All Things Trump/Russia! (Resources)


#65

Complicated article on the question of whether Alfa Bank, Trump Organization and Spectrum Health were communicating just up to Sept 2016. Dexter Filkins, of the New Yorker does a deep dive into the what may have happened.

I do not fully understand the ins and outs of this, so if someone who wants to decipher, please do.

Excerpts
The hack of the D.N.C. seemed like a pernicious attack on the integrity of the Web, as well as on the American political system. The scientists decided to investigate whether any Republicans had been hacked, too. “We were trying to protect them,” Max said.

Max’s group began combing the Domain Name System, a worldwide network that acts as a sort of phone book for the Internet, translating easy-to-remember domain names into I.P. addresses, the strings of numbers that computers use to identify one another. Whenever someone goes online—to send an e-mail, to visit a Web site—her device contacts the Domain Name System to locate the computer that it is trying to connect with. Each query, known as a D.N.S. lookup, can be logged, leaving records in a constellation of servers that extends through private companies, public institutions, and universities. Max and his group are part of a community that has unusual access to these records, which are especially useful to cybersecurity experts who work to protect clients from attacks.

As Max and his colleagues searched D.N.S. logs for domains associated with Republican candidates, they were perplexed by what they encountered. “We went looking for fingerprints similar to what was on the D.N.C. computers, but we didn’t find what we were looking for,” Max told me. “We found something totally different—something unique.” In the small town of Lititz, Pennsylvania, a domain linked to the Trump Organization (mail1.trump-email.com) seemed to be behaving in a peculiar way. The server that housed the domain belonged to a company called Listrak, which mostly helped deliver mass-marketing e-mails: blasts of messages advertising spa treatments, Las Vegas weekends, and other enticements. Some Trump Organization domains sent mass e-mail blasts, but the one that Max and his colleagues spotted appeared not to be sending anything. At the same time, though, a very small group of companies seemed to be trying to communicate with it.

Examining records for the Trump domain, Max’s group discovered D.N.S. lookups from a pair of servers owned by Alfa Bank, one of the largest banks in Russia. Alfa Bank’s computers were looking up the address of the Trump server nearly every day. There were dozens of lookups on some days and far fewer on others, but the total number was notable: between May and September, Alfa Bank looked up the Trump Organization’s domain more than two thousand times. “We were watching this happen in real time—it was like watching an airplane fly by,” Max said. “And we thought, Why the hell is a Russian bank communicating with a server that belongs to the Trump Organization, and at such a rate?

The D.N.S. records raised vexing questions. Why was the Trump Organization’s domain, set up to send mass-marketing e-mails, conducting such meagre activity? And why were computers at Alfa Bank and Spectrum Health trying to reach a server that didn’t seem to be doing anything? After analyzing the data, Max said, “We decided this was a covert communication channel.”

The Trump Organization, Alfa Bank, and Spectrum Health have repeatedly denied any contact. But the question of whether Max’s conclusion was correct remains enormously consequential. Was this evidence of an illicit connection between Russia and the Trump campaign? Or was it merely a coincidence, cyber trash, that fed suspicions in a dark time?

One remarkable aspect of Foer’s story involved the way that the Trump domain had stopped working. On September 21st, he wrote, the Times had delivered potential evidence of communications to B.G.R., a Washington lobbying firm that worked for Alfa Bank. Two days later, the Trump domain vanished from the Internet. (Technically, its “A record,” which translates the domain name to an I.P. address, was deleted. If the D.N.S. is a phone book, the domain name was effectively decoupled from its number.) For four days, the servers at Alfa Bank kept trying to look up the Trump domain. Then, ten minutes after the last attempt, one of them looked up another domain, which had been configured to lead to the same Trump Organization server.
“I bark and I bark but I never feel like I effect real change.”

Max’s group was surprised. The Trump domain had been shut down after the Times contacted Alfa Bank’s representatives—but before the newspaper contacted Trump. “That shows a human interaction,” Max concluded. “Certain actions leave fingerprints.” He reasoned that someone representing Alfa Bank had alerted the Trump Organization, which shut down the domain, set up another one, and then informed Alfa Bank of the new address.

