Mar 10 2017

About That Infamous “Trump Server”

Published by at 1:45 pm under All General Discussions,Obama and FISA

 

If you are wondering what in the world was the basis for all the investigating of candidate Trump and his ties to Russian banks, you have to refer back to the detailed (I would say “too detailed”) article from Slate.com on Oct 31, 2016. This is the article Hillary Clinton famously tweeted out on the same day (H/T to Kevin Johnson for the image below):

The article and tweet appear to be too well timed, giving the impression of an orchestrated media blitz. Especially since it is also in October that the Obama administration supposedly gets a court warrant (FISA or otherwise is still not clear) into this very matter. We know today that the only remaining element of the investigation of Team Trump is financial ties to Russian banks, which seems to have been initiated by events covered in the original Slate story.

To be clear, I think the Slate reporter was given a bounty of details and help from all his sources, who probably are more than he lets on (or he understood). He could have been the useful tool of a broader effort. He writes like he wants to protect the world from evil. His sources seem a bit more cunning. So let’s see what we can find?

Let me begin with the follow-up story that came out a day after the first, which exposes many gross fallacies in the first story that Hillary so cheerfully tweeted about. These fallacies blow holes in the remaining narrative being peddled to this day by the Fake News Media regarding Trump connections to Russia. The big error – it was a Trump server:

1) Does Trump control the server in question?

In a detailed post critiquing my piece, cybersecurity expert Rob Graham wrote, “The evidence available on the Internet is that Trump neither (directly) controls the domain trump-email.com, nor has access to the server.” This echoes the point raised by Vox, the Intercept, and others that the server was not operated by the Trump Organization directly. Rather, it was run and managed by Cendyn, a vendor that organizes email marketing campaigns for hotels and resorts.

Whoa there Nelly! This server was not owned or managed or maintained by Trump, his campaign or his business?

That’s right folks.  This server belonged to an email service provider that some entity associated with Trump bought services from. That’s like linking me (or anyone) to a Google Server using a gmail account as the smoking gun.

How is this server then tied to Donald Trump or his campaign associates? Is this the thin reed upon which the transcript of Gen Flynn’s phone conversation with the Russian Ambassador was leaked to the media?

The server was used to broadcast out marketing materials, specifically about Trump hotels:

This suggests that most of the emails that emanated from this address were mass emails, related to loyalty programs, discount offers, and the like.

The Intercept has since turned up at least two examples of a Trump email, promoting hotels, being sent from that server in 2015 and 2016.

Remember this when we get to the original story, because you will read a lot about so-called cyber security experts being totally flummoxed over this server and what it could mean. How any serious computer or cyber security expert could be so easily baffled is itself a bit of a tell in itself.

The reporter later on exposes his motives on covering this, which seem naively altruistic, if not suffering from stage-4 tunnel-vision:

I pursued this story because I was impressed by the emphatic belief of the experts I consulted, my suspicions were raised by the evidence they presented, and I thought I would be remiss if I sat on data that I believed deserves to be evaluated and understood before we elect the next president. The underlying context for the piece is that Donald Trump has cultivated a troubling relationship with Russia, …

So let’s get to the meat of the matter. Sorry this will be long, but the article is long – too long, too detailed. The author begins with a lot of flowery praise about the wonders of the internet before he introduces the players in this little saga, a posse of Duddley-Do-Rights:

But a small, tightly knit community of computer scientists who pursue such work—some at cybersecurity firms, some in academia, some with close ties to three-letter federal agencies—is also spurred by a sense of shared idealism and considers itself the benevolent posse that chases off the rogues and rogue states that try to purloin sensitive data and infect the internet with their bugs.

Excuse me while a vomit over the amazingly sainted-purpose of these Knightly Crusaders. Oh, to be young and gullible!

Sadly, my half century plus on this little orbiting planet has left me very cynical, especially when it is laid on this thick.

My view: this tight knit community spies for the US government and they have something they want to get out into the press:

In late spring, this community of malware hunters placed itself in a high state of alarm. Word arrived that Russian hackers had infiltrated the servers of the Democratic National Committee, an attack persuasively detailed by the respected cybersecurity firm CrowdStrike. The computer scientists posited a logical hypothesis, which they set out to rigorously test: If the Russians were worming their way into the DNC, they might very well be attacking other entities central to the presidential campaign, including Donald Trump’s many servers. “We wanted to help defend both campaigns, because we wanted to preserve the integrity of the election,” says one of the academics, who works at a university that asked him not to speak with reporters because of the sensitive nature of his work.

Late Spring [2016], eh? Donald Trump’s was central to the presidential campaign in late spring? I thought he was still a laughable long shot?

So out of the goodness of their hearts (and obviously without pay), these champions of decency decided to protect Donald Trump’s campaign? Sadly they screwed up here big time. Note the use of “both campaigns“. In late Spring Hillary had yet to vanquish Bernie, so there were more than two campaigns to protect. This excuse fails the laugh test.

Again note the “sensitive nature” of this person’s work – read “Intelligence Community”.

In late July, one of these scientists—who asked to be referred to as Tea Leaves, a pseudonym that would protect his relationship with the networks and banks that employ him to sift their data—found what looked like malware emanating from RussiaThe destination domain had Trump in its name, which of course attracted Tea Leaves’ attention. But his discovery of the data was pure happenstance—a surprising needle in a large haystack of DNS lookups on his screen.

Yeah, Tea Leaves just happened to accidentally type “T-R-U-M-P” into his search of DNS entries and out popped this magical server. See this is why this stinks of a fictional story: all purity, light and … accidental.

