Slashdot Mirror
Computer Scientists Believe a Trump Server Was Communicating With a Russian Bank (slate.com)
In light of the Democratic National Committee hack by the Russians earlier this year, a "tightly knit community of computer scientists" working in a variety of fields came up with the hypothesis, "which they set out to rigorously test: If the Russians were worming their way into the DNC, they might very well be attacking other entities central to the presidential campaign, including Donald Trump's many servers." In late July, one of the scientists who asked to be referred to as Tea Leaves discovered possible malware emanating from Russia, with the destination domain having Trump in its name. What the researcher saw "was a bank in Moscow that kept irregularly pinging a server registered to the Trump Organization on Fifth Avenue": Slate Magazine reports: More data was needed, so he began carefully keeping logs of the Trump server's DNS activity. As he collected the logs, he would circulate them in periodic batches to colleagues in the cybersecurity world. Six of them began scrutinizing them for clues. The researchers quickly dismissed their initial fear that the logs represented a malware attack. The communication wasn't the work of bots. The irregular pattern of server lookups actually resembled the pattern of human conversation -- conversations that began during office hours in New York and continued during office hours in Moscow. It dawned on the researchers that this wasn't an attack, but a sustained relationship between a server registered to the Trump Organization and two servers registered to an entity called Alfa Bank. The server was first registered to Trump's business in 2009 and was set up to run consumer marketing campaigns. It had a history of sending mass emails on behalf of Trump-branded properties and products. Researchers were ultimately convinced that the server indeed belonged to Trump. But now this capacious server handled a strangely small load of traffic, such a small load that it would be hard for a company to justify the expense and trouble it would take to maintain it. That wasn't the only oddity. When the researchers pinged the server, they received error messages. They concluded that the server was set to accept only incoming communication from a very small handful of IP addresses. A small portion of the logs showed communication with a server belonging to Michigan-based Spectrum Health.
A Veteran Spy Has Given the FBI Information Alleging a Russian Operation to Cultivate Donald Trump
"It started off as a fairly general inquiry," says the former spook, who asks not to be identified. But when he dug into Trump, he notes, he came across troubling information indicating connections between Trump and the Russian government. According to his sources, he says, "there was an established exchange of information between the Trump campaign and the Kremlin of mutual benefit."
It maintained that Trump "and his inner circle have accepted a regular flow of intelligence from the Kremlin, including on his Democratic and other political rivals." It claimed that Russian intelligence had "compromised" Trump during his visits to Moscow and could "blackmail him."
Here's an extensive timeline of Trump's connections to the Kremlin: https://grabby.me/timeline?uui...
Agreed. The article definitely leans towards this being more devious than the data itself shows, but they do admit, the data is very anecdotal. As much as I dislike Trump, this isn't a smoking gun but more of a report of someone hearing a bang. It could be a crime, it could be (car analogy) be a car backfiring. I'll be curious to see how this shakes out.
Hey, Slashdot gets visited by Russian IP addresses too! Maybe Slashdot is working with Putin to leak Clinton's E-mails as well?
Seriously, this bullshit coming from Clinton and her minions only shows how desperate they are.
FTA:
I also spoke with academics who vouched for Tea Leaves’ integrity and his unusual access to information. “This is someone I know well and is very well-known in the networking community,” said Camp. “When they say something about DNS, you believe them. This person has technical authority and access to data.”)
The researchers quickly dismissed their initial fear that the logs represented a malware attack. The communication wasn’t the work of bots. The irregular pattern of server lookups actually resembled the pattern of human conversation—conversations that began during office hours in New York and continued during office hours in Moscow. It dawned on the researchers that this wasn’t an attack, but a sustained relationship between a server registered to the Trump Organization and two servers registered to an entity called Alfa Bank.
[...]
Earlier this month, the group of computer scientists passed the logs to Paul Vixie. In the world of DNS experts, there’s no higher authority. Vixie wrote central strands of the DNS code that makes the internet work. After studying the logs, he concluded, “The parties were communicating in a secretive fashion. The operative word is secretive. This is more akin to what criminal syndicates do if they are putting together a project.”
The real interesting thing is when people started asking about the server the Trump org took it down, renamed it, and somehow the Russian server knew exactly which hostname to access (suggesting someone from Trump org told them).
Four days later, on Sept. 27, the Trump Organization created a new host name, trump1.contact-client.com, which enabled communication to the very same server via a different route.
These aren't political hacks, nor the result of reporters misunderstanding basic concepts. These are qualified experts with reputations to protect who understand hackers, malware, and misconfigured mail servers. They have looked at the evidence and think this is a secret communication channel.
I stole this Sig
Without having read TFA, often even as a network engineer, I'll use the term "ping" even when not referring to ICMP. For example, I'll refer to an SNMP walk (of any kind) as a "ping".
Exactly. The term 'ping' may appear unfortunate to those of us who know what the ICMP protocol actually is, but it'll be suitably edgy to a tech-ignorant audience who need to feel that the writer actually knows what he's talking about.
Still though, this doesn't come off as suspicious to me at all. Since when is it odd or otherwise unusual that a server belonging to a billionaire talks to a server belonging to a bank in a foreign country?
When the bank is one of only a very few addresses the server communicates with.
Look, it's circumstantial at best, no more of a smoking gun than any number of other things. But if I were a US-based journalist, I'd consider it worth digging into. I don't know that I'd publish something based on the logs alone, but I would certainly be willing to follow wherever they lead. Even if the conclusion is that Trump has investments in Russian companies, that's a notable fact, given his constant and explicit denial that he has any financial ties to Russia.
That's like saying that it's odd that there's dog piss on a fire hydrant.
