Trump Has Secret Russia Communication Server Claims Hillary “Researchers” Hit Piece

In monitoring liberal news sources anonymous spies claiming to be “security researchers” are laying the ground work to claim Trump has a secret server that is connecting to Russia.

Update 1: (See end of article) The Hillary Campaign just announced plans for the “Perfect Trifecta” on Morning Joe using this story in the AM. This article can be used to debunk part 1 of their trifecta.

Update 2: (See end of article)  It appears from the NY Time that the FBI has already investigated this and dismissed it. Still it will be all over the news tomorrow. It is also unsettling that the NY times published news of this FBI investigation at the same time this story is coming out.

Update 3: Hillary staff and surrogates journalists are bitching all over twitter about the FBI’s findings. They had knowledge of the investigation and apparently had this story waiting for the FBI to leak there results right before the campaign to hit Trump with an October surprise. They aren’t too happy about the FBI’s findings.

Here we go, Hillary can’t win this election fairly so now she is doing exactly what she is accusing Donald Trump of doing – using US intelligence agencies to influence the election, so I will walk through their “research below” and debunk it upfront.

The information that is being leaked out claims that academic researchers tied to US Intelligence agencies were trying to protect both Republicans and Democrats from hackers when they made an amazing discovery.

The claim the have found Donald trump has a secret server that is being used to communicate with Russian and the Hillary Campaign is instructing surrogate journalists to run with the stories.

The allegations are coming from anonymous  “academic security researchers” who are most likely contractors for spy agencies  which have published their “anonymous” research which they reveal they have conducted by illegally spying on the traffic of everyone in the world, including Donald Trump’s so-called secret server, without authorization from any law enforcement agency and without a warrant to do so.

This swiftboating comes as Hillary Surrogates nationwide claim Donald Trump will lead America into a nuclear war with Russia by repeating 1964 cold-war propaganda used to win the election back then.

And the fake attack plot is a clever ploy – Why would Hillary claim Trump would start a nuclear war with Russia and then accuse him of being in bed with Russia secretly?

Because it is a win-win proposition. It gives her plausible deniability to keep her hands clean from the false allegations Trump is buddies with Putin. At the same time it invokes fear in voters that trump will start a nuclear way.

Of course, as the WikiLeaks emails show it is in fact Hillary and her campaign staffers that are deeply connected with Russia in operations ranging from money laundering to selling off US nuclear materials.

Perhaps the most damaging part of this story is that in running this story it will most likely be completely debunked.

If it is not completely debunked and the methods used to identify the communications being alleged are true there is going to be a constitutional shit storm over privacy because the type of spying here is completely illegal and is inline with what Snowden revealed the NSA was doing years ago which was apparently ordered to be stopped.

Indeed, this would a damning admission on the illegal technologies that US intelligence sources are using to spy on the online communications of basically everyone in the world in real time to which this article alleges there is a comprehensive log of the meta data about those communications.

Regardless, here’s a run down of the allegations which starts off with a lot of technical jargon that non-techies aren’t going to be able to understand.

Luckily, for my readers this is my professional career and technical expertise so I can sift it out and debunk it.

Was a Trump Server Communicating With Russia?

This spring, a group of computer scientists set out to determine whether hackers were interfering with the Trump campaign. They found something they weren’t expecting.

The greatest miracle of the internet is that it exists—the second greatest is that it persists. Every so often we’re reminded that bad actors wield great skill and have little conscience about the harm they inflict on the world’s digital nervous system. They invent viruses, botnets, and sundry species of malware. There’s good money to be made deflecting these incursions. But a small, tightly knit community of computer scientists who pursue such work—some at cybersecurity firms, some in academia, some with close ties to three-letter federal agencies—is also spurred by a sense of shared idealism and considers itself the benevolent posse that chases off the rogues and rogue states that try to purloin sensitive data and infect the internet with their bugs. “We’re the Union of Concerned Nerds,” in the wry formulation of the Indiana University computer scientist L. Jean Camp.


Key here in the Lede is the these “Security Researchers” are have “ties to three-letter federal agencies.” That is the only hint you’ll get to the US Intelligence sources in the article as the rest of the article misleads the reader into believing the fabricated findings were innocently discovered by “researchers.” The lede further misleads the article by citing a University scientist but then buries a key detail that the work is done by a source that refuses to be named, ie some connected to the Federal Government that is illegal attempting to interfere with the election by leaking this information.

These article then explains how these researchers were doing work to try to protect both the Democratic and Republic party from hackers when they came across their amazing discovery.

Of course the very nature of this reporting clearly indicates that the data they were collecting could only have been collected if it were being done illegal, through a warrant or given a high level national security as they researchers claim they were vacuuming up data that only could becoming from malware or the router of either a hosting provider or a internet service provider.