A week after the Times story appeared, Trump won the election. On Inauguration Day, Liz Spayd, the Times’ ombudsman, published a column criticizing the paper’s handling of stories related to Trump and Russia, including the Alfa Bank connection. “The Times was too timid in its decisions not to publish the material it had,” she wrote. Spayd’s article did not sit well with Baquet. “It was a bad column,” he told the Washington Post. Spayd argued that Slate had acted correctly by publishing a more aggressive story, which Baquet dismissed as a “fairly ridiculous conclusion.” That June, Spayd’s job was eliminated, as the paper’s publisher said that the position of ombudsman had become outdated in the digital age. When I talked to Baquet recently, he still felt that he had been right to resist discussing the server in greater depth, but he acknowledged that the Times had been too quick to disclaim the possibility of Trump’s connections to Russia. “The story was written too knowingly,” he said. “The headline was flawed. We didn’t know then what we know now.”

Trump’s advocates claimed that the investigations sponsored by Alfa Bank had proved that Alfa and the Trump Organization were not communicating. In fact, they sidestepped the question. Mandiant, one of the cybersecurity firms, said that it was unable to inspect the bank’s D.N.S. logs from 2016, because Alfa retained such records for only twenty-four hours. The other firm, Stroz Friedberg, gave the same explanation for why it, too, was “unable to verify” the data.

For some, the most baffling part of the puzzle was the way that the lookups stopped. The Trump domain vanished from the Web on the morning of Friday, September 23rd, two days after the Times presented its data to B.G.R., Alfa Bank’s lobbyists in Washington, but before it called Trump or Cendyn. In Max’s view, this was evidence of direct contact between Alfa Bank and Trump. One researcher whom Foer interviewed put it vividly: “The knee was hit in Moscow, the leg kicked in New York.” There is, however, at least one possibility that doesn’t involve Moscow: the lobbyists in Washington could have passed along a warning to Trump, as a courtesy. But B.G.R. denies doing this, calling the idea “ridiculous on its face.”

If Trump and Alfa Bank—as well as Spectrum Health and Heartland Payment Systems—were communicating, what might they have been talking about? Max and some of the other scientists I spoke to theorized that they may have been using the system to signal one another about events or tasks that had to be performed: money to be transferred, for instance, or data to be copied. “My guess is that, whenever someone wanted to talk, they would do a D.N.S. lookup and then route the traffic somewhere else,” Richard Clayton, of the University of Cambridge, said. Camp also speculated that the system may have been used to coördinate the movement of data. She noted that Cambridge Analytica, which was working for the Trump campaign, took millions of personal records from Facebook. In Camp’s scenario, these could have been transferred to the Russian government, to help guide its targeting of American voters before the election.

The researchers I spoke with were careful to point out that the limits of D.N.S. data prevent them from going beyond speculation.If employees of the companies were talking, the traffic reveals nothing about who they were or what they were saying; it is difficult to rule out something as banal as a protracted game of video poker. “If I’m a cop, I’m not going to take this to the D.A. and say we’re ready to prosecute,” Leto said. “I’m going to say we have enough to ask for a search warrant.” More complete information could be difficult to obtain. This March, after Republicans on the House Intelligence Committee announced that it had found no evidence of collusion between the Trump campaign and Russia, the committee’s Democrats filed a dissent, arguing that there were many matters still to be investigated, including the Trump Organization’s connections to Alfa Bank. The Democrats implored the majority to force Cendyn to turn over computer data that would help determine what had happened. Those records could show who in the Trump Organization used the server. There would probably also be a record of who shut down the Trump domain after the Times contacted Alfa Bank. Cendyn might have records of any outgoing communications sent by the Trump Organization. But the request for further investigation is unlikely to proceed as long as Republicans hold the majority. “We’ve all looked at the data, and it doesn’t look right,” a congressional staffer told me. “But how do you get to the truth?”

The enigma, for now, remains an enigma. The only people likely to finally resolve the question of Alfa Bank and the Trump Organization are federal investigators. Max told me that no one in his group had been contacted. But, he said, it wasn’t necessary for anyone in the F.B.I. to talk to him, if the agents gathered the right information from other sources, like Listrak and Cendyn. “I hope Mueller has all of it,” he said. :diamonds:


#66

The original story from October 2016, Slate explains the DNS server activity a little better than The New Yorker story.

