1
0

Was a Fat Birther Server Communicating With Russia?


 invite response                
2016 Oct 31, 3:48pm   9,772 views  19 comments

by HydroCabron   ➕follow (1)   💰tip   ignore  

Since Comey ruled out announcing the FBI investigation into Trump's Russian ties - on account of it being too close to the election to do so - we are left to ponder the evidence of an electronic Trump-Putin backdoor connection independently.

Some of the most trusted DNS specialists—an elite group of malware hunters, who work for private contractors—have access to nearly comprehensive logs of communication between servers. They work in close concert with internet service providers, the networks through which most of us connect to the internet, and the ones that are most vulnerable to massive attacks. To extend the traffic metaphor, these scientists have cameras posted on the internet’s stoplights and overpasses. They are entrusted with something close to a complete record of all the servers of the world connecting with one another.

In late July, one of these scientists—who asked to be referred to as Tea Leaves, a pseudonym that would protect his relationship with the networks and banks that employ him to sift their data—found what looked like malware emanating from Russia. The destination domain had Trump in its name, which of course attracted Tea Leaves’ attention. But his discovery of the data was pure happenstance—a surprising needle in a large haystack of DNS lookups on his screen. “I have an outlier here that connects to Russia in a strange way,” he wrote in his notes. He couldn’t quite figure it out at first. But what he saw was a bank in Moscow that kept irregularly pinging a server registered to the Trump Organization on Fifth Avenue.

More data was needed, so he began carefully keeping logs of the Trump server’s DNS activity. As he collected the logs, he would circulate them in periodic batches to colleagues in the cybersecurity world. Six of them began scrutinizing them for clues.

The researchers quickly dismissed their initial fear that the logs represented a malware attack. The communication wasn’t the work of bots. The irregular pattern of server lookups actually resembled the pattern of human conversation—conversations that began during office hours in New York and continued during office hours in Moscow. It dawned on the researchers that this wasn’t an attack, but a sustained relationship between a server registered to the Trump Organization and two servers registered to an entity called Alfa Bank.

The researchers had initially stumbled in their diagnosis because of the odd configuration of Trump’s server. “I’ve never seen a server set up like that,” says Christopher Davis, who runs the cybersecurity firm HYAS InfoSec Inc. and won a FBI Director Award for Excellence for his work tracking down the authors of one of the world’s nastiest botnet attacks. “It looked weird, and it didn’t pass the sniff test.” The server was first registered to Trump’s business in 2009 and was set up to run consumer marketing campaigns. It had a history of sending mass emails on behalf of Trump-branded properties and products. Researchers were ultimately convinced that the server indeed belonged to Trump. (Click here to see the server’s registration record.) But now this capacious server handled a strangely small load of traffic, such a small load that it would be hard for a company to justify the expense and trouble it would take to maintain it. “I get more mail in a day than the server handled,” Davis says.

That wasn’t the only oddity. When the researchers pinged the server, they received error messages. They concluded that the server was set to accept only incoming communication from a very small handful of IP addresses. A small portion of the logs showed communication with a server belonging to Michigan-based Spectrum Health. (The company said in a statement: “Spectrum Health does not have a relationship with Alfa Bank or any of the Trump organizations. We have concluded a rigorous investigation with both our internal IT security specialists and expert cyber security firms. Our experts have conducted a detailed analysis of the alleged internet traffic and did not find any evidence that it included any actual communications (no emails, chat, text, etc.) between Spectrum Health and Alfa Bank or any of the Trump organizations. While we did find a small number of incoming spam marketing emails, they originated from a digital marketing company, Cendyn, advertising Trump Hotels.”)

Spectrum accounted for a relatively trivial portion of the traffic. Eighty-seven percent of the DNS lookups involved the two Alfa Bank servers. “It’s pretty clear that it’s not an open mail server,” Camp told me. “These organizations are communicating in a way designed to block other people out.”

Earlier this month, the group of computer scientists passed the logs to Paul Vixie. In the world of DNS experts, there’s no higher authority. Vixie wrote central strands of the DNS code that makes the internet work. After studying the logs, he concluded, “The parties were communicating in a secretive fashion. The operative word is secretive. This is more akin to what criminal syndicates do if they are putting together a project.” Put differently, the logs suggested that Trump and Alfa had configured something like a digital hotline connecting the two entities, shutting out the rest of the world, and designed to obscure its own existence. Over the summer, the scientists observed the communications trail from a distance.
...
Tea Leaves and his colleagues plotted the data from the logs on a timeline. What it illustrated was suggestive: The conversation between the Trump and Alfa servers appeared to follow the contours of political happenings in the United States. “At election-related moments, the traffic peaked,” according to Camp. There were considerably more DNS lookups, for instance, during the two conventions.

