Just before the 2016 presidential election, and a few other times since then, the story of a Trump organization server communicating with a server at Alfa Bank, the largest privately owned bank in Russia that has close ties to Putin, has come up. My eyes have glazed over because I just don’t have the technical knowledge to understand it. But Dexter Filkins of the New Yorker has revived the story and there’s an awful lot about it that is highly suspicious.
I more or less dismissed the story until now. And let me make clear that I still don’t know whether it’s legitimate or not because, again, I just don’t know enough about computers and web traffic to evaluate it. But some serious computer scientists seem to think there’s something there and there are enough elements to the story that I can understand that raise red flags that I think it’s worth revisiting. First, here is what initially raised suspicions on the part of a group of computer scientists who were originally looking for evidence of Russian hacking of Republican computer systems, as they had hacked Democratic servers.
Max and the other computer scientists asked me to withhold their names, out of concern for their privacy and their security. I met with Max and his lawyer repeatedly, and interviewed other prominent computer experts. (Among them were Jean Camp, of Indiana University; Steven Bellovin, of Columbia University; Daniel Kahn Gillmor, of the A.C.L.U.; Richard Clayton, of the University of Cambridge; Matt Blaze, of the University of Pennsylvania; and Paul Vixie, of Farsight Security.) Several of them independently reviewed the records that Max’s group had discovered and confirmed that they would be difficult to fake. A senior aide on Capitol Hill, who works in national security, said that Max’s research is widely respected among experts in computer science and cybersecurity.
As Max and his colleagues searched D.N.S. logs for domains associated with Republican candidates, they were perplexed by what they encountered. “We went looking for fingerprints similar to what was on the D.N.C. computers, but we didn’t find what we were looking for,” Max told me. “We found something totally different—something unique.” In the small town of Lititz, Pennsylvania, a domain linked to the Trump Organization (mail1.trump-email.com) seemed to be behaving in a peculiar way. The server that housed the domain belonged to a company called Listrak, which mostly helped deliver mass-marketing e-mails: blasts of messages advertising spa treatments, Las Vegas weekends, and other enticements. Some Trump Organization domains sent mass e-mail blasts, but the one that Max and his colleagues spotted appeared not to be sending anything. At the same time, though, a very small group of companies seemed to be trying to communicate with it.
Examining records for the Trump domain, Max’s group discovered D.N.S. lookups from a pair of servers owned by Alfa Bank, one of the largest banks in Russia. Alfa Bank’s computers were looking up the address of the Trump server nearly every day. There were dozens of lookups on some days and far fewer on others, but the total number was notable: between May and September, Alfa Bank looked up the Trump Organization’s domain more than two thousand times. “We were watching this happen in real time—it was like watching an airplane fly by,” Max said. “And we thought, Why the hell is a Russian bank communicating with a server that belongs to the Trump Organization, and at such a rate?”
This was being investigated by the New York Times prior to the election, specifically by investigative reporter Eric Lichtblau, but the FBI asked him to hold off on the story because they had an active counter-intelligence investigation going into the traffic between those servers. The Times never published a story about it. Lichtblau told Filkins, “Not only is there clearly something there but there’s clearly something that someone has gone to great lengths to conceal.”
And here’s another red flah. After the Times contacted representatives of Alfa Bank for the story, the Trump server suddenly disappeared. Vanished. Clearly there had to be communication between Alfa Bank and the Trump Organization notifying them that the Times was sniffing around the story, prompting them to pull down the server and delete its record from the Domain Name System. Lichtblau told Filkins, “Not only is there clearly something there but there’s clearly something that someone has gone to great lengths to conceal.”
Now it’s possible that there’s a benign explanation for all of this. Other computer scientists have criticized some of these conclusions and, again, I’m just not in a position to fully understand the technical details to reach a conclusion. But these are serious red flags that don’t rely on the technical details and this needs to be fully investigated. The Democrats on the House Intelligence Committee wanted to do exactly that, but the Republicans refused to issue subpoenas to the company that could provide the raw data to either confirm or debunk the suspicions.
If the Democrats take control of the House next in the midterms, I’m sure they will be issuing those subpoenas and we might be able to get to the bottom of this. But then again, Robert Mueller may already have figured it out. I can’t imagine his investigators haven’t been digging into this because, if the story turns out to be true, it could provide a real smoking gun that could bust the collusion story wide open.