Hunting for malware requires highly specialized knowledge of the intricacies of the domain name system—the protocol that allows us to type email addresses and website names to initiate communication. DNS enables our words to set in motion a chain of connections between servers, which in turn delivers the results we desire. Before a mail server can deliver a message to another mail server, it has to look up its IP address using the DNS. Computer scientists have built a set of massive DNS databases, which provide fragmentary histories of communications flows, in part to create an archive of malware: a kind of catalog of the tricks bad actors have tried to pull, which often involve masquerading as legitimate actors. These databases can give a useful, though far from comprehensive, snapshot of traffic across the internet. Some of the most trusted DNS specialists—an elite group of malware hunters, who work for private contractors—have access to nearly comprehensive logs of communication between servers. They work in close concert with internet service providers, the networks through which most of us connect to the internet, and the ones that are most vulnerable to massive attacks. To extend the traffic metaphor, these scientists have cameras posted on the internet’s stoplights and overpasses. They are entrusted with something close to a complete record of all the servers of the world connecting with one another.

Earlier this month, the group of computer scientists passed the logs to Paul Vixie. In the world of DNS experts, there’s no higher authority. Vixie wrote central strands of the DNS code that makes the internet work. After studying the logs, he concluded, “The parties were communicating in a secretive fashion. The operative word is secretive. This is more akin to what criminal syndicates do if they are putting together a project.” Put differently, the logs suggested that Trump and Alfa had configured something like a digital hotline connecting the two entities, shutting out the rest of the world, and designed to obscure its own existence.

Read More Here :point_down:

Personal Note:
This is also the story that bugged me so much when first read it, I felt compelled to keep following the whole Trump/Russia connection. Two years later, later here we all are… :woman_shrugging:t2:


#67

Infuriating…and built around Secretive = plausible denial = so far full denial.

Curious that Alfa Bank was the only contact that tried to reach the new T server…

Then areas which should be able to be transparent like server addresses have been queried.

Didn’t the some of the Cyber Security team leave the FBI?..You wonder if these guys helped on the investigation. And Mueller’s team lost one too…

Three top cybersecurity officials at the FBI are stepping down, The Wall Street Journal reported, citing people familiar with the matter.

The departures come at a particularly sensitive time for cybersecurity concerns in the U.S. as special counsel Robert Mueller investigates Russian interference in the 2016 election and top intelligence officials warn of continued Kremlin attempts to attack the American election system.

The Journal reported that David Resch, a cybersecurity head in the agency’s division that handles investigating financial crime and organized crime; Scott Smith, assistant FBI director and head of the Bureau’s cyber division; and Smith’s deputy, Howard Marshall, have either already departed or will leave within the month.

We need more cyber security experts from within FBI/Mueller’s team rather than fewer…:zipper_mouth_face:


#68

We do know that the Mueller team does not leak to the press, making it hard to gage where and what they have investigated thus far. While what we’re reading is intriguing, it may not reflect on what is pertainant to the federal investigators. Fascinating none the less.


#69

Yes, Mueller’s team has shown it can present evidence on a granular level, and one cyber expert leaving does not mean that they haven’t already discovered what they need. I agree.


#70

Very topical tonight on MSNBC @Pet_Proletariat

Chris Hayes spoke with Franklin Foer

Maddow spoke w/ Filkins about his New Yorker writing on the Alfa Bank/T Tower communications via servers. Suggesting it may have been a “folder” type of communication - ie, what Manafort used - keep messaging within a draft folder that others can open and communicate without sending.

Links might be available later I would imagine

May be tomorrow here…

Not sure where to find Chris Hayes…except that they both REPEAT tonight. Maddow at 9p and Chris at 12Mid


#71

Curious…

The office of Russia’s infamous troll factory believed to be at the vanguard of Russia’s information war has been set on fire in St. Petersburg overnight.

At 3am Tuesday morning, someone set fire to the offices of the restructured Kremlin-linked troll factory, the Internet Research Agency, that was responsible for much of Russia’s 2016 U.S. election interference.