Kind of. It's more like saying it's odd that this dog doesn't seem to want to piss anywhere except at this particular fire hydrant, which he insists he would never piss on if you gave him a thousand years and a fire hose.
So yeah, the circumstances are curious, but there's nothing here that would make me jump out of my chair and shout, 'Aha!!!' And trust me, I'd be the first to do that if it took Trump down a notch.
Crumb's Corollary: Never bring a knife to a bun fight.
and we're just scratching the surface of Trump's Russian ties, whereas we've been over Hilary's emails for nigh on a decade now. Thing is, _everybody_ in Washington was doing this. Collin Powell proved as much.
Hell, that was one of the most badass things to come out of this. Hilary was asked if it was Colin's idea to run the server and she said no, it was her responsibility. A few weeks later Wikileaks dumped emails showing it _was_ Powell suggesting it. I've yet to see HRC get an ounce of credit for shielding Powell and the loyalty and shear brass balls it showed.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
It really is silly season. The bottom line is that Trump is the "fuck you, oligarchy" candidate. We know he's the last chance for a long, long time, if ever, to fuck with the oligarchs
So...you argument for picking an openly idiotic, racist, lecherous, bigoted, misogynist is to say "fuck you" to the oligarchy? And what the hell makes you think he isn't part of the oligarchy? He has a history of treating anyone who isn't rich and white like shit, treating women even worse, and basically is a walking embodiment of everything America should have left behind at least 50 years ago. It's like watching Archie Bunker run for president, only with less class.
That is why he is being supported.
He's being supported because the so-called "neo-con" republicans thought it was a brilliant idea to go out and court the crazies into the party by fomenting rage, propagating conspiracies and other BS, and basically turning the whole party into a conglomeration of obstructionist idiots, ideological zealots, and sideshow freaks. Trump is the end result of that strategy, one which what few real republicans left had warned about for quite some time. The republicans of my day would have NEVER tolerated anyone like Trump being a candidate. Can you imagine what would have happened if someone like Reagan or Bush senior said and/or did half the shit Trump has done? They would have been burned at the stake!
You NEVER court crazy, even if that crazy seems to be helping you. You can NOT control crazy, and once it gets in, once you give it a voice, it is damn near impossible to get it out. That's what the old republican guard found out the hard way. They thought they were saving the party, when in fact they systematically destroyed it.
And now, we have Trump. It is absolutely repulsive that he is considered a republican. If you're a conservative/real republican, people automatically assume your associated with Train Wreck Trump and the Neo-Crazies. It's a stink that doesn't wash off and doesn't go away. Just about anyone would have been a better choice.
I may not agree with real republicans, but I respected them. I have no respect for these new age crazies that call themselves republicans and support despots like Trump.
Hillary is the tool of the oligarchy.
Just because you say so?
Russia is no threat because they aren't suicidal, and do you really think Trump is in their pocket? Get real.
The smartest adversary appears as your greatest friend, not your greatest enemy. Direct confrontation is the most idiotic way to defeat or influence an enemy. The smart enemy applies pressure, seeks out weaknesses, and exploits them. They get inside and maneuver. If they play their cards right, you'll be smiling and shaking their hand thanking them for the privilege of being bent over.
Trump has made it clear where he stands in relation to Russia. Right in front, with his hands on his ankles. His views on Russia, NATO and the rest are pretty much talking points out of the Russian Agenda.
Putin is a good contrast to the feckless current occupant of the White House. That's why he keeps coming up. More a testament to how shitty a leader Obama is than any positive qualities of Putin. Putin has gotten the better of him in every exchange during the last 8 years.
That sound you here is Zombie Reagan starving because apparently you have no brains left to eat.
I can't believe this is what republicans have become. When did it become American, let alone Republican, to praise a despotic foreign leader who has dissenters imprisoned and assassinated and have those be considered strong qualities for AMERICAN LEADERSHIP?
My god, people like you aren't republican. In no election I've been alive for have i ever heard such garbage, from democrat or republican.
~X~
What a fucking joke. This is still slashdot, right? There are still people here that understand TCP/IP and DNS, right? I only ask because the author of the slate article makes it abundantly clear that he is unaware of the difference between a server and a domain.
Does that look well researched to anyone here? If you were consulting with a reporter writing a story about servers and DNS, would you let him leave that sentence in the story? Or would you correct him?
More:
What is on 5th Avenue? I'll give you a hint, it isn't the bank, the server or the domain. Someone go stop the presses, I think we just found the mailing address of Trump's office.
Ok, so the server isn't advertising itself with a banner that says "I am a beowolf cluster, and these chumps have be running 5 emails a day." How do these "researchers" know what it is inside? Did they commit some felonies to find out? Do I sense yet another batch of Democrats taking the 5th in the near future?
Assuming they get in through some means, what do they find? Is it a capacious server with huge operating costs, like geothermal liquid cooling? Or is it a 1U stuffed into a rack somewhere and forgotten until someone walks past and notices that the idiot light is lit, 6 months after it shuts itself off because the PSU fan failed? Or is this server just an A record in DNS somewhere, in a domain that exists mostly so that recipient mailservers have a SPF record to look at? They don't tell us any specifics. My guess is that the "well-researched" writer thinks that each domain name needs a big dedicated server, at least to the extent that he is able to recognize them as distinct concepts and objects.
I don't know about you guys, but I check my domain names and purge stale domains about once per decade. The $15 per year to leave them on autopilot autorenewal mode is literally less expensive than my effort to sift through the list plucking out the ones that I no longer need.
Most amazing is the level of astroturfing on here today.
These were the only reasonable posts I saw that weren't AC turfers modded to +5.
Russians, maybe? I hear they pay very well for 'turfers...
Truth isn't Truth - Guliani