Hunting for malware requires highly specialized knowledge of the intricacies of the domain name system—the protocol that allows us to type email addresses and website names to initiate communication. DNS enables our words to set in motion a chain of connections between servers, which in turn delivers the results we desire. Before a mail server can deliver a message to another mail server, it has to look up its IP address using the DNS. Computer scientists have built a set of massive DNS databases, which provide fragmentary histories of communications flows, in part to create an archive of malware: a kind of catalog of the tricks bad actors have tried to pull, which often involve masquerading as legitimate actors. These databases can give a useful, though far from comprehensive, snapshot of traffic across the internet. Some of the most trusted DNS specialists—an elite group of malware hunters, who work for private contractors—have access to nearly comprehensive logs of communication between servers. They work in close concert with internet service providers, the networks through which most of us connect to the internet, and the ones that are most vulnerable to massive attacks. To extend the traffic metaphor, these scientists have cameras posted on the internet’s stoplights and overpasses. They are entrusted with something close to a complete record of all the servers of the world connecting with one another.

In late July, one of these scientists—who asked to be referred to as Tea Leaves, a pseudonym that would protect his relationship with the networks and banks that employ him to sift their datafound what looked like malware emanating from RussiaThe destination domain had Trump in its name, which of course attracted Tea Leaves’ attention. But his discovery of the data was pure happenstance—a surprising needle in a large haystack of DNS lookups on his screen. “I have an outlier here that connects to Russia in a strange way,” he wrote in his notes. He couldn’t quite figure it out at first. But what he saw was a bank in Moscow that kept irregularly pinging a server registered to the Trump Organization on Fifth Avenue.

More data was needed, so he began carefully keeping logs of the Trump server’s DNS activity. As he collected the logs, he would circulate them in periodic batches to colleagues in the cybersecurity world. Six of them began scrutinizing them for clues.

The comprehensive logs in question are logs that only the NSA would be collected as described by the Snowden leaks. Just the admission that these researchers have access to this data is going to cause a shit-storm constitutional privacy controversy because it is analogous to the NSA have traveling records for everyone in the world including what time they left and went they returned. Except our our case our vehicle is digital communications on the information superhighway.

Further damning is that our anonymous “Tear Leaves” source is employed by none other than Wall Street banks which WikiLeaks shows us are connected with Hillary Clinton on a corrosively corrupt level. I

Of course these allegations would also imply that the private security contractors, outside the pervue of the FBI, DOJ or NSA, was illegally spying on Donalda Trump  without a warrant or legal authorization to do so.

(I communicated extensively with Tea Leaves and two of his closest collaborators, who also spoke with me on the condition of anonymity, since they work for firms trusted by corporations and law enforcement to analyze sensitive data. They persuasively demonstrated some of their analytical methods to me—and showed me two white papers, which they had circulated so that colleagues could check their analysis. I also spoke with academics who vouched for Tea Leaves’ integrity and his unusual access to information. “This is someone I know well and is very well-known in the networking community,” said Camp. “When they say something about DNS, you believe them. This person has technical authority and access to data.”)

So we have a breach of personal privacy and an alleged dissemination of said data collected in a white paper distributed for peer review. Note the author said the work for firms trusted by corporations and law enforcement. Don’t mistakenly infer they are law enforcement. They are clearly contractors, and contractors tied to three letter US intelligence agencies.

The researchers quickly dismissed their initial fear that the logs represented a malware attack. The communication wasn’t the work of bots. The irregular pattern of server lookups actually resembled the pattern of human conversation—conversations that began during office hours in New York and continued during office hours in Moscow. It dawned on the researchers that this wasn’t an attack, but a sustained relationship between a server registered to the Trump Organization and two servers registered to an entity called Alfa Bank.

The researchers had initially stumbled in their diagnosis because of the odd configuration of Trump’s server. “I’ve never seen a server set up like that,” says Christopher Davis, who runs the cybersecurity firm HYAS InfoSec Inc. and won a FBI Director Award for Excellence for his work tracking down the authors of one of the world’s nastiest botnet attacks. “It looked weird, and it didn’t pass the sniff test.” The server was first registered to Trump’s business in 2009 and was set up to run consumer marketing campaigns. It had a history of sending mass emails on behalf of Trump-branded properties and products. Researchers were ultimately convinced that the server indeed belonged to Trump. (Click here to see the server’s registration record.) But now this capacious server handled a strangely small load of traffic, such a small load that it would be hard for a company to justify the expense and trouble it would take to maintain it. “I get more mail in a day than the server handled,” Davis says.

Again, we have a security contractor here that knows malware. Again, there is a disingenuous attempt by the author to paint the picture of FBI involvement as part of this research. It may well be revealed that all of this was reported to the FBI but this certainly is not the case here.

To being with assertion that these “experts” come to that the communications are originating with the email server itself is outlandish. Nearly no one, Except maybe Hillary Clinton in setting up her private email server, would ever put a live server directly on the internet. Server are almost always exclusively setup behind a router, which often works as a hardware based firewall. The reason this is import is because it means that the could be 1 or 10s or 100s of devices sitting behind that firewall. For example, the it guy could be using and instant messaging client or watching foreign videos.

A second point here is this allegedly a Trump owned email server used to send marketing emails. Absolutely no evidence of anything nefarious here. The most plausible explanation is during business hours, the server sends out marketing emails. As any professional knows a mass email can not just send out millions of emails at once or it will get black listed for spam. Instead emails are sent out in batches and a plausible explanation here, without having any more details, is during the course of the day emails were being delivered to a location for which people were subscribed to a mailing list (or being spammed).