Moscow Times:

An investigation revealed last year that the secretive troll factory had rebranded itself as a media conglomerate with 16 news websites generating more than 30 million pageviews every month. Its operational hub, a website called FAN (Federal News Agency), is based a stone’s throw from the troll farm’s original location in northern St. Petersburg.

The Fontanka.ru news website cited police as saying that an unknown suspect broke the agency’s ground-floor window and threw a Molotov cocktail inside at around 3 a.m. on Tuesday.

Surveillance footage published by FAN showed flames erupting at one of the empty workstations and a female staffer stationed on the opposite end quickly exiting the office.

“I believe this is tied to FAN’s activities,” its chief editor Yevgeny Zubarev said. “We’re most often attacked online, but these types of attacks have already taken place offline.”

FAN said its office came under another arson attack on the eve of the 2018 presidential elections in March.

(...)

St. Petersburg police told the RBC news website that they were looking for the culprit and planned to launch criminal proceedings.


(M A Croft) #72

Oh Dear! There goes a couple of my regular monthly BOT visits… :slight_smile:

I manage a small website for my local church here, and we have a couple of visits every month from St Petersburg.

http://www.thamesunionparish.org.nz/

I think the name “Thames” may confuse them thinking it is somewhere in the UK. The name actually was given by James Cook on his first visit to NZ in 1769. The Firth, over which I currently look, reminded him of the Firth of Thames in England - except it was Christmas time and the coast was covered in pohutakawa.


(M A Croft) #73

Perhaps Putin’s style of dealing with those who cross him is why Trump kisses his arse at every opportunity.

Falling from balconies, defenestration, poisonings, involuntary suicides, helicopter crashes, and now death by dog leash.

LONDON—Nikolai Glushkov, a Russian émigré, lived alone in a weather-beaten row house in South London with an aging dog and a cat named Braveheart. It was the waning days of March, and he was readying himself for something big.

The onetime finance director of Russia’s flagship airline, he was preparing for a trial in a London court. He told friends it would prove his innocence of longstanding financial charges by Russian authorities and expose Aeroflot Russian Airlines as a front for Russian security services. The case could also prove embarrassing for President Vladimir Putin, by illuminating a piece of post-Soviet history the Russian government has tried to erase.

After running out of funds to pay his own lawyers, Mr. Glushkov, 68 years old, planned to represent himself, and had amassed tomes on British law and forensic accounting. “This case was his purpose in life,” said Georgy Shuppe, a friend and former business partner. “He was not going to give up.”

On the eve of a preliminary court hearing, Mr. Glushkov stopped answering his phone. When his daughter drove to his house to investigate, she found him inside, strangled to death with a dog leash. Later that night, dozens of anti-terror police cordoned off the house and began digging holes in his yard.

https://www.wsj.com/articles/a-trio-of-wealthy-russians-made-an-enemy-of-putin-now-theyre-all-dead-1539181416?mod=e2fb


#74

Thanks for the WSJ article – it’s timely for me because I was just doing some research on the scores of suspicious deaths that are linked to possible GRU reprisals and cover ups. I haven’t found a list that exhaustively compiles them all – they seem to fall into categories: Russian diplomats who’ve died mysteriously, ex-spies assassinated in the UK, journalists and political opponents bumped off in Russia, etc. If anyone comes across a comprehensive list, please post here. In the meantime, here is a list of lists.

Putin has delivered a chilling message: “Cross me and you’re dead. Even if you don’t cross me, but you know too much about me, your untimely death could simply be a part of damage control.” And this is the world leader Trump admires most.

BTW, there is a little overlap between these lists, but not much, and they don’t even include the latest (it’s hard to keep up!):

If you’re ready for a deep dive into Putin’s assassination factory, here’s a remarkable seven-part series from BuzzFeed – it requires a significant time commitment, but is enthralling – like reading a spy novel. This is Part 1 which includes links to the other installments:


#75

Some words from Putin, strongman talk…Maybe he acts like that with someone else, but in that case they are to blame. I have a completely normal and professional dialogue with him and of course he listens

Article in Moscow Times

Putin Says Trump Listens to Him and Wants to Repair U.S.-Russia Ties

Russia’s Vladimir Putin said on Thursday that U.S. President Donald Trump listened to him and was keen to improve battered U.S.-Russia ties despite the complicated domestic political situation in the United States.

