Slashdot Mirror
Computer Scientists Believe a Trump Server Was Communicating With a Russian Bank (slate.com)
In light of the Democratic National Committee hack by the Russians earlier this year, a "tightly knit community of computer scientists" working in a variety of fields came up with the hypothesis, "which they set out to rigorously test: If the Russians were worming their way into the DNC, they might very well be attacking other entities central to the presidential campaign, including Donald Trump's many servers." In late July, one of the scientists who asked to be referred to as Tea Leaves discovered possible malware emanating from Russia, with the destination domain having Trump in its name. What the researcher saw "was a bank in Moscow that kept irregularly pinging a server registered to the Trump Organization on Fifth Avenue": Slate Magazine reports: More data was needed, so he began carefully keeping logs of the Trump server's DNS activity. As he collected the logs, he would circulate them in periodic batches to colleagues in the cybersecurity world. Six of them began scrutinizing them for clues. The researchers quickly dismissed their initial fear that the logs represented a malware attack. The communication wasn't the work of bots. The irregular pattern of server lookups actually resembled the pattern of human conversation -- conversations that began during office hours in New York and continued during office hours in Moscow. It dawned on the researchers that this wasn't an attack, but a sustained relationship between a server registered to the Trump Organization and two servers registered to an entity called Alfa Bank. The server was first registered to Trump's business in 2009 and was set up to run consumer marketing campaigns. It had a history of sending mass emails on behalf of Trump-branded properties and products. Researchers were ultimately convinced that the server indeed belonged to Trump. But now this capacious server handled a strangely small load of traffic, such a small load that it would be hard for a company to justify the expense and trouble it would take to maintain it. That wasn't the only oddity. When the researchers pinged the server, they received error messages. They concluded that the server was set to accept only incoming communication from a very small handful of IP addresses. A small portion of the logs showed communication with a server belonging to Michigan-based Spectrum Health.
I have customers with nearly-abandoned dedicated servers on their own IPs and with some project-related whitelist rules that act very much like what's described in the summary. Those servers do things like wasting their time checking for updates from some custom module authors (some overseas), and some try to connect to long-gone services that have had their domains scooped up by (ready?) Russian typo-squatters and the like, but with IPs that resolve somewhere else entirely because they've been re-assigned to entirely different companies. And no, nobody dares to approve changing the configuration on these legacy servers ... and they keep paying to keep them online, despite the crickets chirping instead of activity on whatever legacy task they once did.
There are all sorts of reasons this sort of behavior might materialize. You know, sort of like there might be all sorts of reasons that Huma Abedin's trove of email - in the hundreds of thousands - might bey on her creepy, estranged husband's laptop. I'm sorry, did I use her name? Woopsie! Hillary Clinton now calls her "a staffer."
Don't disappoint your bird dog. Go to the range.
FTA: "Put differently, the logs suggested that Trump and Alfa had configured something like a digital hotline connecting the two entities, shutting out the rest of the world, and designed to obscure its own existence." Oh, you mean like the SSH setup I have for all my servers to only listen to known IPs for shell access? Uh, yeah, no kidding. Geez, politics can make people so stupid.
"We receive as friendly that which agrees with, we resist with dislike that which opposes us" - Faraday
I heard Trump used Internet Explorer once, too.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
Turns out it was Huma using Yahoo, and Podesta getting phished... No Russians involved, just plain old incompetence.
Browsing at +1 - no ACs, I ignore their posts. So refreshing!
It's been part of their modus operandi from day one. Whenever they're caught lying or committing crimes, they try to deflect the blame to someone else or change the topic into an attack on Trump or their accusers. The Russia boogeyman is a favorite for them.
It's so tired by now, and they've been caught lying so many times (pretty much every time they open their mouths, they're lying) that nobody believes a thing they say. The DNC could say the sun rose this morning and I'd still check out my window to verify.
I trust Russia MORE than I trust the DNC. If Trump is in good with them, then good for him.
To hell with Hillary and her cronies.
Pure, unadulterated idiocy. ^^^^^
Hey, Slashdot gets visited by Russian IP addresses too! Maybe Slashdot is working with Putin to leak Clinton's E-mails as well?
Seriously, this bullshit coming from Clinton and her minions only shows how desperate they are.
You guys nominated someone under criminal investigation by the FBI. The only people on earth who can't talk about how shitty Trump is are Clinton supporters.
While this is certainly interesting and deserves attention (I voted it up in the firehose), it's unlikely to be of any use during the campaign.
For one, the server was registered in 2009 and is unlikely to be anything related to the elections. Trump's business is pretty big, and he has contacts all over the world.
(For comparison, the Podesta group is registered with the U.S. government as a lobbyist for Sberbank. Google "Podesta Russia" for lots of links and info.)
For another, if it's nefarious it's more likely to be some sort of mole or agent within Trump's organization. Again, Trump's business is huge, and there are probably one or more foreign government agents working for him (also in Google, Facebook, and a hundred other big organizations).
Also, there might be a perfectly reasonable explanation. We should wait for the Trump campaign explanation, then see if their explanation seems reasonable. God only knows how many times we've done that for the Clintons!
