Slashdot Mirror
Computer Scientists Believe a Trump Server Was Communicating With a Russian Bank (slate.com)
In light of the Democratic National Committee hack by the Russians earlier this year, a "tightly knit community of computer scientists" working in a variety of fields came up with the hypothesis, "which they set out to rigorously test: If the Russians were worming their way into the DNC, they might very well be attacking other entities central to the presidential campaign, including Donald Trump's many servers." In late July, one of the scientists who asked to be referred to as Tea Leaves discovered possible malware emanating from Russia, with the destination domain having Trump in its name. What the researcher saw "was a bank in Moscow that kept irregularly pinging a server registered to the Trump Organization on Fifth Avenue": Slate Magazine reports: More data was needed, so he began carefully keeping logs of the Trump server's DNS activity. As he collected the logs, he would circulate them in periodic batches to colleagues in the cybersecurity world. Six of them began scrutinizing them for clues. The researchers quickly dismissed their initial fear that the logs represented a malware attack. The communication wasn't the work of bots. The irregular pattern of server lookups actually resembled the pattern of human conversation -- conversations that began during office hours in New York and continued during office hours in Moscow. It dawned on the researchers that this wasn't an attack, but a sustained relationship between a server registered to the Trump Organization and two servers registered to an entity called Alfa Bank. The server was first registered to Trump's business in 2009 and was set up to run consumer marketing campaigns. It had a history of sending mass emails on behalf of Trump-branded properties and products. Researchers were ultimately convinced that the server indeed belonged to Trump. But now this capacious server handled a strangely small load of traffic, such a small load that it would be hard for a company to justify the expense and trouble it would take to maintain it. That wasn't the only oddity. When the researchers pinged the server, they received error messages. They concluded that the server was set to accept only incoming communication from a very small handful of IP addresses. A small portion of the logs showed communication with a server belonging to Michigan-based Spectrum Health.
Hardly. The libs are expecting a massive, ground-shifting victory. It's just that Trump is always good copy. Even people who hate him love to read about him, and pass stuff along.
It's like I said to my sister the other day; I can't wait for November 9 so I can stop obsessing about Trump and start obsessing about the new Harry Potter movie.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
I have customers with nearly-abandoned dedicated servers on their own IPs and with some project-related whitelist rules that act very much like what's described in the summary. Those servers do things like wasting their time checking for updates from some custom module authors (some overseas), and some try to connect to long-gone services that have had their domains scooped up by (ready?) Russian typo-squatters and the like, but with IPs that resolve somewhere else entirely because they've been re-assigned to entirely different companies. And no, nobody dares to approve changing the configuration on these legacy servers ... and they keep paying to keep them online, despite the crickets chirping instead of activity on whatever legacy task they once did.
There are all sorts of reasons this sort of behavior might materialize. You know, sort of like there might be all sorts of reasons that Huma Abedin's trove of email - in the hundreds of thousands - might bey on her creepy, estranged husband's laptop. I'm sorry, did I use her name? Woopsie! Hillary Clinton now calls her "a staffer."
Don't disappoint your bird dog. Go to the range.
FTA: "Put differently, the logs suggested that Trump and Alfa had configured something like a digital hotline connecting the two entities, shutting out the rest of the world, and designed to obscure its own existence." Oh, you mean like the SSH setup I have for all my servers to only listen to known IPs for shell access? Uh, yeah, no kidding. Geez, politics can make people so stupid.
"We receive as friendly that which agrees with, we resist with dislike that which opposes us" - Faraday
I heard Trump used Internet Explorer once, too.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
Turns out it was Huma using Yahoo, and Podesta getting phished... No Russians involved, just plain old incompetence.
Browsing at +1 - no ACs, I ignore their posts. So refreshing!
It's been part of their modus operandi from day one. Whenever they're caught lying or committing crimes, they try to deflect the blame to someone else or change the topic into an attack on Trump or their accusers. The Russia boogeyman is a favorite for them.
