Slashdot Mirror

← Back to Stories (view on slashdot.org)

Computer Scientists Believe a Trump Server Was Communicating With a Russian Bank (slate.com)

Posted by BeauHD on from the fraternizing-with-the-enemy dept.

In light of the Democratic National Committee hack by the Russians earlier this year, a "tightly knit community of computer scientists" working in a variety of fields came up with the hypothesis, "which they set out to rigorously test: If the Russians were worming their way into the DNC, they might very well be attacking other entities central to the presidential campaign, including Donald Trump's many servers." In late July, one of the scientists who asked to be referred to as Tea Leaves discovered possible malware emanating from Russia, with the destination domain having Trump in its name. What the researcher saw "was a bank in Moscow that kept irregularly pinging a server registered to the Trump Organization on Fifth Avenue": Slate Magazine reports: More data was needed, so he began carefully keeping logs of the Trump server's DNS activity. As he collected the logs, he would circulate them in periodic batches to colleagues in the cybersecurity world. Six of them began scrutinizing them for clues. The researchers quickly dismissed their initial fear that the logs represented a malware attack. The communication wasn't the work of bots. The irregular pattern of server lookups actually resembled the pattern of human conversation -- conversations that began during office hours in New York and continued during office hours in Moscow. It dawned on the researchers that this wasn't an attack, but a sustained relationship between a server registered to the Trump Organization and two servers registered to an entity called Alfa Bank. The server was first registered to Trump's business in 2009 and was set up to run consumer marketing campaigns. It had a history of sending mass emails on behalf of Trump-branded properties and products. Researchers were ultimately convinced that the server indeed belonged to Trump. But now this capacious server handled a strangely small load of traffic, such a small load that it would be hard for a company to justify the expense and trouble it would take to maintain it. That wasn't the only oddity. When the researchers pinged the server, they received error messages. They concluded that the server was set to accept only incoming communication from a very small handful of IP addresses. A small portion of the logs showed communication with a server belonging to Michigan-based Spectrum Health.

22 of 548 comments (clear)

  1. I've seen things at least that strange by ScentCone · · Score: 5, Insightful

    I have customers with nearly-abandoned dedicated servers on their own IPs and with some project-related whitelist rules that act very much like what's described in the summary. Those servers do things like wasting their time checking for updates from some custom module authors (some overseas), and some try to connect to long-gone services that have had their domains scooped up by (ready?) Russian typo-squatters and the like, but with IPs that resolve somewhere else entirely because they've been re-assigned to entirely different companies. And no, nobody dares to approve changing the configuration on these legacy servers ... and they keep paying to keep them online, despite the crickets chirping instead of activity on whatever legacy task they once did.

    There are all sorts of reasons this sort of behavior might materialize. You know, sort of like there might be all sorts of reasons that Huma Abedin's trove of email - in the hundreds of thousands - might bey on her creepy, estranged husband's laptop. I'm sorry, did I use her name? Woopsie! Hillary Clinton now calls her "a staffer."

    --
    Don't disappoint your bird dog. Go to the range.
    1. Re:I've seen things at least that strange by hey! · · Score: 5, Insightful

      From a logical standpoint this really tells us nothing. Just like existing the Abedin "trove" really tells us nothing. It's just a tabula rasa onto which people can project what they already believe.

      It wouldn't be surprising for Trump to have some kind of relationship with a Russian bank; that's not necessarily illegal. Now if you were looking for dirt, that'd be a good place to start looking, because there are sanctions against certain Russian firms and individuals. But it doesn't mean you'd find any.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
    2. Re:I've seen things at least that strange by LordLucless · · Score: 5, Insightful

      Read the whole story. It wasn't "typo-squatters" it was a Russian bank owned by oligarchs that was connecting to Trump's secret private email server.

      Uh, by "secret, private email server", do you mean the server openly and publicly registered to the Trump Organisation?

      --
      Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
    3. Re:I've seen things at least that strange by ScentCone · · Score: 4, Insightful

      It's a well-researched and written story.

      What it actually does is cherry-pick the wildest speculation they can come up with, and then (if you bother reading all the way through), points out exactly how eye-rollingly silly it is. A little bit of Occam's Razor applied to the situation, along with some actual experience with provisioned-by-third-party marketing mail servers left to rot for six years is instructive.

      Yes, it's well written in the sense that it conforms to Slate's editorial position on trying to get Hillary Clinton elected. It reaches into nothingness in an attempt to construct a narrative desperate to distract from their preferred candidate's flaming case of corruption while actually being a supposed public servant in a position of trust.

      --
      Don't disappoint your bird dog. Go to the range.
  2. Election season is Silly Season by davide+marney · · Score: 5, Insightful

    FTA: "Put differently, the logs suggested that Trump and Alfa had configured something like a digital hotline connecting the two entities, shutting out the rest of the world, and designed to obscure its own existence." Oh, you mean like the SSH setup I have for all my servers to only listen to known IPs for shell access? Uh, yeah, no kidding. Geez, politics can make people so stupid.