And finally, it might be too little too late. Word on the street is that Clinton will be stepping down on Tuesday (tomorrow), Veritas is planning a "blockbuster" drop this week, Wikieaks is about to start phase three of its election coverage, and internal leaks from the campaign indicate that Hillary is coming apart at the seams: binge drinking, uncontrolled anger, and poor judgement in general.
As the saying goes, it's not over until its over.
Let's just wait for the election.
It's like I said to my sister the other day; I can't wait for November 9 so I can stop obsessing about Trump and start obsessing about the new Harry Potter movie.
Problem is Trump won't go away post-election. If he wins it will be worse than this, and if he loses he starts Trump media and doubles down on the loose talk and continual lies.
The evidence we're given is this:
"What the researcher saw "was a bank in Moscow that kept irregularly pinging a server registered to the Trump Organization on Fifth Avenue": "
A ping is an ICMP echo request. They can have data, but it's the same both ways and it's generally nothing meaningful. I get random pings and crap from everywhere, including Russia, China, etc. along with port scans and everything else. Frankly this is utter BS without more evidence than a random server responding to some pings and not others.
It's also not clear how they were able to spy on this traffic without working at an ISP (where spying on your customers is generally frowned upon). But if they were in the middle of this, they could simply have inserted their own pings by spoofing the source address of some traffic. The article was a sad waste of time. There are lots of allegations that are based on nothing at all.
Nah, it's worse than that, looks like they were sniffing traffic at either the ISP of one of the two endpoints or a backbone.
If there were something here, you'd expect them to talk about finding data in the ICMP echo requests. You'd expect them to communicate over something normal like SSH. You'd expect some evidence that there was something illegal or improper going on here (other than, y'know, spying on other people's network traffic....).
Their audience is apparently morons who don't know what a ping is.
It really is silly season. The bottom line is that Trump is the "fuck you, oligarchy" candidate. We know he's the last chance for a long, long time, if ever, to fuck with the oligarchs. That is why he is being supported. Hillary is the tool of the oligarchy.
Russia is no threat because they aren't suicidal, and do you really think Trump is in their pocket? Get real.
Putin is a good contrast to the feckless current occupant of the White House. That's why he keeps coming up. More a testament to how shitty a leader Obama is than any positive qualities of Putin. Putin has gotten the better of him in every exchange during the last 8 years.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
You have to be totally insane to think Russians possibly having malware in some bank that tried to protect itself to begin with, is anything even CLOSE to the seriousness of the Secretary of State ignoring multiple warnings about how insecure a personal email server was when inevitably she'd be sending top secret material over email...
Hillary brought all of her ills on herself and the blowback from it is not yet a hundredth of what it should be. Every single person who knows anything about computer security should be utterly ashamed at ever supporting her actions, and the fact that so many still support her makes me think there is no real hope ever for comprehensive computer security. The system is rotten to the core, many computer "professionals" willing to compromise a systems integrity at the drop of a hat.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Ahem ...
Federal Judge Allows Suit Against Trump University to Proceed
http://www.nytimes.com/2016/08/03/us/politics/trump-university-case.html
Reminder: Donald Trump due in court after Election Day on child rape and racketeering charges
https://www.rawstory.com/2016/10/reminder-donald-trump-due-in-court-after-election-day-on-child-rape-and-racketeering-charges/
A ping is an ICMP echo request.
Thanks for the 411 Rain Man. :-)
It must have been something you assimilated. . . .
You're right that they talk about DNS queries, but I'm pretty sure this is an actual ICMP echo:
It can also be pretty easily explained by having a bunch of normal people on PCs behind a corporate firewall that doesn't accept traffic. Which makes sense because when they talk to the people, we find this:
So, I'm still saying this looks like BS to me. Don't get me wrong, it's entirely possible that some Russian hacked something somewhere. I just don't buy there being a story here without more evidence than a few stray DNS queries.
Has there been any presidential candidate in decades who wasnt a scoundrel?
I know I'm going to get modded down for this, but yes: Barack Hussein Obama.
Only crack the nuts that crack. You don't put the ones that don't crack in the sack.
Without having read TFA, often even as a network engineer, I'll use the term "ping" even when not referring to ICMP. For example, I'll refer to an SNMP walk (of any kind) as a "ping".
Still though, this doesn't come off as suspicious to me at all. Since when is it odd or otherwise unusual that a server belonging to a billionaire talks to a server belonging to a bank in a foreign country? That's like saying that it's odd that there's dog piss on a fire hydrant.
There's no real evidence of Hillary's lies,
You don't think Congressional testimony counts as evidence?
If you think I voted for Trump because of this post, you're wrong. I voted for Dr. Jill Stein of the Green Party. Again.
Without having read TFA, often even as a network engineer, I'll use the term "ping" even when not referring to ICMP. For example, I'll refer to an SNMP walk (of any kind) as a "ping".
Exactly. The term 'ping' may appear unfortunate to those of us who know what the ICMP protocol actually is, but it'll be suitably edgy to a tech-ignorant audience who need to feel that the writer actually knows what he's talking about.
