President-elect Donald Trump tapped Rudy Giuliani as his “go to” guy this week on cybersecurity, but it turns out that Giuliani’s New York firm could use a little better security of its own.
The website for the former New York mayor’s firm, Giuliani Security, is riddled with vulnerabilities, and numerous tech experts cackled over the irony on social media.
“You wouldn’t need to be uber-skilled to hack it,” Aaron M. Hill, a web developer at Cornell University in Ithaca, New York, who was among those bantering about the website’s shortcomings on Twitter, said in a telephone interview.
And by afternoon, that may have been the case. The site was periodically unavailable much of the day.
Sign Up and Save
Get six months of free digital access to The Sacramento Bee
“A 7-year-old could take that site down,” tweeted Paul Gilzow, a programmer and security analyst from Columbia, Missouri.
The Trump transition office announced Thursday morning that Giuliani, part of a core group of Republican Trump loyalists during the campaign, had been tapped to “lend expertise to cybersecurity efforts.” The announcement didn’t offer many details about how Giuliani would fulfill his role, noting simply that hacks are rampant.
“Cyber intrusion is the fastest growing crime in the United States and much of the world,” the statement said.
The announcement prompted a few programmers to conduct their own free website analysis of giulianipartners.com. Their verdict? Pathetic. Sad.
Indeed, some may have tried their hand at a little mischief. “Service temporarily unavailable,” flashed the screen when one visitor sought to browse there in the afternoon.
“Seems Rudy may need a cybersecurity chief for himself,” tweeted Jeremiah Grossman, whose profile said he is chief of security strategy for SentinelOne, a cybersecurity company.
Others came to Giuliani’s defense.
“Giuliani has a ‘security’ business, not a ‘cybersecurity’ business. He hasn’t done anything ‘cyber’ related,” tweeted Rob Graham, a Georgia-based security analyst.
No one returned a query left on an answering machine at the New York firm’s office. While Giuliani could not be reached, he did speak Thursday on CNN about how he would lead a council of business executives from various industries that have suffered cyberattacks. Cyber intrusions are debilitating to U.S. business, he said, and industry leaders have not yet chosen to battle them collaboratively.
“This is like cancer. Everybody is studying it. Everybody has solutions. But nobody really talks to each other. Maybe we’ve cured it and don’t know,” Giuliani said.
In a conference call with reporters later, Giuliani said, “We’ve let our (cyber) defense fall behind.”
If Giuliani has shortcomings on internet security, Trump suggested on New Year’s Eve that “no computer is safe” and that it is better to send sensitive information by courier.
Back in September, Trump brought up his son, Barron, as the computer-savvy one in the family: “I have a son. He’s 10 years old. He has computers. He is so good with these computers, it’s unbelievable. The security aspect of cyber is very, very tough. And maybe it’s hardly doable. But I will say, we are not doing the job we should be doing.”
To help Giuliani out, a Kansas man, Michael Fienen, began tweeting about the vulnerabilities on his consultancy’s website, and within hours experts had identified more than a dozen problems that security experts consider egregious. Among them:
▪ The 4-year-old version of the open-source platform, or content management system, on which the website was built, Joomla!, has more than 10 known vulnerabilities to hackers.
▪ The site uses Adobe Flash, a multimedia viewing program that has become so flawed that even Adobe no longer recommends its use.
▪ The site uses an outdated script language and allows outsiders to access a log-in page for the content management system and the server’s remote log-in system, making the site far less secure.
Those were only a few of the reasons that security analysts gave the site a failing grade.
“Oh yeah, I totally trust this guy to put together a top notch (team) to protect us from hackers,” Fienen later tweeted.
Another twitter user, @swiftonsecurity, saw an upside for the cybersecurity business.
“Giuliani cyber security might be like the tow company who offers to charge for an oil change since you already have ur checkbook out,” the person said.