This is a follow up to a report I wrote originally last March in reaction to Donald Trump’s wild and unfounded claims that former President Barack Obama had personally put him and his campaign under surveillance.
My decision to re-publish it now, is based on Trump having started up a baseless line of attack on the intelligence community once again and using it as a tactic to divert attention away from the Mueller investigation that is coming to a rolling boil. Here is the most recent tweet from January 11:
“House votes on controversial FISA ACT today.” This is the act that may have been used, with the help of the discredited and phony Dossier, to so badly surveil and abuse the Trump Campaign by the previous administration and others?
— Donald J. Trump (@realDonaldTrump) January 11, 2018
Donald Trump posted the following tweet March 4, 2017, accusing former President Barack Obama of wiretapping his phones at Trump Tower:
Terrible! Just found out that Obama had my "wires tapped" in Trump Tower just before the victory. Nothing found. This is McCarthyism!
— Donald J. Trump (@realDonaldTrump) March 4, 2017
That was followed by 3 more incendiary tweets:
Is it legal for a sitting President to be “wire tapping” a race for president prior to an election? Turned down by court earlier. A NEW LOW!— Donald J. Trump (@realDonaldTrump) March 4, 2017
I’d bet a good lawyer could make a great case out of the fact that President Obama was tapping my phones in October, just prior to Election!— Donald J. Trump (@realDonaldTrump) March 4, 2017
How low has President Obama gone to tapp my phones during the very sacred election process. This is Nixon/Watergate. Bad (or sick) guy!— Donald J. Trump (@realDonaldTrump) March 4, 2017
It should be noted that although Trump is misinformed or deliberately lying here, (in that even Trump’s own Justice Department states that Trump Tower was not “wiretapped”) – a federal judge did grant the FBI’s request to wiretap a former campaign official, Paul Manafort.
The FBI began monitoring Manafort’s activities beginning in 2014, based on his dealings with and consultant work for a foreign government (Ukraine), and then obtained a renewal of the warrant in 2016, when the Bureau became concerned with his involvement in the Trump campaign.
Soon after the erroneous claim about the Trump Tower ‘wiretapping’, a piece of information that had been only sparsely reported on and barely noticed at the time, resurfaced. It was that the Foreign Intelligence Surveillance Court (FISC) had agreed to issue an investigative warrant to the FBI’s National Security Division on the basis of probable cause to suspect involvement of the Trump campaign and possibly Donald Trump himself, with two Russian banks.
One of the banks is Alfa Bank, the largest private bank in Russia. The other is SVB bank.
The warrant, issued on October 15, 2016, named the banks specifically and also names the persons of interest in the Trump organization.
It should be noted that the order was not an order to conduct wiretapping, but instead – the collection of “electronic records”.
The basis of the warrant and what knowledgeable sources in the intelligence community believe is an ongoing investigation, is evidence presented to the FISA court in affidavits to the judge demonstrating that the private server in Trump Tower had been communicating with the two Russian banks.
The intel that drove the FBI request had originated from leads they received from at least a couple of significant sources. One was a tip from a long time counter-intelligence agent of a Western intelligence service that specialized in analyzing data about Russia’s persistent attempts to influence elections – cited in a BBC report as one of the Baltic states (Latvia?). The warrant is believed to have described the scope of the investigation as including, ‘any US person’ related to the money laundering offenses which the FBI was investigating related to the Trump campaign and Russia.”
Paul Wood, correspondent at the BBC, reported that he had obtained information “given to me by several sources and corroborated by someone I will identify only as a senior member of the US intelligence community.” The source told Wood that C.I.A. Director John Brennan:
“was shown intelligence that worried him. It was—allegedly—a tape recording of a conversation about money from the Kremlin going into the US presidential campaign. It was passed to the US by an intelligence agency of one of the Baltic States.”
The other lead evolved from a cyber-security research team that, in the process of examining internet traffic related to both the Clinton and the Trump campaigns, randomly happened across an intriguing bit of data – lines of what at first appeared to be malware, but after closer review, was discovered to be communication between the Trump Tower and Russian financial interests.
The lead scientist, operating under the pseudonym “Tea Leaves” in order to safeguard his confidential relationship with his employers in the cyber security community, commented in his notes that, “I have an outlier here that connects to Russia in a strange way.”
Soon, he and colleagues who also analyze security data for private firms and firms contracted to U.S. intelligence agencies began reviewing DNS logs from the server at Trump Tower (which some reports are claiming is not actually in the building, but an off-site location in Pennsylvania and that, in any event, the server is registered to the Trump Organization’s 5th Avenue address).