Still though, this doesn't come off as suspicious to me at all. Since when is it odd or otherwise unusual that a server belonging to a billionaire talks to a server belonging to a bank in a foreign country?
When the bank is one of only a very few addresses the server communicates with.
Look, it's circumstantial at best, no more of a smoking gun than any number of other things. But if I were a US-based journalist, I'd consider it worth digging into. I don't know that I'd publish something based on the logs alone, but I would certainly be willing to follow wherever they lead. Even if the conclusion is that Trump has investments in Russian companies, that's a notable fact, given his constant and explicit denial that he has any financial ties to Russia.
That's like saying that it's odd that there's dog piss on a fire hydrant.
Kind of. It's more like saying it's odd that this dog doesn't seem to want to piss anywhere except at this particular fire hydrant, which he insists he would never piss on if you gave him a thousand years and a fire hose.
So yeah, the circumstances are curious, but there's nothing here that would make me jump out of my chair and shout, 'Aha!!!' And trust me, I'd be the first to do that if it took Trump down a notch.
Crumb's Corollary: Never bring a knife to a bun fight.
Citation please on the modifying. Wikileaks is one of the few true old-style journalist organizations.
If anything, Clinton is big business' Manchurian Candidate. At best Trump will be "George W. Bush II", I don't see him completing much of anything which may be a good thing for a change. The wall won't be built even if he wanted to WJC and GWB already tried it, at best it will create some jobs in a small Texas town and that will be the height of it's success. ObamaCare will collapse with or without him. Hillary will be investigated and exonerated regardless (since an investigation requires Congress, not a President) and I'm not sure what the rest of his platform is, if he even has any.
The Middle East will continue being a mess, with a little bit of luck, he's incompetent enough after all, Russia will continue to expand their control in the region with as much success and damage to their own image as the repeated US invasions in the region caused. The Korea's will continue to be at war and 'the bomb' and any of their efforts will continue to be a 'success' in NK media alone.
Custom electronics and digital signage for your business: www.evcircuits.com
Their audience is apparently morons who don't know what a ping is.
Well, as an actual software developer who has worked with network protocols I can assure you that there are lots of different types of ping, TCP ping, etc.
Furthermore, those in doubt can just check the RFC for ICMP and discover that it includes echo packets with an arbitrary payload. That should get a person one dim lightbulb away from realizing that you can tunnel other things on top of ICMP, and then from there they might do a search of the interwebs and discover that is old hat.
The pedants in this article are mostly a bunch of tools who don't know an ICMP echo packet from a Russian in a fur hat! Worse, they don't know a Russian ICMP packet in a squirrel toupee from a Brazilian SSH attack!
So even though they're possibly not even talking about ICMP, if they were it would all make sense. But DNS is also used for tunnels, so that's probably what it really is. Also, DNS is more likely to make it into logs that people have legit access to and aren't private.
No that's the point she spinned it into. If that had been her point, and if her actions backed it up, it would be totally fine. But her actions show that her public vs private opinions are not just "slightly different messages tweaked for each group" but outright contradictions and falsehoods. You can't tell people publicly that one of your positions is to "uphold the rule of law, protect our borders and national security" (that's on her website) while telling people in speeches "My dream is a hemispheric common market with open trade and open borders." That's not nuance. That's not targeting. That means she's blatantly lying to one group or the other.
The hacks have exposed a ton of crap. Possible evidence of us selling weapons to Isis in Libya (RIP Vile Rat) and trying to claw them back, they faked violence at the Trump rallies (and blamed Bernie), they were talking about making hay of Trump's "bromance" with Putin long ago, they utterly shafted Bernie in every way. He even had people give him fake support just to steal his voters back at the end. They faked a Craigslist ad for Trump that was disgustingly sexist. Nobody there trusts each other. Carlos Danger (Anthony Wiener's) ways were known long ago, he appears to have gotten leaked classified info from his wife, top Clinton aide Huma, enough so that Huma sent emails from Hillary's device and vice versa, also forwarding classified things to webmail (Yahoo, Gmail). They talk about being especially worried about the sensitive pic of North Korea that was in her emails. They talk about quid pro quo to declassify one of the items she sent retroactively. In 2010, they talk about "how we just changed an entire Governor's race in 48 hours--without any fingerprints." They discuss an email from "Diane Reynolds" (Chelsea Clinton) about how the apple doesn't fall from the tree: you get a kiss on the cheek, then stabbed in the front and in the back. Hillary, if you're wondering, goes by "Evergreen" and "hrod" among other things. I haven't even covered the half of things, either. Oh, and FYI, some of that is from the FBI's response to FOIA requests, the rest is from the Podesta email dumps, which as we all should know, can be cryptographically validated via the DKIM signatures.
But yeah, let's worry about whether maybe Russia informed us of this. You know what Russia's stake in the election is?
Russia doesn't want to go to war with us over Syria.
Do you?
The server belonged to an email marketing company. In this case here isn't a big deep dark secret Trump-Russian conspiracy.
If you want an insight into Trump's ties with Russia, look at Paul Manaforte and read Time magazines article on the subject http://time.com/4433880/donald...
Greed is the root of all evil.