Saturday, March 11, 2017

Focus Turns Again to ‘Odd’ Computer Link Between Trump Organization and Russia’s Alfa Bank

From: Towleroad
 Focus turned again his week to computer links between the Trump organization and Russia’s Alfa Bank.

If you’ve been following this for a few months, you’ll remember we reported on the activity last November after it was noted in an article from Slate.

Slate reported that Donald Trump possessed a private server discovered by DNS specialists to be sending unusual communications with a Russian entity called Alfa Bank.


The researchers quickly dismissed their initial fear that the logs represented a malware attack. The communication wasn’t the work of bots. The irregular pattern of server lookups actually resembled the pattern of human conversation—conversations that began during office hours in New York and continued during office hours in Moscow. It dawned on the researchers that this wasn’t an attack, but a sustained relationship between a server registered to the Trump Organization and two servers registered to an entity called Alfa Bank.
The researchers had initially stumbled in their diagnosis because of the odd configuration of Trump’s server. “I’ve never seen a server set up like that,” says Christopher Davis, who runs the cybersecurity firm HYAS InfoSec Inc. and won a FBI Director Award for Excellence for his work tracking down the authors of one of the world’s nastiest botnet attacks.

While many questions remain about the messages transmitted between the two servers, and whether they were email or something else, the researchers could make out patterns:

Tea Leaves and his colleagues plotted the data from the logs on a timeline. What it illustrated was suggestive: The conversation between the Trump and Alfa servers appeared to follow the contours of political happenings in the United States. “At election-related moments, the traffic peaked,” according to Camp. There were considerably more DNS lookups, for instance, during the two conventions.

And once journalists started looking into it, the activity abruptly quit:

The Times hadn’t yet been in touch with the Trump campaign—Lichtblau spoke with the campaign a week later—but shortly after it reached out to Alfa, the Trump domain name in question seemed to suddenly stop working. When the scientists looked up the host, the DNS server returned a fail message, evidence that it no longer functioned. Or as it is technically diagnosed, it had
“SERVFAILed.” (On the timeline above, this is the moment at the end of the chronology when the traffic abruptly spikes, as servers frantically attempt to resend rejected messages.) The computer scientists believe there was one logical conclusion to be drawn: The Trump Organization shut down the server after Alfa was told that the Times might expose the connection.

Slate concludes that “What the scientists amassed wasn’t a smoking gun. It’s a suggestive body of evidence that doesn’t absolutely preclude alternative explanations” but it deserves attention in the context of all the other suspicious Russia – Trump ties that are turning up.

Now, news comes that the FBI and computer scientists continue to investigate the links, CNN reports:

Questions about the possible connection were widely dismissed four months ago. But the FBI’s investigation remains open, the sources said, and is in the hands of the FBI’s counterintelligence team — the same one looking into Russia’s suspected interference in the 2016 election.
One U.S. official said investigators find the server relationship “odd” and are not ignoring it. But the official said there is still more work for the FBI to do. Investigators have not yet determined whether a connection would be significant
The server issue surfaced again this weekend, mentioned in a Breitbart article that, according to a White House official, sparked President Trump’s series of tweets accusing investigators of tapping his phone.
CNN is told there was no Foreign Intelligence Surveillance Act warrant on the server.

Watch:

No comments:

Post a Comment