There also exists the possibility that there was malware installed on the server. In fact, being an email server makes it target for hackers. Furthermore, computers make all kinds of communications to places all over the world for a variety of services. This could be software checking for updates, someone watching videos.

Another point, this is not a secret server . This is an email server used to send mass email blasts. You can’t have an email server sending emails to millions of people can claim it secret.

While have yet to see any news articles about this the Hillary Campaign and the democrats are claiming this is a secret server connecting to the Russia.



That wasn’t the only oddity. When the researchers pinged the server, they received error messages. They concluded that the server was set to accept only incoming communication from a very small handful of IP addresses. A small portion of the logs showed communication with a server belonging to Michigan-based Spectrum Health. (The company said in a statement: “Spectrum Health does not have a relationship with Alfa Bank or any of the Trump organizations. We have concluded a rigorous investigation with both our internal IT security specialists and expert cyber security firms. Our experts have conducted a detailed analysis of the alleged internet traffic and did not find any evidence that it included any actual communications (no emails, chat, text, etc.) between Spectrum Health and Alfa Bank or any of the Trump organizations. While we did find a small number of incoming spam marketing emails, they originated from a digital marketing company, Cendyn, advertising Trump Hotels.”)

So our researcher’s illegally collected logs indicates there “suspicious” was communication to a server in the US from trump server and when that organization did an IT audit all they found was a small number of spam email from Trump Hotels. Not exactly a bombshell or a smoking gun.

I further take issue with the claim that these so-called contractor experts tried to ping Trump’s email server and the received error messages leading these experts to conclude the server was only set to accept incoming communications from a very small handful of IP Addresses.

Any so-called security expert knows that any public facing ports for services that are not being used by a server should be firewall. Anyone attempt to connect to that server on those ports would indeed receive an error message. Furthermore,  PING uses the ICMP protocol which operates on an entirely different port than email which most commonly using SMTP for outgoing email communications. Finally, the conclusion there was IP access restrictions in place is flawed and cannot be proved at all unless the researchers actually had raw network packets showing there was any incoming communications to the server on any port at all.

Spectrum accounted for a relatively trivial portion of the traffic. Eighty-seven percent of the DNS lookups involved the two Alfa Bank servers. “It’s pretty clear that it’s not an open mail server,” Camp told me. “These organizations are communicating in a way designed to block other people out.”

Earlier this month, the group of computer scientists passed the logs to Paul Vixie. In the world of DNS experts, there’s no higher authority. Vixie wrote central strands of the DNS code that makes the internet work. After studying the logs, he concluded, “The parties were communicating in a secretive fashion. The operative word is secretive. This is more akin to what criminal syndicates do if they are putting together a project.” Put differently, the logs suggested that Trump and Alfa had configured something like a digital hotline connecting the two entities, shutting out the rest of the world, and designed to obscure its own existence. Over the summer, the scientists observed the communications trail from a distance.

These statements are going to draw even more scrutiny. It would be pure stupidity for anyone looking to conduct secret communications, in this case involving alleged espionage and interference with a US Election, to constantly being polling a public DNS server. Odds are this traffic is completely explained by far less conspiratorial means and these researchers are going to look like idiots when the real reason is revealed.

Oh, that’s right their anonymous so no public shaming. And the details of their work hasn’t been released either so we are supposed just take their word that they had their peers review it.

Did their peers review this article? Clearly not because the research is full of loop holes that anyone who has take a few classes in Networking and Security can blow holes throughout.

From here the article’s author reveals the motives entirely and begins weaving in Trump public policy changes.

The story is already blown apart.

I stopped reading here because there is no need continue but down the article I noticed the word “reddit” and there was something about posting log files on reddit.

Seriously? Is this the same IT expert that posted on reddit for advice on how to scrub Hillary’s Emails?

This article has no technical Merritt but you can be guaranteed the Mainstream Media will be pushing Trump attack stories citing this research any time now.

Update 1

The Hillary Campaign just announced plans for the “Perfect Trifecta” on Morning Joe using this story in the AM.


Note how it is ~ alleged ~ ties to Russia. They know this is a manufactured hit piece that they can use to damage Trump before election day. After election day it will be debunked and the truth will come out but by then it’s to late. This kind of attack is called swiftboating  and swiftboating was already mentioned in the WikiLeaks publications of the Podesta emails that have been released so far.

Update 1

It looks like Obama is letting Hillary out to dry and is not vouching for this rumor as it appears from the NY Times that the FBI may have already chased down this lead and have came to doubt it. Still it will be all over the news tomorrow.


Pissed off Buzzfeed Lawyer Chris Geidner, who is filing a frivolous  lawsuit against the RNC for voter intimidation, just tweeted:

“[T]he F.B.I. ultimately concluded that there could be an innocuous explanation” is my new favorite investigative standard.

Shortly after tweeting this:

Here’s the FBI’s conclusion, per the NYT, about the Trump Org-Alfa Bank connection discussed in Foer’s report:

Write a Comment

Your e-mail address will not be published.
Required fields are marked*