Diary

The Amazing Talking Computers- Part 1

(AP Photo/Craig Ruttle)

One mystery of the Steele dossier was the case of the Alfa bank server allegedly communicating with a Trump Organization server.  There are many inconsistencies in the “evidence” that leads one to believe that the ghost of conspiracy theorists past is alive and well on the Left.

According to the Mueller report, Petr Aven, a Russian oligarch close to Putin, approached Richard Burt, a Washington lobbyist in Luxembourg.  Aven told Burt that someone high in the Russian government (Putin) wanted to establish a backchannel means of communication with the Trump transition team.   

For his part, Burt had worked with the Trump campaign helping to draft an important foreign policy speech Trump delivered in April 2016 and had met with Jeff Sessions throughout the campaign.  Burt had also assisted Alfa bank with a gas pipeline.   

The purported reason for the backchannel communication was fears that Alfa bank would be sanctioned at some point by the US government and Putin had suggested to Aven that he cover himself should that occur.   Burt took the idea to Dimitri Simes of a Washington think tank and requested that Simes meet Jared Kushner to suggest the idea.  Unexplained is why Putin would think that the Alfa bank would be sanctioned.  That was the supposed reason for the means of communication, but Alfa bank was not nor is it now a sanctioned Russian entity, nor none of its members.

Still, there exists the belief that the bank is up to its eyeballs in controversy.  That is because beginning in the spring of 2016, computer sleuths claim that the bank’s server in Russia had “pinged” a rarely used Trump Organization server more than 2,700 times with computer domain name “look-ups.”  These were identified by “independent” computer analysts tracking Internet traffic.  

One of the key “experts” was Jean Camp, a professor at Indiana University.  She examined the “look ups,” thought it strange, and suggested further investigation among the cyber sleuth community claiming the internet traffic had characteristics of a covert email chain.  The Trump server was taken down in September 2016 when people started talking about it.  One former FBI cyber analyst looked at the data and noted that 80% of the traffic going to the Trump server was coming from Alfa bank. 

These computer sleuths claim they were reacting to news of the DNC hack reported by the Washington Post and that they started their project by looking at internet traffic not only of Trump, but other candidates.   

When they looked at the internet traffic on the Trump servers, they realized it was not malware or the work of bots and instead said it looked like human conversation.  Further, they claimed the conversations started in New York’s time zone and continued during Moscow’s time zone working hours.  Here we encounter another illogical assumption on the part of Camp.  If there was this nefarious communication going on, does Camp and others honestly believe it only is occurring from 9-5 everyday?  They came to believe that there was a sustained relationship between the Alfa server and a Trump server.

That Trump server was first set up in 2009 to run marketing campaigns.  Some of the sleuths thought the configuration was strange, but they were looking at a server setup and configured seven years previous.  The server’s history showed that it sent mass emails on behalf of Trump properties and products.  Admittedly, the server handled a small amount of email daily.  When the researchers pinged the server, they received an error notice and concluded that the server was set up to receive only emails from a few select IP addresses.  A small segment of the logs showed communication with a Michigan-based company called Spectrum Health.  Spectrum did their own analysis which found no communications with the Trump server or that of Alfa bank.  They did find a number of spam marketing emails from a company called Cendyn advertising Trump hotels.

The sleuths then took the “evidence” to Paul Vixie, some kind of computer zen master when it comes to domain names, and he initially concluded there was something secretive and possibly nefarious going on.  It appeared as if the Trump server and that of Alfa bank had created a digital hotline between the two that effectively shut out everyone else.  The problem for these sleuths is that one can see the trail of transmissions, but you cannot see what was actually transmitted.  It could be a spam email bouncing off each server, or a message repeatedly looking for an address.

A domain name service (DNS) is one of the main features of the internet.  It is what allows you to use an email address or find a website to begin communication.  It sets into motion a chain of connections between servers so that it returns the proper response.  Before you send a message- an email, for example- the DNS “lookup” the IP address.  

