While the news has been swirling around the FBI’s investigation into the Anthony Weiner emails that might implicate Hillary Clinton, the FBI has also been conducting an inquiry into the ties between former Donald Trump campaign manager Paul Manafort and Russia.
On Sunday, Senate Minority Leader Harry Reid stated that FBI director James Comey possessed "explosive information about close ties and coordination between Donald Trump, his top advisors, and the Russian government." As NBC News reports, Manafort told NBC News "none of it is true ... There's no investigation going on by the FBI that I'm aware of." Manafort insisted that he had no connections or dealings with Russian president Vladimir Putin and his government. He termed such an accusation, “Democratic propaganda … This is all political propaganda, meant to deflect.”
The New York Times has reported that Manafort was paid $12.7 million in cash to represent a pro-Russian politician in the Ukraine.
Although some in the intelligence community have stated that Russia has been involved in hacking efforts to influence the November election, Trump has dismissed such claims.
David Kramer, a former senior State Department official in the George W. Bush administration, told NBC News, "The relationships that Trump's advisors have had with pro-Russian forces are deeply disturbing. Trump's attitude on Russia is not in line with most Republican foreign-policy thinking. Trump has staked out views that are really on the fringe."
To make matters even more murky, Trump Tower may have had a special server to communicate with Russia's Alfa Bank.
As Slate reports, last spring, a group of computer experts who hunted malware, alarmed by reports that Russian hackers had infiltrated the servers of the Democratic National Committee, as detailed by CrowdStrike, began an investigation to discover if the hackers had penetrated Donald Trump’s various servers. One of the experts attested, “We wanted to help defend both campaigns, because we wanted to preserve the integrity of the election,”
As Franklin Foer of Sale explains:
Before a mail server can deliver a message to another mail server, it has to look up its IP address using the DNS. Computer scientists have built a set of massive DNS databases, which provide fragmentary histories of communications flows, in part to create an archive of malware: a kind of catalog of the tricks bad actors have tried to pull, which often involve masquerading as legitimate actors … Some of the most trusted DNS specialists—an elite group of malware hunters, who work for private contractors—have access to nearly comprehensive logs of communication between servers … these scientists have cameras posted on the internet’s stoplights and overpasses. They are entrusted with something close to a complete record of all the servers of the world connecting with one another.
In late July, one scientist, who cloaked his name by using the pseudonym “Tea Leaves,” found apparent malware emanating from Russia. The destination domain had Trump in its name. He wrote, “I have an outlier here that connects to Russia in a strange way,” as he viewed a bank in Moscow that kept irregularly pinging a server registered to the Trump Organization on Fifth Avenue.
Prompted by his discovery, Tea Leaves kept logs of the Trump server’s DNS activity. He forwarded the logs to six colleagues to look for clues. Indiana University computer scientist L. Jean Camp said of Tea Leaves, “This is someone I know well and is very well-known in the networking community. “When they say something about DNS, you believe them. This person has technical authority and access to data.”
But after examining the logs, the scientists concluded they showed no evidence of malware, but more likely the trail of human communication. They surmised the communication was flowing between the Trump Organization and two servers registered to Alfa Bank. Christopher Davis, who runs the cybersecurity firm HYAS InfoSec Inc. and won a FBI Director Award for Excellence, said of Trump’s server. “I’ve never seen a server set up like that. It looked weird, and it didn’t pass the sniff test.” What piqued the scientists’ interest was the fact that the server was built to handle massive traffic, yet handled an oddly small load of traffic.
The researchers pinged the server, but only elicited error messages, thus leading them to the conclusion that the server was set to accept only incoming communication from a tiny handful of IP addresses. A small portion of the logs revealed communication with a server belonging to Michigan-based Spectrum Health; a massive 87% of the DNS lookups involved the two Alfa Bank servers.
Camp commented to Slate, “It’s pretty clear that it’s not an open mail server. These organizations are communicating in a way designed to block other people out.”
Ultimately, Paul Vixie, the highest authority in the world of DNS experts, took a look. Vixie stated, “The parties were communicating in a secretive fashion. The operative word is secretive. This is more akin to what criminal syndicates do if they are putting together a project.” As Foer explains, “Put differently, the logs suggested that Trump and Alfa had configured something like a digital hotline connecting the two entities, shutting out the rest of the world, and designed to obscure its own existence.”
But during the summer, reports emerged that the Trump campaign had forced the Republican Party to rewrite its platform position on Ukraine to make it more palatable to Russia; Trump told the New York Times he was loath to back NATO allies if Russia invaded; Trump encouraged in the face of a Russian invasion. Trump even invited Russian hackers to hunt for Clinton’s emails.
The University of California’s Nicholas Weaver, a computer scientist uninvolved with the investigation, told Slate, “I can't attest to the logs themselves, but assuming they are legitimate they do indicate effectively human-level communication.”
Foer asked nine computer scientists if the DNS logs could have been forged or manipulated. They said it was virtually impossible.
Vixie himself concluded, “The data has got the right kind of fuzz growing on it. It’s the interpacket gap, the spacing between the conversations, the total volume. If you look at those time stamps, they are not simulated. This bears every indication that it was collected from a live link. This passes the reasonable person test. No reasonable person would come to the conclusion other than the one I’ve come to.” Camp added, “When the technical community examined the data, the conclusion was pretty obvious.”
Alfa Bank was founded by Mikhail Fridman, who hired economist Pyotr Aven, who aided Vladimir Putin in the 1990’s by enabling Putin to escape accusations of corruption (see Putin’s Kleptocracy.)
Tea Leaves and his colleagues plotted the data from the logs on a timeline, finding the traffic surged during moments when the news centered on the November election. In September, the New York Times’ Eric Lichtblau and Steven Lee Myers started investigating the story. Lichtblau met with a Washington representative of Alfa Bank on Sept. 21. Shortly after that, the Trump domain name in question stopped working.
The computer scientists concluded that the Trump Organization shut down the server after Alfa was informed that the Times might expose the connection. But on Sept. 27, the Trump Organization suddenly created a new host name, trump1.contact-client.com. That allowed them to communicate to the very same server via a different route. As Ioffe explains, “When a new host name is created, the first communication with it is never random. To reach the server after the resetting of the host name, the sender of the first inbound mail has to first learn of the name somehow. It’s simply impossible to randomly reach a renamed server.”
Foer asked Trump spokeswoman Hope Hicks why the Trump Organization renamed its host after the New York Times called Alfa. There was no response.
UPDATE: The Slate narrative is quickly falling apart. Here's the full story.