Putin, who was speaking at a discussion forum in the Black Sea resort of Sochi, made the comments when asked if he agreed that Trump only listened to himself.

Putin said he thought the U.S. president wanted to stabilize the troubled relationship between Moscow and Washington and said it was not true that Trump only listened to himself.

Maybe he acts like that with someone else, but in that case they are to blame. I have a completely normal and professional dialogue with him and of course he listens. I see that he reacts to his interlocutor’s arguments,” said Putin.

The Russian leader said it was normal they disagreed about many things, something he said was normal in discussions with foreign leaders.


#76

Russian National charged with interfering in the 2018 midterms. Gutsy move by our Intelligence groups.

Russian National Charged with Interfering in U.S. Political System

A criminal complaint was unsealed in Alexandria, Virginia, today charging a Russian national for her alleged role in a Russian conspiracy to interfere in the U.S. political system, including the 2018 midterm election. Assistant Attorney General for National Security John C. Demers, U.S. Attorney G. Zachary Terwilliger of the Eastern District of Virginia, and FBI Director Christopher Wray made the announcement after the charges were unsealed.

Today’s charges allege that Russian national Elena Alekseevna Khusyaynova conspired with others who were part of a Russian influence campaign to interfere with U.S. democracy,” said Assistant Attorney General Demers. “Our nation is built upon a hard-fought and unwavering commitment to democracy. Americans disagree in good faith on all manner of issues, and we will protect their right to do so. Unlawful foreign interference with these debates debases their democratic integrity, and we will make every effort to disrupt it and hold those involved accountable.”


#77

An independent Russian newspaper reports Yevgeniy Viktorovich Prigozhin, the man nicknamed “Putin’s chef” whom Special Counsel Robert Mueller has indicted for 2016 U.S. election interference, allegedly has been involved in brutal attacks and at least one killing. (from Committee to Investigate Russia)

Missing Journalist/ex con - Alemchenko more than likely killed off by Putin’s Chef Yevgeny Prigozhin

AP excerpt

MOSCOW (AP) — A security aide to Yevgeny Prigozhin, a Russian businessman who has been indicted by American investigators for allegedly trying to interfere with the 2016 U.S. election, says the mogul has been involved in attacks on several people and at least one killing, an independent Russian newspaper reported Monday.

Prigozhin has been dubbed “Putin’s chef” for organizing catering events for Russian President Vladimir Putin and even personally serving him and his guests on some occasions.

The Novaya Gazeta article Monday by reporter Denis Korotkov came out several days after unknown people sent a funeral wreath to the journalist’s home and left a basket with a severed goat’s head at the newspaper’s office.

Korotkov’s article relies on several interviews with Valery Alemchenko, a former convict who worked for Prigozhin. Alemchenko said he orchestrated attacks on Prigozhin’s opponents as well as the killing of an opposition blogger in northwest Russia, all at the mogul’s behalf.

Amelchenko also said several people working for Prigozhin had traveled to Syria last year to test an unknown poison on Syrians who refused to fight for Syrian President Bashar Assad’s government. Novaya Gazeta corroborated the account with two other sources.

Amelchenko disappeared early this month shortly after meeting the reporter and telling him that he was being followed. Korotkov said he received a call from Amelchenko’s phone later that day and when he went to the man’s house, he found two cellphones and what looked like his shoe lying on the ground.

Amelchenko is now on a Russian police list of missing persons.

U.S. authorities on Friday also brought charges against another Prigozhin employee, bookkeeper Elena Khusyaynova, for helping oversee the finances of a so-called troll farm in the Russian city of St. Petersburg that aimed to influence U.S. politics through social media postings. When reached by phone on Monday, the woman’s ex-husband, Ravil Khusyaynova, told The Associated that he had spoken to her and she refuses to speak to the media.


(Renee) #78

That and taking Russian PAC $$…reference earlier…makes wonder how much money has really been paid… The gift that keeps on giving - Citizens United!