FBI probes ‘odd’ link between Trump server and Russia’s Alfa Bank
Issued on: Modified:
FBI counterintelligence teams and computer scientists continue to investigate whether a Trump Organization computer server had a back channel connection to a Russian bank, US media reported on Friday.
Sources close to the investigation told CNN that the inquiry remains open and is being handled by FBI counterintelligence, the same team investigating allegations of Russian interference in the 2016 presidential election.
One US official told the news network that the server relationship is "odd" but that investigators “have not yet determined whether a connection would be significant”.
Intelligence officials alerted congressional leaders to a possible back channel between the Trump Organization and Alfa Bank in classified briefings last August and September, The New York Times reported last autumn.
The New York Times and Slate first published reports of possible communications between the servers in late October. Slate reported that malware hunters began looking into allegations that Russian hackers had infiltrated Democratic National Committee servers in spring of last year. In July one of these computer scientists, who asked to be referred to only as Tea Leaves, found what looked like malware coming from Russia: A bank in Moscow kept pinging a server registered to the Trump Organization in New York.
The server in question was first registered to Trump-related organizations in 2009 to run marketing campaigns, including sending mass emails on Trump properties and consumer products. But the massive server handled a very small load of traffic that did not seem worth the expense of maintaining it, Slate wrote. Moreover, when attempting to contact the server themselves, researchers received an error message, leading them to conclude “that the server was set to accept only incoming communication from a very small handful of IP addresses”.
The Internet’s domain name system (DNS) traces information related to registered domains and records which servers accept mail for each one. A DNS “look-up” is how interconnected computers identify each other, similar to looking up a phone number in a phone book.
However, these look-ups do not necessarily indicate that there was ever any two-way communication between the servers.
Alfa Bank, Russia’s largest private bank, looked up the address of the Trump company server 2,820 times between May 4 and September 23, 2016 – “more look-ups than the Trump server received from any other source” and accounting for 80 percent of them, CNN reported.
A company called Spectrum Health was responsible for another 714 such look-ups. The Michigan-based firm is a chain of medical facilities whose chairman is Richard DeVos, the husband of Trump’s Education Secretary Betsy DeVos.
Combined, Alfa Bank and Spectrum account for 99 percent of the Trump server’s look-ups, CNN wrote.
“It’s pretty clear that it’s not an open mail server,” Indiana University computer scientist L. Jean Camp told Slate. “These organizations are communicating in a way designed to block other people out.”
Paul Vixie, who helped design the DNS system, concurred with this assessment, telling Slate's Franklin Foer that Alfa Bank and Trump Organization servers "were communicating in a secretive fashion".
The New York Times subsequently reported that FBI officials spent “weeks” examining activity between a Trump Organization server and Alfa Bank. “But the FBI ultimately concluded that there could be an innocuous explanation, like a marketing email or spam, for the computer contacts,” the paper said.
But others said the communications did not resemble a marketing campaign.
“It doesn’t act like a marketing server. Because you wouldn’t use a heavy-duty mailer with over 80 percent of its communication with just one organization,” Camp told The Guardian in a separate interview. “I don’t know of any marketing campaign that would do that.”
Others have pointed out that the server in question was not operated by the Trump Organization directly. Cybersecurity expert Robert Graham pointed out in a November blog post that while the Trump Organization is the registrant for the trump-email.com domain it is administered by Cendyn, a company that manages the marketing campaigns of several hotels.
“That this is just normal marketing business from Cendyn and Listrak (a Cendyn subcontractor) is the overwhelming logical explanation for all this,” Graham wrote.
But Graham also questioned why Alfa Bank and Spectrum Health dominated the look-ups.
"It's indicative of communication between Trump, the health organization and the bank outside these servers," he told CNN. "There is some sort of connection I can't explain and only they are doing it,” he said, adding: “It could be completely innocent."
'No substantive contact'
A spokesperson for Alfa Bank told FRANCE 24 that the bank hired Mandiant, a US cyber-security firm, to investigate the links and that it had “found nothing to support the allegations”.
“[T]here isn’t evidence of any substantive contact, including emails or financial links, between Alfa Bank and the Trump Campaign or his organization,” Alfa Bank said in an email.
The bank went on to say that the leaks of the DNS information may themselves be illegal.
“Alfa Bank is continuing to investigate who is behind these fraudulent allegations. They believe that these unverified DNS data were deliberately captured – in a manner that is unethical and possibly illegal – in order to manufacture the deceit.”
The White House did not respond to a request for comment. But the Trump campaign released a November statement that sought to explain the apparent communications.
“A thorough network analysis conducted by Cendyn at the request of the Trump Organization determined an existing banking customer of Cendyn, completely unrelated to Trump, recently used Cendyn’s ‘Metron’ Meeting Management Application to send communication to AlfaBank.com,” said the statement, which was provided to the Complex website.
But such an exchange would not necessarily explain Alfa Bank’s more than 2,800 attempts to look up the Trump Tower server.
Much of the information available on the servers’ alleged relationship is circumstantial and rather technical in nature. But in light of the Trump team’s close ties to Russia and the intelligence community’s contention that the Kremlin tried to sway the election in Trump’s favour, the FBI has found itself with yet another Russian avenue to investigate.
Daily newsletterReceive essential international news every morningSubscribe