It's so tired by now, and they've been caught lying so many times (pretty much every time they open their mouths, they're lying) that nobody believes a thing they say. The DNC could say the sun rose this morning and I'd still check out my window to verify.
I trust Russia MORE than I trust the DNC. If Trump is in good with them, then good for him.
To hell with Hillary and her cronies.
Pure, unadulterated idiocy. ^^^^^
Hey, Slashdot gets visited by Russian IP addresses too! Maybe Slashdot is working with Putin to leak Clinton's E-mails as well?
Seriously, this bullshit coming from Clinton and her minions only shows how desperate they are.
You guys nominated someone under criminal investigation by the FBI. The only people on earth who can't talk about how shitty Trump is are Clinton supporters.
While this is certainly interesting and deserves attention (I voted it up in the firehose), it's unlikely to be of any use during the campaign.
For one, the server was registered in 2009 and is unlikely to be anything related to the elections. Trump's business is pretty big, and he has contacts all over the world.
(For comparison, the Podesta group is registered with the U.S. government as a lobbyist for Sberbank. Google "Podesta Russia" for lots of links and info.)
For another, if it's nefarious it's more likely to be some sort of mole or agent within Trump's organization. Again, Trump's business is huge, and there are probably one or more foreign government agents working for him (also in Google, Facebook, and a hundred other big organizations).
Also, there might be a perfectly reasonable explanation. We should wait for the Trump campaign explanation, then see if their explanation seems reasonable. God only knows how many times we've done that for the Clintons!
And finally, it might be too little too late. Word on the street is that Clinton will be stepping down on Tuesday (tomorrow), Veritas is planning a "blockbuster" drop this week, Wikieaks is about to start phase three of its election coverage, and internal leaks from the campaign indicate that Hillary is coming apart at the seams: binge drinking, uncontrolled anger, and poor judgement in general.
As the saying goes, it's not over until its over.
Let's just wait for the election.
It's like I said to my sister the other day; I can't wait for November 9 so I can stop obsessing about Trump and start obsessing about the new Harry Potter movie.
Problem is Trump won't go away post-election. If he wins it will be worse than this, and if he loses he starts Trump media and doubles down on the loose talk and continual lies.
The evidence we're given is this:
"What the researcher saw "was a bank in Moscow that kept irregularly pinging a server registered to the Trump Organization on Fifth Avenue": "
A ping is an ICMP echo request. They can have data, but it's the same both ways and it's generally nothing meaningful. I get random pings and crap from everywhere, including Russia, China, etc. along with port scans and everything else. Frankly this is utter BS without more evidence than a random server responding to some pings and not others.
It's also not clear how they were able to spy on this traffic without working at an ISP (where spying on your customers is generally frowned upon). But if they were in the middle of this, they could simply have inserted their own pings by spoofing the source address of some traffic. The article was a sad waste of time. There are lots of allegations that are based on nothing at all.
Nah, it's worse than that, looks like they were sniffing traffic at either the ISP of one of the two endpoints or a backbone.
If there were something here, you'd expect them to talk about finding data in the ICMP echo requests. You'd expect them to communicate over something normal like SSH. You'd expect some evidence that there was something illegal or improper going on here (other than, y'know, spying on other people's network traffic....).
Their audience is apparently morons who don't know what a ping is.
It really is silly season. The bottom line is that Trump is the "fuck you, oligarchy" candidate. We know he's the last chance for a long, long time, if ever, to fuck with the oligarchs. That is why he is being supported. Hillary is the tool of the oligarchy.
Russia is no threat because they aren't suicidal, and do you really think Trump is in their pocket? Get real.
Putin is a good contrast to the feckless current occupant of the White House. That's why he keeps coming up. More a testament to how shitty a leader Obama is than any positive qualities of Putin. Putin has gotten the better of him in every exchange during the last 8 years.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
You have to be totally insane to think Russians possibly having malware in some bank that tried to protect itself to begin with, is anything even CLOSE to the seriousness of the Secretary of State ignoring multiple warnings about how insecure a personal email server was when inevitably she'd be sending top secret material over email...