In September, the scientists tried to get the public to pay attention to their data. One of them posted a link to the logs in a Reddit thread. Soon, the New York Times’ Eric Lichtblau and Steven Lee Myers began chasing the story. (They are still pursuing it.) Lichtblau met with a Washington representative of Alfa Bank on Sept. 21, and the bank denied having any connection to Trump. (Lichtblau told me that Times policy prevents him from commenting on his reporting.)

The Times hadn’t yet been in touch with the Trump campaign—Lichtblau spoke with the campaign a week later—but shortly after it reached out to Alfa, the Trump domain name in question seemed to suddenly stop working. When the scientists looked up the host, the DNS server returned a fail message, evidence that it no longer functioned. Or as it is technically diagnosed, it had “SERVFAILed.” (On the timeline above, this is the moment at the end of the chronology when the traffic abruptly spikes, as servers frantically attempt to resend rejected messages.) The computer scientists believe there was one logical conclusion to be drawn: The Trump Organization shut down the server after Alfa was told that the Times might expose the connection. Weaver told me the Trump domain was “very sloppily removed.” Or as another of the researchers put it, it looked like “the knee was hit in Moscow, the leg kicked in New York.”

Four days later, on Sept. 27, the Trump Organization created a new host name, trump1.contact-client.com, which enabled communication to the very same server via a different route. When a new host name is created, the first communication with it is never random. To reach the server after the resetting of the host name, the sender of the first inbound mail has to first learn of the name somehow. It’s simply impossible to randomly reach a renamed server. “That party had to have some kind of outbound message through SMS, phone, or some noninternet channel they used to communicate [the new configuration],” Paul Vixie told me. The first attempt to look up the revised host name came from Alfa Bank. “If this was a public server, we would have seen other traces,” Vixie says. “The only look-ups came from this particular source.”

According to Vixie and others, the new host name may have represented an attempt to establish a new channel of communication. But media inquiries into the nature of Trump’s relationship with Alfa Bank, which suggested that their communications were being monitored, may have deterred the parties from using it. Soon after the New York Times began to ask questions, the traffic between the servers stopped cold.

Comments 1 - 19 of 19        Search these comments

1   Y   2016 Oct 31, 4:22pm  

blah blah..break it down into a 3 sentence synopsis and post the link...

2   HydroCabron   2016 Oct 31, 4:32pm  

Ranina ranina says

blah blah..break it down into a 3 sentence synopsis and post the link...

Sorry - I know you're busy with your research on the 22 million missing Bush emails, so here it is again:

http://www.slate.com/articles/news_and_politics/cover_story/2016/10/was_a_server_registered_to_the_trump_organization_communicating_with_russia.html

Computer security experts looking for Malware or other suspicious attacks on Clinton and Trump servers found a strange Trump-registered server. The server was configured secretively, and communicated almost entirely with a bank controlled by Putin's minions. Traffic on the server rose and fell in time with political events in the US. Once the New York Times made aboveboard inquiries to Trump's organization, the server (and the link to Alfa Bank) was first reconfigured, then shut down.

3   FNWGMOBDVZXDNW   2016 Oct 31, 7:47pm  

Personally, I think that Trump was privy to the DNC emails long before they came out on wikileaks. His random speculation on the DNC rigging things against Bernie was too good. The guy doesn't have ESP and in many ways behaves like an idiot. I highly doubt it was intuition, although he tries to project that as an asset.

4   Y   2016 Oct 31, 10:36pm  

He could be autistic with a penchant for seeing through bullshit...

YesYNot says

His random speculation on the DNC rigging things against Bernie was too good.

5   Tenpoundbass   2016 Nov 1, 9:34am  

First Hillary was hacked by Russia, when she was not. Now Trump has been hacked by Russia.

They just Lie it's all they do.

6   Tampajoe   2016 Nov 1, 9:34am  

No, she still was hacked by Russia. Despite your attempts to believe otherwise.

7   Shaman   2016 Nov 1, 9:42am  

I really hope it's true that Trump has secret communications with the Russians. That would mean that he intends to talk with and cooperate with them rather than start WWIII with them as Hitlery has sworn to do.
I've said this before: in an increasingly dangerous world where technology is acting as a lever to enhance the danger of malicious individuals and small nations, the USA needs allies that are powerful to keep things safe. If we are friends with Russia and a nuke is stolen by jihadis, we can work together to retrieve it swiftly, rather than play cat and mouse and then disavow all responsibility and run away.
I hope this DNC conspiracy is true even if I suspect it's a bunch of total hogwash.

