After the DNC hack, security experts began playing close attention to the security of servers associated with the Trump campaign, on the assumption that if the Democrats had been targeted, the Republicans would be, too.
They discovered a series of weird DNS lookups by an even weirder email server run by the Trump organization. This mail-server seemed to be engaged in regular email volleys with another server at Alfa Bank, one of Russia’s biggest banks, run by a Russian/Ukrainian oligarch with close ties to Putin. Both servers seemed to be configured to reject connections from anyone except each other. The metadata showed that the servers were only active during the overlapping Moscow/NYC business hours, and the timestamps and other metadata were highly indicative of human conversation (and not, for example, spam or forgotten automated processes).
When the NYT questioned Alfa Bank about this server, it promptly vanished. Then, just as promptly, another server popped up, with all the same properties.
The experts who’ve analyzed the data are a who’s-who of internet security and infrastructure guarantees (though the primary analysis came from an anonymous person calling themselves Tea Leaves), including Paul Vixie, one of the core authors of DNS.
The Trump campaign denies that the server is doing anything weird, but their explanation is contradictory and technically incoherent. Alfa Bank has retained a reputable security company to audit their end of the connection, and claim that their experts see nothing nefarious going on — but those same experts say they’ve reached no conclusions as yet.
There are no smoking guns here — all we see is the metadata indicating something that appears to be a highly secretive dialog between a politically connected Russian bank and the Trump organization. Without the content of these conversations, it’s hard to tell exactly what’s going on.
Weaver’s statement raises another uncertainty: Are the logs authentic? Computer scientists are careful about vouching for evidence that emerges from unknown sources—especially since the logs were pasted in a text file, where they could conceivably have been edited. I asked nine computer scientists—some who agreed to speak on the record, some who asked for anonymity—if the DNS logs that Tea Leaves and his collaborators discovered could be forged or manipulated. They considered it nearly impossible. It would be easy enough to fake one or maybe even a dozen records of DNS lookups. But in the aggregate, the logs contained thousands of records, with nuances and patterns that not even the most skilled programmers would be able to recreate on this scale. “The data has got the right kind of fuzz growing on it,” Vixie told me. “It’s the interpacket gap, the spacing between the conversations, the total volume. If you look at those time stamps, they are not simulated. This bears every indication that it was collected from a live link.” I asked him if there was a chance that he was wrong about their authenticity. “This passes the reasonable person test,” he told me. “No reasonable person would come to the conclusion other than the one I’ve come to.” Others were equally emphatic. “It would be really, really hard to fake these,” Davis said. According to Camp, “When the technical community examined the data, the conclusion was pretty obvious.”
It’s possible to impute political motives to the computer scientists, some of whom have criticized Trump on social media. But many of the scientists who talked to me for this story are Republicans. And almost all have strong incentives for steering clear of controversy. Some work at public institutions, where they are vulnerable to political pressure. Others work for firms that rely on government contracts—a relationship that tends to squash positions that could be misinterpreted as outspoken.
Was a Trump Server Communicating With Russia?
[Franklin Foer/Slate]
(via /.)