Hillary brought all of her ills on herself and the blowback from it is not yet a hundredth of what it should be. Every single person who knows anything about computer security should be utterly ashamed at ever supporting her actions, and the fact that so many still support her makes me think there is no real hope ever for comprehensive computer security. The system is rotten to the core, many computer "professionals" willing to compromise a systems integrity at the drop of a hat.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Ahem ...
Federal Judge Allows Suit Against Trump University to Proceed
http://www.nytimes.com/2016/08/03/us/politics/trump-university-case.html
Reminder: Donald Trump due in court after Election Day on child rape and racketeering charges
https://www.rawstory.com/2016/10/reminder-donald-trump-due-in-court-after-election-day-on-child-rape-and-racketeering-charges/
the story at slate that i read says nothing about icmp, it talks exclusively about DNS lookups, incuding after the trump server admin team changed the authoratative host name of the server in question.
unless somebody in Russia is clairvoyant, or the thousands of recorded transactions were somehow faked, it means somebody in the trump server admin team contacted Alfa bank's admin team, and gave them the new resolution host data. It was not up long enough for normal record proliferaton to be accounable for allfa getting the updated record.
again, "ping" used by the journalist just means "contacted", not an actual ICMP connectivity test stream.
They were supposedly looking at DNS query data only, and noticed the activity, after looking to see if russian hackers were infiltating GOP servers like they had purportedly infiltrated DNC servers.
HRC is corrupt as fuck, the only thing is she considers business as usual what we plebes see as corrupt.
Trump is corrupt as fuck, but he hasn't been investigated for 30 years. Not to mention Trump is a 100% asshole who shouldn't even be a choice. Dafuq R-tarded, you can't beat this asshole in a primary? Methinks you need to rethink some fundamental principals. Hint: Neither Ted Cruz nor Marco Rubio are your white knights on white horses running in to save the day.
I finally voted today, went for Johnson. Yeah, he's a pothead who doesn't know what Aleppo is. But IMHO he's our best chance of not impeaching a president in the next 4 years.
A ping is an ICMP echo request.
Thanks for the 411 Rain Man. :-)
It must have been something you assimilated. . . .
You're right that they talk about DNS queries, but I'm pretty sure this is an actual ICMP echo:
It can also be pretty easily explained by having a bunch of normal people on PCs behind a corporate firewall that doesn't accept traffic. Which makes sense because when they talk to the people, we find this:
So, I'm still saying this looks like BS to me. Don't get me wrong, it's entirely possible that some Russian hacked something somewhere. I just don't buy there being a story here without more evidence than a few stray DNS queries.
Has there been any presidential candidate in decades who wasnt a scoundrel?
I know I'm going to get modded down for this, but yes: Barack Hussein Obama.
Only crack the nuts that crack. You don't put the ones that don't crack in the sack.
Without having read TFA, often even as a network engineer, I'll use the term "ping" even when not referring to ICMP. For example, I'll refer to an SNMP walk (of any kind) as a "ping".
Still though, this doesn't come off as suspicious to me at all. Since when is it odd or otherwise unusual that a server belonging to a billionaire talks to a server belonging to a bank in a foreign country? That's like saying that it's odd that there's dog piss on a fire hydrant.
There's no real evidence of Hillary's lies,
You don't think Congressional testimony counts as evidence?
If you think I voted for Trump because of this post, you're wrong. I voted for Dr. Jill Stein of the Green Party. Again.
Without having read TFA, often even as a network engineer, I'll use the term "ping" even when not referring to ICMP. For example, I'll refer to an SNMP walk (of any kind) as a "ping".
Exactly. The term 'ping' may appear unfortunate to those of us who know what the ICMP protocol actually is, but it'll be suitably edgy to a tech-ignorant audience who need to feel that the writer actually knows what he's talking about.
