Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Powder Miner]

>keep an eye on the election booths for me guys

jesus christ really

[Reelya]

https://news.slashdot.org/story/16/11/01/019251/computer-scientists-believe-a-trump-server-was-communicating-with-a-russian-bank

In light of the Democratic National Committee hack by the Russians earlier this year, a "tightly knit community of computer scientists" working in a variety of fields came up with the hypothesis, "which they set out to rigorously test: If the Russians were worming their way into the DNC, they might very well be attacking other entities central to the presidential campaign, including Donald Trump's many servers." In late July, one of the scientists who asked to be referred to as Tea Leaves discovered possible malware emanating from Russia, with the destination domain having Trump in its name. What the researcher saw "was a bank in Moscow that kept irregularly pinging a server registered to the Trump Organization on Fifth Avenue".

Slate Magazine reports: More data was needed, so he began carefully keeping logs of the Trump server's DNS activity. As he collected the logs, he would circulate them in periodic batches to colleagues in the cybersecurity world. Six of them began scrutinizing them for clues. The researchers quickly dismissed their initial fear that the logs represented a malware attack. The communication wasn't the work of bots. The irregular pattern of server lookups actually resembled the pattern of human conversation -- conversations that began during office hours in New York and continued during office hours in Moscow. It dawned on the researchers that this wasn't an attack, but a sustained relationship between a server registered to the Trump Organization and two servers registered to an entity called Alfa Bank. The server was first registered to Trump's business in 2009 and was set up to run consumer marketing campaigns. It had a history of sending mass emails on behalf of Trump-branded properties and products. Researchers were ultimately convinced that the server indeed belonged to Trump. But now this capacious server handled a strangely small load of traffic, such a small load that it would be hard for a company to justify the expense and trouble it would take to maintain it. That wasn't the only oddity. When the researchers pinged the server, they received error messages. They concluded that the server was set to accept only incoming communication from a very small handful of IP addresses.

[Powder Miner]

god, the lying and corruption from both camps just
keeps
coming

like, you would think there would be a point where it would stop coming but
no

it never runs out
it's to the point people don't care anymore

[NullForceOmega]

Is it time for the fire yet?

[Reelya]

Yeah, that latest story is a dinger. Trump has a server which talks to the Russians. But it seems to reject virtually any other IP address, and it's hardly used for any of it's original purpose. So they have this heavy-duty server which only listens for chat from the Russians.

Even given it's 1 week from the election, I think this story is more "need to know" than that they found emails on Anthony Weiner's laptop that may or may not be the same emails we already know about.

[LoSboccacc]

it's to the point people don't care anymore

eh it's kind of amazing every lunatic conspiracy theorist out there won't ever be able to up this election, I follow this with more interest than house of cards.

[Reelya]

Not in the slashdot article, but apparently in the original Slate article it mentions that the Trump Server->Russian Bank email traffic spiked up whenever there was big election news. That was mentioned to someone on Slashdot who was trying to hand-wave it away as some defunct server they'd probably forgotten about and then said "don't forget CLINTON EMAILS"

[Reelya]

That argument doesn't even make sense.

1) this is new, physical evidence

2) of Trump's direct links to Russian banks

What's the most hilarious is that you're using "Appeal to Authority" with the FBI, but when the FBI cleared Clinton of wrongdoing they completely ballsed it up. Doing "Appeal to Authority" selectively when it suits you just looks retarded. They either are, or are not, the authority. Not just when it suits you.

[Reelya]

But hey the FBI were wrong when they cleared Clinton, right?

Anyway, the FBI's excuse was that the Trump server was receiving "spam emails" from the Russian bank. But that sounds really unlikely. People looked into this long enough that if it was mass-marketing material, packets aimed at other places would have appeared. If it was spam, it would have to be specifically spam directed at mr trump.

The original story also mentions that they kept complete logs of the DNS activity of Trump's servers. The communication was 2-way:

That wasn’t the only oddity. When the researchers pinged the server, they received error messages. They concluded that the server was set to accept only incoming communication from a very small handful of IP addresses.

Eighty-seven percent of the <Trump server> DNS lookups involved the two Alfa Bank servers. “It’s pretty clear that it’s not an open mail server,” Camp told me. “These organizations are communicating in a way designed to block other people out.”

Earlier this month, the group of computer scientists passed the logs to Paul Vixie. In the world of DNS experts, there’s no higher authority. Vixie wrote central strands of the DNS code that makes the internet work. After studying the logs, he concluded, “The parties were communicating in a secretive fashion. The operative word is secretive. This is more akin to what criminal syndicates do if they are putting together a project.” Put differently, the logs suggested that Trump and Alfa had configured something like a digital hotline connecting the two entities, shutting out the rest of the world, and designed to obscure its own existence. Over the summer, the scientists observed the communications trail from a distance.

Basically, the FBI argument sounds pretty retarded as an explanation.

[Reelya]

A one-liner about receiving spam emails is not a "decent explanation" for why almost all the outbound traffic from this trump server was aimed at Russia. And the idea that it was just pinging responses seems unlikely.

Also some guy on twitter, great source. The slate article cites a lot of leading security experts who've looked into this. One sysadmin on twitter claims he knows better than cybersecurity professionals. It's not such a great source.

Tea Leaves and his colleagues plotted the data from the logs on a timeline. What it illustrated was suggestive: The conversation between the Trump and Alfa servers appeared to follow the contours of political happenings in the United States. “At election-related moments, the traffic peaked,” according to Camp. There were considerably more DNS lookups, for instance, during the two conventions.

[Reelya]

He's saying it more or less random pingings, tech stuff, automatic pingbacks etc.

He's saying the Trump server was outbound mail only, and that the return pings were just digital responses basically. But if the server registered to Trump is a mail server that originated the traffic, then why was 87% of their total traffic aimed at Alfa Bank? And why did outbound email traffic to Russia's Alfa Bank skyrocket after Trump was nominated?

This also contradicts the FBI statement that the cause of this was spam email from the Russians.

[Reelya]

But the point is, if that twitter guy is correct, then 87% of that traffic is from a server registered to Trump to that specific Russian bank. Why exactly did they start emailing this one Russian company all the time right after Trump was nominated?

I mean, if Clinton was constantly emailing Russian oligarchs from a private server, I doubt you'd handwave it away like you're doing now.

[Sheb]

Jeez, going to side with Covenant here, this here seems like crap. I mean, even if some parts of the Trump organization have link with a Russian bank, so what? He gots dealing there.

[Reelya]

It seems like a real double standard about private email servers however. Something like this would be considered a smoking gun by the same people trying to brush it aside, purely based on which candidate it happened to.

Jeez, going to side with Covenant here, this here seems like crap. I mean, even if some parts of the Trump organization have link with a Russian bank, so what? He gots dealing there.

Because they're lying about it.

[LoSboccacc]

It seems like a real double standard about private email servers however.

Trump wasn't an official tho, hence double standard justified. Also Clinton unsecure email was confirmed with actual data leaked from it, is this really Trump's?