Slate quotes Christopher Davis of HYAS InfoSec Inc. as commenting regarding Trump’s server, “I’ve never seen a server set up like that. It looked weird, and it didn’t pass the sniff test.”
The researchers discovered that the server had been in operation since 2009, but although originally used for various Trump mass marketing campaigns, had been repurposed to accommodate only communication between it and the Russian banks. Paul Vixie, a renowned expert in DNS coding, examined the server logs and concluded that “The parties were communicating in a secretive fashion. The operative word is secretive. This is more akin to what criminal syndicates do if they are putting together a project.”
Franklin Foer investigative journalist at Slate and the Atlantic, asked a prominent computer scientist, Nicholas Weaver, about the likely indication of the communication documented by the server logs. Weaver told Foer, “I can’t attest to the logs themselves, but assuming they are legitimate they do indicate effectively human-level communication.”
No sooner than a New York Times reporter, Eric Lichtblau had interviewed a bank official at Alfa Bank, the Trump server was abruptly shut down. One specialist described it to Mr. Foer in descriptive terms that, “the knee was hit in Moscow, the leg kicked in New York.” Foer asked then Trump campaign spokeswoman Hope Hicks about the server. (Editor’s Note – Hicks is now subject to a subpeona for questioning by Special Counsel Robert Mueller). She responded with the following written statement:
The email server, set up for marketing purposes and operated by a third-party, has not been used since 2010. The current traffic on the server from Alphabank’s [sic] IP address is regular DNS server traffic—not email traffic. To be clear, The Trump Organization is not sending or receiving any communications from this email server. The Trump Organization has no communication or relationship with this entity or any Russian entity.
Problem One, the above statement contains internal contradictions. In one breath, Ms. Hicks asserts that “the email server … has not been used since 2010.” But then she refers to the same server as being in active use, only she attempts to claim that the server is only processing “regular DNS server traffic, not email traffic.” Hicks is either incompetent in her understanding of mail servers and their relationship to DNS servers, or she was deliberately attempting to mislead the public in her statement.
It is settled cyber science that DNS (Domain Name System) server traffic invariably involves email traffic and other digital modes of communication. It performs a look-up and links an IP address to a corresponding mail server and vice versa.
There is no existing scenario in which email traffic does not pass from an SMTP mail server through a DNS server. The DNS server is a critical part of the process in routing your email to your intended recipient. It’s not certain why Ms. Hicks would release an incompetent statement that could so easily be disproved.
Aside from all of the above scenarios, we should state that everything related in the Slate article is a collection of circumstantial parts and piece, none of which have constituted a “smoking gun”. Alfa Bank, in a statement to CNN, maintains that neither it, bank cofounder Mikhail Fridman and bank president Petr Aven “have had any contact with Mr. Trump or his organizations. Fridman and Aven have never met Mr. Trump nor have they or Alfa Bank had any business dealings with him.”
Fortune cites Cyber-security firm Mandiant, a unit of FireEye Inc. as saying that there was no conclusive evidence of “substantive contact” between the two (Trump and Alfa Bank servers). However, the fact that 2,860 lookups directed to mail1.trump-email.com had been logged by the Alfa server is difficult to explain, given that it constituted 80 percent of the overall server traffic. That might fit most people’s definition of “substantive contact”. Richard Clayton of Cambridge University, said it’s just plain weird. “It’s not so much a smoking gun as a faint whiff of smoke a long way away. Maybe there’s something else going on. It’s hard to tell.”
It should be noted that nothing has been disclosed by the lead investigative agency, the FBI, or Mueller’s investigation indicating whether the suspicious server activity is a hot or cold lead at this point. There are alternate theories about the suspicious traffic; among them being that it was just spam from Trump marketing entities inadvertently finding their way to the bank’s servers.
However, adding doubt to the explanations that have been given to account for the traffic is that none of them cover the time frame of the identified traffic. And even the harshest skeptic of the premise of the original Slate story, Robert Graham, posits that “It’s indicative of communication between Trump, the health organization and the bank outside these servers.”
Also questionable is Trump’s nominee to head the Justice Department’s criminal investigations department, Brian A. Benczkowski, who acknowledged to a Senate panel that he assisted Alfa Bank in their internal investigation of the server controversy.
Whatever trail the FBI is following with regard to the pings between these servers, what role it plays in the broader investigation or what additional discoveries have or have not been made has not been disclosed.