Still though, this doesn't come off as suspicious to me at all. Since when is it odd or otherwise unusual that a server belonging to a billionaire talks to a server belonging to a bank in a foreign country?
When the bank is one of only a very few addresses the server communicates with.
Look, it's circumstantial at best, no more of a smoking gun than any number of other things. But if I were a US-based journalist, I'd consider it worth digging into. I don't know that I'd publish something based on the logs alone, but I would certainly be willing to follow wherever they lead. Even if the conclusion is that Trump has investments in Russian companies, that's a notable fact, given his constant and explicit denial that he has any financial ties to Russia.
That's like saying that it's odd that there's dog piss on a fire hydrant.
Kind of. It's more like saying it's odd that this dog doesn't seem to want to piss anywhere except at this particular fire hydrant, which he insists he would never piss on if you gave him a thousand years and a fire hose.
So yeah, the circumstances are curious, but there's nothing here that would make me jump out of my chair and shout, 'Aha!!!' And trust me, I'd be the first to do that if it took Trump down a notch.
Crumb's Corollary: Never bring a knife to a bun fight.
The story also says that they couldn't ping the server but a particular server in Russia and a few elsewhere in the US could. ICMP traffic isn't broadcasted nor 'passively monitored'.
DNS is cached aggressively at most if not all gateway routers, sure you can aggregate some (anonymous) data about DNS requests but this talks about an internal machine frequently requesting a particular DNS address with specific time periods. At best, you can say a particular NETWORK requested a DNS address a few times per day (whenever the TTL expires). They are pinpointing it to minutes of the day.
They knew this particular server handled a 'small load of traffic'. Again, you can't "see" how much traffic a server handles without either controlling it or control ALL points it traverses outside of it.
Custom electronics and digital signage for your business: www.evcircuits.com
and we're just scratching the surface of Trump's Russian ties, whereas we've been over Hilary's emails for nigh on a decade now. Thing is, _everybody_ in Washington was doing this. Collin Powell proved as much.
Hell, that was one of the most badass things to come out of this. Hilary was asked if it was Colin's idea to run the server and she said no, it was her responsibility. A few weeks later Wikileaks dumped emails showing it _was_ Powell suggesting it. I've yet to see HRC get an ounce of credit for shielding Powell and the loyalty and shear brass balls it showed.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
right? Both he and his father were slum lords for Christ sakes. Seriously. One of the Guthrie's (Woody I think) had a song about Frank Trump.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
I'm sure everyone will give Trump the same benefit of the doubt that they give Hillary.
Sheesh, evil *and* a jerk. -- Jade
Citation please on the modifying. Wikileaks is one of the few true old-style journalist organizations.
If anything, Clinton is big business' Manchurian Candidate. At best Trump will be "George W. Bush II", I don't see him completing much of anything which may be a good thing for a change. The wall won't be built even if he wanted to WJC and GWB already tried it, at best it will create some jobs in a small Texas town and that will be the height of it's success. ObamaCare will collapse with or without him. Hillary will be investigated and exonerated regardless (since an investigation requires Congress, not a President) and I'm not sure what the rest of his platform is, if he even has any.
The Middle East will continue being a mess, with a little bit of luck, he's incompetent enough after all, Russia will continue to expand their control in the region with as much success and damage to their own image as the repeated US invasions in the region caused. The Korea's will continue to be at war and 'the bomb' and any of their efforts will continue to be a 'success' in NK media alone.
Custom electronics and digital signage for your business: www.evcircuits.com
Their audience is apparently morons who don't know what a ping is.
Well, as an actual software developer who has worked with network protocols I can assure you that there are lots of different types of ping, TCP ping, etc.
Furthermore, those in doubt can just check the RFC for ICMP and discover that it includes echo packets with an arbitrary payload. That should get a person one dim lightbulb away from realizing that you can tunnel other things on top of ICMP, and then from there they might do a search of the interwebs and discover that is old hat.
