Slashdot Mirror
Computer Scientists Believe a Trump Server Was Communicating With a Russian Bank (slate.com)
In light of the Democratic National Committee hack by the Russians earlier this year, a "tightly knit community of computer scientists" working in a variety of fields came up with the hypothesis, "which they set out to rigorously test: If the Russians were worming their way into the DNC, they might very well be attacking other entities central to the presidential campaign, including Donald Trump's many servers." In late July, one of the scientists who asked to be referred to as Tea Leaves discovered possible malware emanating from Russia, with the destination domain having Trump in its name. What the researcher saw "was a bank in Moscow that kept irregularly pinging a server registered to the Trump Organization on Fifth Avenue": Slate Magazine reports: More data was needed, so he began carefully keeping logs of the Trump server's DNS activity. As he collected the logs, he would circulate them in periodic batches to colleagues in the cybersecurity world. Six of them began scrutinizing them for clues. The researchers quickly dismissed their initial fear that the logs represented a malware attack. The communication wasn't the work of bots. The irregular pattern of server lookups actually resembled the pattern of human conversation -- conversations that began during office hours in New York and continued during office hours in Moscow. It dawned on the researchers that this wasn't an attack, but a sustained relationship between a server registered to the Trump Organization and two servers registered to an entity called Alfa Bank. The server was first registered to Trump's business in 2009 and was set up to run consumer marketing campaigns. It had a history of sending mass emails on behalf of Trump-branded properties and products. Researchers were ultimately convinced that the server indeed belonged to Trump. But now this capacious server handled a strangely small load of traffic, such a small load that it would be hard for a company to justify the expense and trouble it would take to maintain it. That wasn't the only oddity. When the researchers pinged the server, they received error messages. They concluded that the server was set to accept only incoming communication from a very small handful of IP addresses. A small portion of the logs showed communication with a server belonging to Michigan-based Spectrum Health.
I have customers with nearly-abandoned dedicated servers on their own IPs and with some project-related whitelist rules that act very much like what's described in the summary. Those servers do things like wasting their time checking for updates from some custom module authors (some overseas), and some try to connect to long-gone services that have had their domains scooped up by (ready?) Russian typo-squatters and the like, but with IPs that resolve somewhere else entirely because they've been re-assigned to entirely different companies. And no, nobody dares to approve changing the configuration on these legacy servers ... and they keep paying to keep them online, despite the crickets chirping instead of activity on whatever legacy task they once did.
There are all sorts of reasons this sort of behavior might materialize. You know, sort of like there might be all sorts of reasons that Huma Abedin's trove of email - in the hundreds of thousands - might bey on her creepy, estranged husband's laptop. I'm sorry, did I use her name? Woopsie! Hillary Clinton now calls her "a staffer."
Don't disappoint your bird dog. Go to the range.
FTA: "Put differently, the logs suggested that Trump and Alfa had configured something like a digital hotline connecting the two entities, shutting out the rest of the world, and designed to obscure its own existence." Oh, you mean like the SSH setup I have for all my servers to only listen to known IPs for shell access? Uh, yeah, no kidding. Geez, politics can make people so stupid.
"We receive as friendly that which agrees with, we resist with dislike that which opposes us" - Faraday
I heard Trump used Internet Explorer once, too.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
It's been part of their modus operandi from day one. Whenever they're caught lying or committing crimes, they try to deflect the blame to someone else or change the topic into an attack on Trump or their accusers. The Russia boogeyman is a favorite for them.
It's so tired by now, and they've been caught lying so many times (pretty much every time they open their mouths, they're lying) that nobody believes a thing they say. The DNC could say the sun rose this morning and I'd still check out my window to verify.
I trust Russia MORE than I trust the DNC. If Trump is in good with them, then good for him.
To hell with Hillary and her cronies.
Pure, unadulterated idiocy. ^^^^^
Hey, Slashdot gets visited by Russian IP addresses too! Maybe Slashdot is working with Putin to leak Clinton's E-mails as well?
Seriously, this bullshit coming from Clinton and her minions only shows how desperate they are.
You guys nominated someone under criminal investigation by the FBI. The only people on earth who can't talk about how shitty Trump is are Clinton supporters.
