we told him what we found.