The pedants in this article are mostly a bunch of tools who don't know an ICMP echo packet from a Russian in a fur hat! Worse, they don't know a Russian ICMP packet in a squirrel toupee from a Brazilian SSH attack!
So even though they're possibly not even talking about ICMP, if they were it would all make sense. But DNS is also used for tunnels, so that's probably what it really is. Also, DNS is more likely to make it into logs that people have legit access to and aren't private.
Do any of you guys remember one of the original Defcon's, where Dan Farmer (I think?) was talking about hiding payloads in the white space of DNS packets?
This quote from the article made me think about that.
"Earlier this month, the group of computer scientists passed the logs to Paul Vixie. In the world of DNS experts, there’s no higher authority. Vixie wrote central strands of the DNS code that makes the internet work.
---->After studying the logs, he concluded, “The parties were communicating in a secretive fashion. The operative word is secretive. This is more akin to what criminal syndicates do if they are putting together a project.” Put differently, the logs suggested that Trump and Alfa had configured something like a digital hotline connecting the two entities, shutting out the rest of the world, and designed to obscure its own existence. ---------
No that's the point she spinned it into. If that had been her point, and if her actions backed it up, it would be totally fine. But her actions show that her public vs private opinions are not just "slightly different messages tweaked for each group" but outright contradictions and falsehoods. You can't tell people publicly that one of your positions is to "uphold the rule of law, protect our borders and national security" (that's on her website) while telling people in speeches "My dream is a hemispheric common market with open trade and open borders." That's not nuance. That's not targeting. That means she's blatantly lying to one group or the other.
The only foreign political leader Trump ever praises is Putin.
Oh ho ho! If only Trump's admiration for oppressive leaders and regimes were limited to Putin.
Nothing posted to
The hacks have exposed a ton of crap. Possible evidence of us selling weapons to Isis in Libya (RIP Vile Rat) and trying to claw them back, they faked violence at the Trump rallies (and blamed Bernie), they were talking about making hay of Trump's "bromance" with Putin long ago, they utterly shafted Bernie in every way. He even had people give him fake support just to steal his voters back at the end. They faked a Craigslist ad for Trump that was disgustingly sexist. Nobody there trusts each other. Carlos Danger (Anthony Wiener's) ways were known long ago, he appears to have gotten leaked classified info from his wife, top Clinton aide Huma, enough so that Huma sent emails from Hillary's device and vice versa, also forwarding classified things to webmail (Yahoo, Gmail). They talk about being especially worried about the sensitive pic of North Korea that was in her emails. They talk about quid pro quo to declassify one of the items she sent retroactively. In 2010, they talk about "how we just changed an entire Governor's race in 48 hours--without any fingerprints." They discuss an email from "Diane Reynolds" (Chelsea Clinton) about how the apple doesn't fall from the tree: you get a kiss on the cheek, then stabbed in the front and in the back. Hillary, if you're wondering, goes by "Evergreen" and "hrod" among other things. I haven't even covered the half of things, either. Oh, and FYI, some of that is from the FBI's response to FOIA requests, the rest is from the Podesta email dumps, which as we all should know, can be cryptographically validated via the DKIM signatures.
But yeah, let's worry about whether maybe Russia informed us of this. You know what Russia's stake in the election is?
Russia doesn't want to go to war with us over Syria.
Do you?
Looks to be pretty bogus.... it would appear that the damn thing doesn't even belong to Trump.
...trust me, I'd be the first to do that if it took Trump down a notch.
There you go again, being reasonable. If you want to match the Trump crowd, you have to assume by default that everything he does is suspicious, at the very least, and probably has malicious intent. He went to the loo? Highly suspicious - probably wanted to hide his substance abuse. He passed a primary school in his car? Probably prospecting for under-age girls. Finding there is a Russian bank that communicates with one of his servers is practically watertight proof that he is in with Putin in a major way. If we were to argue like Trump's followers. Regrettably, most of us, who aren't his followers, are restrained by things like intellect, honesty and basic integrity.