The evidence we're given is this:
"What the researcher saw "was a bank in Moscow that kept irregularly pinging a server registered to the Trump Organization on Fifth Avenue": "
A ping is an ICMP echo request. They can have data, but it's the same both ways and it's generally nothing meaningful. I get random pings and crap from everywhere, including Russia, China, etc. along with port scans and everything else. Frankly this is utter BS without more evidence than a random server responding to some pings and not others.
It's also not clear how they were able to spy on this traffic without working at an ISP (where spying on your customers is generally frowned upon). But if they were in the middle of this, they could simply have inserted their own pings by spoofing the source address of some traffic. The article was a sad waste of time. There are lots of allegations that are based on nothing at all.
Nah, it's worse than that, looks like they were sniffing traffic at either the ISP of one of the two endpoints or a backbone.
If there were something here, you'd expect them to talk about finding data in the ICMP echo requests. You'd expect them to communicate over something normal like SSH. You'd expect some evidence that there was something illegal or improper going on here (other than, y'know, spying on other people's network traffic....).
Their audience is apparently morons who don't know what a ping is.
You have to be totally insane to think Russians possibly having malware in some bank that tried to protect itself to begin with, is anything even CLOSE to the seriousness of the Secretary of State ignoring multiple warnings about how insecure a personal email server was when inevitably she'd be sending top secret material over email...
Hillary brought all of her ills on herself and the blowback from it is not yet a hundredth of what it should be. Every single person who knows anything about computer security should be utterly ashamed at ever supporting her actions, and the fact that so many still support her makes me think there is no real hope ever for comprehensive computer security. The system is rotten to the core, many computer "professionals" willing to compromise a systems integrity at the drop of a hat.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
A rich white New Yorker is the oligarchy.
A ping is an ICMP echo request.
Thanks for the 411 Rain Man. :-)
It must have been something you assimilated. . . .
We know he's the last chance for a long, long time, if ever, to fuck with the oligarchs.
It's not. These kinds of opportunities are bubbling up more and more often, though mainly at the state level. If Trump fails because of his foolishness, another will come along.
Note that it's a constant struggle.......new guys come up, break the establishment, then settle in to become the new establishment. Andrew Jackson was an establishment breaker. Abraham Lincoln was one too, although by the time he became president, the establishment was more-or-less shattered. William Jennings Bryan tried but failed on his heavy cross of gold (reminds you of this comic). Roosevelt2 might have been considered an establishment breaker, although again it was rather broken by his time as well. Roosevelt1 probably was the establishment. Truman deserves a special mention for trying to reform the establishment from within, and to some degree he was successful.
"First they came for the slanderers and i said nothing."
You're right that they talk about DNS queries, but I'm pretty sure this is an actual ICMP echo:
It can also be pretty easily explained by having a bunch of normal people on PCs behind a corporate firewall that doesn't accept traffic. Which makes sense because when they talk to the people, we find this:
So, I'm still saying this looks like BS to me. Don't get me wrong, it's entirely possible that some Russian hacked something somewhere. I just don't buy there being a story here without more evidence than a few stray DNS queries.
Has there been any presidential candidate in decades who wasnt a scoundrel?
I know I'm going to get modded down for this, but yes: Barack Hussein Obama.
Only crack the nuts that crack. You don't put the ones that don't crack in the sack.
Without having read TFA, often even as a network engineer, I'll use the term "ping" even when not referring to ICMP. For example, I'll refer to an SNMP walk (of any kind) as a "ping".
Still though, this doesn't come off as suspicious to me at all. Since when is it odd or otherwise unusual that a server belonging to a billionaire talks to a server belonging to a bank in a foreign country? That's like saying that it's odd that there's dog piss on a fire hydrant.
> A rich white New Yorker is the oligarchy.
You mean the senator from New York?
A Pirate and a Puritan look the same on a balance sheet.
There's no real evidence of Hillary's lies,
You don't think Congressional testimony counts as evidence?
If you think I voted for Trump because of this post, you're wrong. I voted for Dr. Jill Stein of the Green Party. Again.