The DNS is like an old phone book.  Suppose Samantha looked up Stephen’s name and phone number in the phone book then put aside the book.  No phone call is ever made, no words exchanged…not even a call and hang-up; she just looked in the book.  We can safely say there was no communication between Samantha and Stephen.  Now suppose she does this 2,700 over several days, or months.  Still, there is no communication.  That is the essence of the lookup controversy.  The fact is that a DNS lookup is perhaps the most ordinary action on the internet.  It occurs whenever a computer has to connect to another known computer, or to check for spam.  There is no cost to perform a lookup, even if there are millions of them, or 2,700.

For security and confidentiality reasons, DNS logs are not publicly available.  This begs the question where these computer sleuths obtained the logs of the servers.  There are three possibilities: they stole them, they forged them, or they altered them.  One independent analysis of the logs indicated they were forged or altered.  One outlet, The Intercept, was provided with different versions suggesting forgery or alteration.  

Like any business, the Trump Organization sends emails all the time to former, current and prospective clients.  Alfa bank is the largest in Russia and there is likely overlap between their clients and those of the Trump Organization.  An email sent by Trump or an email sent by Alfa is likely to trigger a lookup on the other, but not only each other, but also other third party clients that they may share.  There are other ways to set up secretive backchannels of communication.

The computer nerds said the communication was between a Trump server on Fifth Avenue in New York, which would be Trump Tower.  Instead, the geeks plotted the server traffic on a timeline and noted that it peaked at particular moments which happened to coincide with political happenings domestically.  The ENTIRE 2016 campaign was a political happening.  When the New York Times started poking around into this communication between the servers, the Trump server stopped working, but within a few days, a new domain name was established and the two servers started pinging one another.

The Steele dossier mentions this alleged illicit communication between the Trump campaign and Alfa bank.  Not satisfied with the pace of the FBI investigation since he was under a time constraint, we know that Steele started talking to journalists.  In fact, Slate was the first to publish anything about this late in October and is the source of the Vixie and Camp analysis.  But the FBI was also using the stuff in the Steele dossier.  Within that collection of “intelligence” was an entire report dedicated to Alfa bank.  Steele misspells the bank as “Alpha.”

When Buzzfeed published the dossier in early 2017, Alfa bank and its owners sued Steele.  During testimony, Steele said he became aware of the connection between the Trump campaign and the bank not through his cadre of second-hand informers, but from Michael Sussman.  This is the same lawyer for Perkins Coie who arranged for Fusion GPS to pick up the research.  

Not only had Sussman gone to Steele, but also to James Baker- the counsel at the FBI.  Steele was attempting to inject the allegations into the media and he found only one willing taker, Slate.  The allegations of Steele in his memo are meant to support the findings of Camp, and vice versa.  But Steele made an error when he spelled the bank name wrong as “Alpha” instead of “Alfa.”  If his sources were so strong, surely whoever, including Steele, would have known the correct spelling of the largest bank in Russia.

The length to which Camp and others went to in order to peddle this story is interesting.  There was the assertion that the Spectrum Health IP address is a Tor exit node.  In this scenario, Alfa bank enters a Tor node somewhere and the “message” exits at Spectrum Health untraceable.  First, there is no reason whatsoever Spectrum Health would use Tor.  Further, analysis of the Spectrum Health IP address determined that they did not use Tor during this time period.  They claimed that only two networks resolved the new Trump domain name, but subsequent analysis determined that at least 19 IPs managed to do so.  Spectrum Health did provide the Intercept with one “communication-” a two-night stay at a Trump hotel.

Cendiant is a well-respected cybersecurity company who was hired by Alfa after reporters came sniffing.  The company determined that there not only wasn’t a backchannel communications line, but the Alfa server was likely performing so many DNS lookups trying to determine where the spam emails about Trump products were coming from since this can be detected by security software installed on a server.  Another tidbit of information left out by the experts is the fact that Cendyn actually subcontracts and outsources marketing emails to a company called Listrak which is run out of a data center in Philadelphia.  

It was Cendyn- not the Trump Organization- that registered the Trump email name used so unless they are also involved in the backchannel conspiracy, it is highly probable that neither Trump nor anyone in his campaign was aware.  Other internet sleuths have found the Trump email address “pinging” servers all over the world, not just Russia.  Even the legendary Vixie, upon whom the Slate article quotes and relies upon, told the Intercept that the lookups were not evidence of anything conclusive.