The server belonged to an email marketing company. In this case here isn't a big deep dark secret Trump-Russian conspiracy.
If you want an insight into Trump's ties with Russia, look at Paul Manaforte and read Time magazines article on the subject http://time.com/4433880/donald...
Greed is the root of all evil.
Perhaps you should read the entire article before jumping to this conclusion. The traffic was peculiarly NOT random "from everywhere, including Russia, China, etc..." The traffic was almost exclusively between these two servers. Also, the amount traffic increased/decreased with campaign events. The traffic stopped when Alfa Bank became aware of the New York Times investigation. The server was renamed and traffic resumed directly from Alfa Bank. There's more, but I can't quote or refer to all the strange coincidences here. That's why you need to actually read it even though it is long and will take up a few minutes of your time.
Based on Russia's behavior in the last years, your assumption that they do not want a war is not apparent from their actions.
In 2014 alone, 38 airspace violations (Finland, Estonia, Denmark, ...) from Russian military planes... including close encounters with passenger planes and US planes or boats.
Actually it's rather useful because people can debunk this crap. The average Slate reader probably does not know much about technology and just swallow the author's premise.
Slashdot readers, on the other hand, will be more likely to call bullshit This is helpful.
The entire Russia conspiracy theory needs to stop. It's becoming more more like the North Korea hacked Sony incident; which turns out they didn't and it was an inside job. As yet no verifiable evidence has been presented that Russia is hacking the DNC. But more to the point - who the fuck cares, because they aren't PLANTING or ALTERING emails. The information that has been leaked is 100% real. So the problem the DNC has is, like Nixon, they've been caught with their hands in the cookie jar and are trying to deflect.
Well I read TFA and it is suspicious. When the info came "out", the server was shut down AND a new server suddenly appeared and only one entity knew the name to look it up by, Alfa bank. It sounds like somehow the TeaLeaves guy has access to the DNS server logs (root servers) and so he/she is not looking at ISP data but the lookups. Since only one entity knew the name to lookup, it smells pretty bad for Trump. The article is long and detailed so I don't expect almost anyone to actually read it. The best way I can explain it is if I register a new name blahblahblahblah.com, and only one IP ever does a query to get the IP address of blahblahblahblah.com, then somebody had to tell me the name. No way is that random.
Perhaps you could point out the contradiction. The Clinton campaign has claimed Trump is linked to Russia, and even made it clear he's a dangerous nut (something we can all agree on), but they've never, ever, claimed Trump is going to start a war with Russia.
You are not alone. This is not normal. None of this is normal.
I am not sure they want an actual arm race, because I am sure they haven't forgotten how Reagan brought them down economically with that in the 80'ies.
What I am sure that they do want is that NATO and friends will back off and not do anything, as we have done in so many places, Ukraine and Syria to name a few famous ones.
Every time Putin rattles the nuclear saber Western and NATO countries rattle their knees, so Putin has no reason to have _any_ respect for whatever we _say_.
A full scale war is not even necessary, and also something we don't want, but shooting down a few Russian planes and helicopters and destroying a few tanks and other important equipment that can easily be seen on media, so the Russian public can also see it, _then_ Putin will listen. That is the only language he understands, being a USSR hardliner.
Also, USA should not _excuse_ killing a number of Syrian Al Assad forces by saying it was a mistake. I hope it wasn't a mistake, and it should be strongly emphasized that there is more where that came from, unless _they_ back off!
Russia and Al Assad doesn't want any civilian to stay in Aleppo, as this is a genocide if there ever was one!
NATO and liberal countries in the World, wake up!
It's amazing that you think that someone, since at least 2009, has been sending fake messages with fake senders from Gmail, Yahoo and clintonemail.com without anyone wondering about the oddly incriminating messages showing up in their inboxes.
If you think you can fake these, you can get 1 bitcoin from erratasec.
Please show me the blockchain transaction when you win this, ok?
https://www.washingtonpost.com...
Error: NSE - No Signature Error