8   HydroCabron   2016 Nov 1, 9:45am  

jazz music says

This is damning evidence that Trump is in conspiracy with Putin to subvert our democratic process

What's interesting is that the higher-probability bet here is still that Putin is manipulating Trump as a puppet - unwitting or not - rather than a partner.

That is, Trump's role is weak, passive and/or unsuspecting.

After all, Putin is competent, and knows better than to trust Trump as a partner.

Putin is not a sentimental man who trusts or builds connections through friendship & quid-pro-quo deals. He's somewhat colder:

9   HydroCabron   2016 Nov 1, 9:47am  

Quigley is deplorable says

the USA needs allies that are powerful

Putin is the thug head of a failed nation with a smaller GDP than Italy. Let that sink in. He can't afford a first-class military on that budget, and he knows it.

Quigley is deplorable says

where technology is acting as a lever to enhance the danger of malicious individuals and small nations

Putin is a malicious individual from a small nation.

10   FNWGMOBDVZXDNW   2016 Nov 1, 9:49am  

I also hope that Trump has been colluding with Russia to steal DNC emails and rig the election in his favor. If he can get into power in the US, think of how he will be able to cheat and steal elections. He might even reach Putin status. We won't be subject to all of the suspense every 4 years, and millions of babies will no longer be getting ripped out of wombs the day before birth. Oh, yeah, and we'll be number 1 again.

11   FNWGMOBDVZXDNW   2016 Nov 1, 9:52am  

HydroCabron says

unwitting or not - rather than a partner.

unwitting for sure. Trump is a clever monkey, but he has the emotional intelligence of an 8 yr old.

12   HydroCabron   2016 Nov 1, 9:55am  

YesYNot says

unwitting for sure. Trump is a clever monkey, but he has the emotional intelligence of an 8 yr old.

One thing Kellyanne Conway can do that Manafort and others could, is trick Trump into doing things.

Fat Birther can't act on advice from others - it's too hurtful, so much so that he has a personal policy of "not invented here": if it doesn't come from within his own brain, it's a bad idea. So you have to play on his weakness and vanity, even to act in his own interest. He's suitable only as a puppet, not as a partner.

13   FNWGMOBDVZXDNW   2016 Nov 1, 9:59am  

HydroCabron says

Kellyanne Conway can do that Manafort and others could, is trick Trump into doing things.

That's why Trump likes working with women. They have experience manipulating men while making the men think that they are big and powerful and in charge. So, only women are able to help Trump succeed. Plus, he can grope their vaginas, which is tremendous.

14   Shaman   2016 Nov 1, 10:14am  

HydroCabron says

Putin is a malicious individual from a small nation

Isn't Russia the absolute largest nation in the world? Do you ever get your facts correct?

15   Y   2016 Nov 1, 10:32am  

He doesn't need a first class military.

http://nationalinterest.org/feature/these-russian-nukes-are-better-americas-15926

HydroCabron says

Putin is the thug head of a failed nation with a smaller GDP than Italy. Let that sink in. He can't afford a first-class military on that budget, and he knows it.

16   turtledove   2016 Nov 3, 5:11pm  

Steven Seagal Is Now A Citizen Of Russia, Courtesy Of Putin
http://www.npr.org/sections/thetwo-way/2016/11/03/500535943/steven-seagal-is-now-a-citizen-of-russia-courtesy-of-putin

Smoking gun, right there.

17   FNWGMOBDVZXDNW   2016 Nov 3, 6:43pm  

If Trump is half as gay as Steven Seagal's run, Pride parade is going to be a national holiday.

18   HydroCabron   2016 Nov 3, 9:13pm  

DieBankOfAmericaPhukkingDie says

I toss on any Charles Bronson movie. Shoots people in the face in total silence and enjoys watching them die

Could you make a bullet or shell out of, for the sake of argument, gluten?

Like, say, there was a Whole Foods 200 yards away from your house. As a hypothetical, could a mortar or Howitzer shell be used to deliver a big load of gluten through the front windows?

Asking for a friend.

19   anonymous   2016 Nov 3, 9:16pm  

OMG, the evidence is overwhelming. Today, I discovered 8 computers on my company's network communicating with Russia. Those employees must be spies for Trump looking for ways to bring back the Cold War.

Please register to comment:

api   best comments   contact   latest images   memes   one year ago   random   suggestions