    --
    "We receive as friendly that which agrees with, we resist with dislike that which opposes us" - Faraday
    1. Re:Election season is Silly Season by ScentCone · · Score: 5, Insightful

      Geez, politics can make people so stupid.

      No, politics makes people PRETEND to be stupid so they can pretend they are outraged by things they are pretending they don't understand well enough, so they can speak their phony outrage out loud in hopes that some other ACTUALLY low-information person will pick up the outrage and run with it all the way to the voting booth. This story is bordering on that. But the credible treatment of it is definitely such.

      --
      Don't disappoint your bird dog. Go to the range.
    2. Re:Election season is Silly Season by meta-monkey · · Score: 4, Insightful

      politics makes people PRETEND to be stupid

      Also pretend to have no sense of humor. A Republican could ask why the chicken crossed the road and a Democrat would feign OUTRAGE because jaywalking is ILLEGAL and potential harm to animals IS NO LAUGHING MATTER and vice versa. It's all so tiresome.

      --
      We don't have a state-run media we have a media-run state.
  3. Re:BULL SH!T by Anonymous Coward · · Score: 5, Insightful

    It's been part of their modus operandi from day one. Whenever they're caught lying or committing crimes, they try to deflect the blame to someone else or change the topic into an attack on Trump or their accusers. The Russia boogeyman is a favorite for them.

    It's so tired by now, and they've been caught lying so many times (pretty much every time they open their mouths, they're lying) that nobody believes a thing they say. The DNC could say the sun rose this morning and I'd still check out my window to verify.

  4. Re:I trust Russia MORE than I trust the DNC by Anonymous Coward · · Score: 4, Insightful

    I trust Russia MORE than I trust the DNC. If Trump is in good with them, then good for him.

    To hell with Hillary and her cronies.

    Pure, unadulterated idiocy. ^^^^^

  5. Clinton's desperation by ooloorie · · Score: 4, Insightful

    Hey, Slashdot gets visited by Russian IP addresses too! Maybe Slashdot is working with Putin to leak Clinton's E-mails as well?

    Seriously, this bullshit coming from Clinton and her minions only shows how desperate they are.

    1. Re:Clinton's desperation by hey! · · Score: 4, Insightful

      However, Slashdot's servers respond to requests from anywhere, not just a particular Russian bank. So it's not the same thing. The evidence is enough to conclude that the Trump organization probably has some kind of relationship with that bank, which is not illegal per se.

      This is politics; if you leave yourself open to innuendo, you get shellacked. Trump could easily have avoided this by releasing his tax returns, just like Mitt Romney did.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
    2. Re:Clinton's desperation by stdarg · · Score: 4, Insightful

      What other side? Hasn't Romney endorsed Clinton? The most amazing thing about this election is the validation of the conspiracy theorists who have been saying we have one party rule. It's true, as unbelievable as that is. Bush? Clinton? Hey they're on the same side. Romney? Yep he's there too.

      Trump is the only major outsider candidate we've seen since at least Bush (senior) and Clinton, so around 30 years.

      The funny thing is how much we criticize places like China for the same kind of crap we have apparently been doing. The media largely functions as propaganda for the establishment. The political parties are basically on the same side. When you read the wikileaks stuff you see the so-called private sector working hand in hand with the government (like google's eric schmidt requesting to be head "outside adviser" to clinton's campaign).. it's like a big joke at this point.

      Voting for Clinton at this point is basically a vote to continue our slide into banana republic status.

  6. Re: Temper your enthusiasm by Bartles · · Score: 5, Insightful

    You guys nominated someone under criminal investigation by the FBI. The only people on earth who can't talk about how shitty Trump is are Clinton supporters.

  7. Re:BULL SH!T by Xenographic · · Score: 5, Insightful

    The evidence we're given is this:

    "What the researcher saw "was a bank in Moscow that kept irregularly pinging a server registered to the Trump Organization on Fifth Avenue": "

    A ping is an ICMP echo request. They can have data, but it's the same both ways and it's generally nothing meaningful. I get random pings and crap from everywhere, including Russia, China, etc. along with port scans and everything else. Frankly this is utter BS without more evidence than a random server responding to some pings and not others.

    It's also not clear how they were able to spy on this traffic without working at an ISP (where spying on your customers is generally frowned upon). But if they were in the middle of this, they could simply have inserted their own pings by spoofing the source address of some traffic. The article was a sad waste of time. There are lots of allegations that are based on nothing at all.

  8. Ar you people insane? Why is this in any way same? by SuperKendall · · Score: 5, Insightful

    You have to be totally insane to think Russians possibly having malware in some bank that tried to protect itself to begin with, is anything even CLOSE to the seriousness of the Secretary of State ignoring multiple warnings about how insecure a personal email server was when inevitably she'd be sending top secret material over email...