Then, there are too many details, details only the intelligence community would know – for example:

Alfa Bank emerged in the messy post-Soviet scramble to create a private Russian economy. Its founder was a Ukrainian called Mikhail Fridman. He erected his empire in a frenetic rush—in a matter of years, he rose from operating a window washing company to the purchase of the Bolshevik Biscuit Factory to the co-founding of his bank with some friends from university. Fridman could be charmingly open when describing this era. In 2003, he told the Financial Times, “Of course we benefitted from events in the country over the past 10 years. Of course we understand that the distribution of state property was not very objective. … I don’t want to lie and play this game. To say one can be completely clean and transparent is not realistic.”

To build out the bank, Fridman recruited a skilled economist and shrewd operator called Pyotr Aven. In the early ’90s, Aven worked with Vladimir Putin in the St. Petersburg government—and according to several accounts, helped Putin wiggle out of accusations of corruption that might have derailed his ascent. (Karen Dawisha recounts this history in her book Putin’s Kleptocracy.) Over time, Alfa built one of the world’s most lucrative enterprises. Fridman became the second richest man in Russia, valued by Forbes at $15.3 billion.

Alfa’s oligarchs occupied an unusual position in Putin’s firmament. They were insiders but not in the closest ring of power. “It’s like they were his judo pals,” one former U.S. government official who knows Fridman told me. “They were always worried about where they stood in the pecking order and always feared expropriation.” Fridman and Aven, however, are adept at staying close to power.

Reads like an Intel dossier on niche Russian players. If this came out of this close knit community of cyber nerds, they need to get themselves employed by the Intelligence Community ASAP. They are doing apparent Pro Bono work that commands high salaries around DC.

But of course, the fact is the sources do work for the Intelligence Community:

(I communicated extensively with Tea Leaves and two of his closest collaborators, who also spoke with me on the condition of anonymity, since they work for firms trusted by corporations and law enforcement to analyze sensitive data. They persuasively demonstrated some of their analytical methods to me—and showed me two white papers, which they had circulated so that colleagues could check their analysis. I also spoke with academics who vouched for Tea Leaves’ integrity and his unusual access to information.

“Unusual access to information”, eh? Like lifetime profiles on bad Russian Hombres?

Both articles are long and replete with diversionary filler and embellishments. But the essence is clear – people with ties to the US Intelligence Community fed a possibly-naive wannabe-hero a lot of material to lay the context of a Trump-Russia connection.

Except, that connection was laid on the flimsiest of foundations – a server not owned or managed by the Trump campaign. A server that had confusing data patterns and configurations that stymied these cyber geniuses in their quest to save humanity:

What the scientists amassed wasn’t a smoking gun. It’s a suggestive body of evidence that doesn’t absolutely preclude alternative explanations. But this evidence arrives in the broader context of the campaign and everything else that has come to light: The efforts of Donald Trump’s former campaign manager to bring Ukraine into Vladimir Putin’s orbit; the other Trump adviser whose communications with senior Russian officials have worried intelligence officials; the Russian hacking of the DNC and John Podesta’s email.

Apparently, if this was not about the Presidential campaign then these cyber crusaders would not have felt it important enough to spend the 100’s of hours research and analysis evident in this “narrative”. And if there had not been suspicious communications between Russia and Team Trump (which worried intelligence officials snooping on said members of Team Trump) the context would be more benign.

The fact these sources conveyed clear concerns within the Intelligence Community regarding NSA surveillance data (only possible source for these concerns when you are talking intercept) is telling. This article makes clear  the Obama administration was neck deep in reviewing NSA intercepts associated with “T-R-U-M-P” before the election, since this is clearly reported in the article.

We have a serious problem in this country with the cavalier misuse of resources that were put in place to protect us from outside attack. These resources have no business getting involved in Presidential campaigns

One response so far

One Response to “About That Infamous “Trump Server””

  1. Neo says:

    One of the best stories about this server is ..
    http://www.cnn.com/2017/03/09/politics/fbi-investigation-continues-into-odd-computer-link-between-russian-bank-and-trump-organization/index.html

    Last year, a small group of computer scientists obtained internet traffic records from the complex system that serves as the internet’s phone book. Access to these records is reserved for highly trusted cybersecurity firms and companies that provide this lookup service.
    These signals were captured as they traveled along the internet’s Domain Name System (DNS).
    These leaked records show that Alfa Bank servers repeatedly looked up the unique internet address of a particular Trump Organization computer server in the United States.
    In the computer world, it’s the equivalent of looking up someone’s phone number — over and over again. While there isn’t necessarily a phone call, it usually indicates an intention to communicate, according to several computer scientists.
    What puzzled them was why a Russian bank was repeatedly looking up the contact information for mail1.trump-email.com.
    Publicly available internet records show that address, which was registered to the Trump Organization, points to an IP address that lives on an otherwise dull machine operated by a company in the tiny rural town of Lititz, Pennsylvania.
    From May 4 until September 23, the Russian bank looked up the address to this Trump corporate server 2,820 times — more lookups than the Trump server received from any other source.
    As noted, Alfa Bank alone represents 80% of the lookups, according to these leaked internet records.
    Far back in second place, with 714 such lookups, was a company called Spectrum Health.
    Spectrum is a medical facility chain led by Dick DeVos, the husband of Betsy DeVos, who was appointed by Trump as U.S. education secretary.
    Together, Alfa and Spectrum accounted for 99% of the lookups.

    The server is located at a company called Listrak (www.listrak.com) which primarily does promotions for stores.

    Frankly, this is pretty thin gruel.

Leave a Reply

You must be logged in to post a comment.