Without having read TFA, often even as a network engineer, I'll use the term "ping" even when not referring to ICMP. For example, I'll refer to an SNMP walk (of any kind) as a "ping".
Exactly. The term 'ping' may appear unfortunate to those of us who know what the ICMP protocol actually is, but it'll be suitably edgy to a tech-ignorant audience who need to feel that the writer actually knows what he's talking about.
Still though, this doesn't come off as suspicious to me at all. Since when is it odd or otherwise unusual that a server belonging to a billionaire talks to a server belonging to a bank in a foreign country?
When the bank is one of only a very few addresses the server communicates with.
Look, it's circumstantial at best, no more of a smoking gun than any number of other things. But if I were a US-based journalist, I'd consider it worth digging into. I don't know that I'd publish something based on the logs alone, but I would certainly be willing to follow wherever they lead. Even if the conclusion is that Trump has investments in Russian companies, that's a notable fact, given his constant and explicit denial that he has any financial ties to Russia.
That's like saying that it's odd that there's dog piss on a fire hydrant.
Kind of. It's more like saying it's odd that this dog doesn't seem to want to piss anywhere except at this particular fire hydrant, which he insists he would never piss on if you gave him a thousand years and a fire hose.
So yeah, the circumstances are curious, but there's nothing here that would make me jump out of my chair and shout, 'Aha!!!' And trust me, I'd be the first to do that if it took Trump down a notch.
Crumb's Corollary: Never bring a knife to a bun fight.
Their audience is apparently morons who don't know what a ping is.
Well, as an actual software developer who has worked with network protocols I can assure you that there are lots of different types of ping, TCP ping, etc.
Furthermore, those in doubt can just check the RFC for ICMP and discover that it includes echo packets with an arbitrary payload. That should get a person one dim lightbulb away from realizing that you can tunnel other things on top of ICMP, and then from there they might do a search of the interwebs and discover that is old hat.
The pedants in this article are mostly a bunch of tools who don't know an ICMP echo packet from a Russian in a fur hat! Worse, they don't know a Russian ICMP packet in a squirrel toupee from a Brazilian SSH attack!
So even though they're possibly not even talking about ICMP, if they were it would all make sense. But DNS is also used for tunnels, so that's probably what it really is. Also, DNS is more likely to make it into logs that people have legit access to and aren't private.
The hacks have exposed a ton of crap. Possible evidence of us selling weapons to Isis in Libya (RIP Vile Rat) and trying to claw them back, they faked violence at the Trump rallies (and blamed Bernie), they were talking about making hay of Trump's "bromance" with Putin long ago, they utterly shafted Bernie in every way. He even had people give him fake support just to steal his voters back at the end. They faked a Craigslist ad for Trump that was disgustingly sexist. Nobody there trusts each other. Carlos Danger (Anthony Wiener's) ways were known long ago, he appears to have gotten leaked classified info from his wife, top Clinton aide Huma, enough so that Huma sent emails from Hillary's device and vice versa, also forwarding classified things to webmail (Yahoo, Gmail). They talk about being especially worried about the sensitive pic of North Korea that was in her emails. They talk about quid pro quo to declassify one of the items she sent retroactively. In 2010, they talk about "how we just changed an entire Governor's race in 48 hours--without any fingerprints." They discuss an email from "Diane Reynolds" (Chelsea Clinton) about how the apple doesn't fall from the tree: you get a kiss on the cheek, then stabbed in the front and in the back. Hillary, if you're wondering, goes by "Evergreen" and "hrod" among other things. I haven't even covered the half of things, either. Oh, and FYI, some of that is from the FBI's response to FOIA requests, the rest is from the Podesta email dumps, which as we all should know, can be cryptographically validated via the DKIM signatures.
But yeah, let's worry about whether maybe Russia informed us of this. You know what Russia's stake in the election is?
Russia doesn't want to go to war with us over Syria.
Do you?
The server belonged to an email marketing company. In this case here isn't a big deep dark secret Trump-Russian conspiracy.
If you want an insight into Trump's ties with Russia, look at Paul Manaforte and read Time magazines article on the subject http://time.com/4433880/donald...
Greed is the root of all evil.