    Hillary brought all of her ills on herself and the blowback from it is not yet a hundredth of what it should be. Every single person who knows anything about computer security should be utterly ashamed at ever supporting her actions, and the fact that so many still support her makes me think there is no real hope ever for comprehensive computer security. The system is rotten to the core, many computer "professionals" willing to compromise a systems integrity at the drop of a hat.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  9. Re:No one is flipping to the Russians...sheesh by Anonymous Coward · · Score: 5, Insightful

    A rich white New Yorker is the oligarchy.

  10. Re:No one is flipping to the Russians...sheesh by phantomfive · · Score: 4, Insightful

    We know he's the last chance for a long, long time, if ever, to fuck with the oligarchs.

    It's not. These kinds of opportunities are bubbling up more and more often, though mainly at the state level. If Trump fails because of his foolishness, another will come along.

    Note that it's a constant struggle.......new guys come up, break the establishment, then settle in to become the new establishment. Andrew Jackson was an establishment breaker. Abraham Lincoln was one too, although by the time he became president, the establishment was more-or-less shattered. William Jennings Bryan tried but failed on his heavy cross of gold (reminds you of this comic). Roosevelt2 might have been considered an establishment breaker, although again it was rather broken by his time as well. Roosevelt1 probably was the establishment. Truman deserves a special mention for trying to reform the establishment from within, and to some degree he was successful.

    --
    "First they came for the slanderers and i said nothing."
  11. Re:possibily illegal by Xenographic · · Score: 5, Insightful

    You're right that they talk about DNS queries, but I'm pretty sure this is an actual ICMP echo:

    That wasn’t the only oddity. When the researchers pinged the server, they received error messages. They concluded that the server was set to accept only incoming communication from a very small handful of IP addresses.

    It can also be pretty easily explained by having a bunch of normal people on PCs behind a corporate firewall that doesn't accept traffic. Which makes sense because when they talk to the people, we find this:

    “Spectrum Health does not have a relationship with Alfa Bank or any of the Trump organizations. We have concluded a rigorous investigation with both our internal IT security specialists and expert cyber security firms. Our experts have conducted a detailed analysis of the alleged internet traffic and did not find any evidence that it included any actual communications (no emails, chat, text, etc.) between Spectrum Health and Alfa Bank or any of the Trump organizations. While we did find a small number of incoming spam marketing emails, they originated from a digital marketing company, Cendyn, advertising Trump Hotels.

    So, I'm still saying this looks like BS to me. Don't get me wrong, it's entirely possible that some Russian hacked something somewhere. I just don't buy there being a story here without more evidence than a few stray DNS queries.

  12. Re: Temper your enthusiasm by Plus1Entropy · · Score: 4, Insightful

    Has there been any presidential candidate in decades who wasnt a scoundrel?

    I know I'm going to get modded down for this, but yes: Barack Hussein Obama.

    --
    Only crack the nuts that crack. You don't put the ones that don't crack in the sack.
  13. Re:No one is flipping to the Russians...sheesh by jedidiah · · Score: 4, Insightful

    > A rich white New Yorker is the oligarchy.

    You mean the senator from New York?

    --
    A Pirate and a Puritan look the same on a balance sheet.
  14. Re: BULL SH!T by I'm+New+Around+Here · · Score: 5, Insightful

    There's no real evidence of Hillary's lies,

    You don't think Congressional testimony counts as evidence?

    --
    If you think I voted for Trump because of this post, you're wrong. I voted for Dr. Jill Stein of the Green Party. Again.
  15. Re: possibily illegal by Xenographic · · Score: 4, Insightful

    The hacks have exposed a ton of crap. Possible evidence of us selling weapons to Isis in Libya (RIP Vile Rat) and trying to claw them back, they faked violence at the Trump rallies (and blamed Bernie), they were talking about making hay of Trump's "bromance" with Putin long ago, they utterly shafted Bernie in every way. He even had people give him fake support just to steal his voters back at the end. They faked a Craigslist ad for Trump that was disgustingly sexist. Nobody there trusts each other. Carlos Danger (Anthony Wiener's) ways were known long ago, he appears to have gotten leaked classified info from his wife, top Clinton aide Huma, enough so that Huma sent emails from Hillary's device and vice versa, also forwarding classified things to webmail (Yahoo, Gmail). They talk about being especially worried about the sensitive pic of North Korea that was in her emails. They talk about quid pro quo to declassify one of the items she sent retroactively. In 2010, they talk about "how we just changed an entire Governor's race in 48 hours--without any fingerprints." They discuss an email from "Diane Reynolds" (Chelsea Clinton) about how the apple doesn't fall from the tree: you get a kiss on the cheek, then stabbed in the front and in the back. Hillary, if you're wondering, goes by "Evergreen" and "hrod" among other things. I haven't even covered the half of things, either. Oh, and FYI, some of that is from the FBI's response to FOIA requests, the rest is from the Podesta email dumps, which as we all should know, can be cryptographically validated via the DKIM signatures.

    But yeah, let's worry about whether maybe Russia informed us of this. You know what Russia's stake in the election is?

    Russia doesn't want to go to war with us over Syria.

    Do you?