2016 Election

Computer experts think they found a Trump server that exclusively emails with a Russian bank

According to a report from Slate‘s Franklin Foer, a group of computer experts are claiming to have found a computer belonging to Donald Trump‘s organization that has been set up to send and receive emails exclusively from a Russian bank.

Late last spring, the group got word that Russian hackers had infiltrated the servers of the Democratic National Committee. Figuring that if the Russians were able to penetrate the DNC, they could be attacking other entities central to the 2016 campaign, including Donald Trump’s many servers.

“We wanted to help defend both campaigns, because we wanted to preserve the integrity of the election,” one of the experts said, according to Slate.

This July, a member of the group identifying himself as “Tea Leaves” analyzed one of Trump’s servers and found “what looked like malware emanating from Russia.”

The destination domain had Trump in its name, which of course attracted Tea Leaves’ attention. But his discovery of the data was pure happenstance—a surprising needle in a large haystack of DNS [domain name system] lookups on his screen. “I have an outlier here that connects to Russia in a strange way,” he wrote in his notes. He couldn’t quite figure it out at first. But what he saw was a bank in Moscow that kept irregularly pinging a server registered to the Trump Organization on Fifth Avenue.

Tea Leaves began monitoring the Trump server’s DNS activity and shared it with his colleagues so they could search for clues.

The researchers quickly dismissed their initial fear that the logs represented a malware attack. The communication wasn’t the work of bots. The irregular pattern of server lookups actually resembled the pattern of human conversation—conversations that began during office hours in New York and continued during office hours in Moscow. It dawned on the researchers that this wasn’t an attack, but a sustained relationship between a server registered to the Trump Organization and two servers registered to an entity called Alfa Bank.

According to data analyzed from one of Trump’s servers, activity suggested that emails were being exchanged with Alfa Bank. When the New York Times contacted the bank to inquire, the server was immediately cut off on Trump’s end.

From Foer’s report:

Four days later, on Sept. 27, the Trump Organization created a new host name, trump1.contact-client.com, which enabled communication to the very same server via a different route. When a new host name is created, the first communication with it is never random. To reach the server after the resetting of the host name, the sender of the first inbound mail has to first learn of the name somehow. It’s simply impossible to randomly reach a renamed server.

“I’ve never seen a server set up like that,” said Christopher Davis of the cybersecurity firm HYAS InfoSec Inc. “It looked weird, and it didn’t pass the sniff test.”

Aside from the most glaring possibility that the server serves the purpose of keeping communication between the Trump campaign and a Russian bank, Foer makes sure to point out that other less likely, although possible, scenarios could provide an explanation.

What the scientists amassed wasn’t a smoking gun. It’s a suggestive body of evidence that doesn’t absolutely preclude alternative explanations. But this evidence arrives in the broader context of the campaign and everything else that has come to light: The efforts of Donald Trump’s former campaign manager to bring Ukraine into Vladimir Putin’s orbit; the other Trump adviser whose communications with senior Russian officials have worried intelligence officials; the Russian hacking of the DNC and John Podesta’s email.

Read Slate’s full report here.


 Featured image: Gage Skidmore/Pinterest

Facebook Comment


  1. Marvin

    June 13, 2017 at 11:30 pm

    hello there and thank you for your info – I’ve certainly picked up anything new from proper here. I did then again experience several technical issues using this site, as I skilled to reload the site lots of instances prior to I may get it to load properly. I have been puzzling over if your hosting is OK? No longer that I am complaining, however sluggish loading cases times will very frequently affect your placement in google and could injury your high quality ranking if advertising with Adwords. Anyway I’m including this RSS to my email and can look out for much extra of your respective exciting content. Ensure that you update this again soon..

  2. vidmate download

    June 14, 2017 at 2:37 am

    I constantly look over your articles thoroughly. I’m furthermore thinking about vidmate, you could discuss that at times. Regards.

  3. mobdro premium apk

    June 15, 2017 at 5:00 am

    There are awesome upgrades on the style of the blog, I truly love this. Mine is regarding mobdro premium apk and now there are a lot of stuff to do, I am currently a rookie in web page design. Take good care!

  4. lucky patcher apk latest

    June 16, 2017 at 6:17 am

    You are entirely right. I really liked looking through this article and I will certainly get back for more as quick as possible. My own website is dealing with lucky patcher apk free download, you can take a look if you’re still interested in that.

  5. facetime download

    June 16, 2017 at 9:39 am

    Appreciating the hard work you put into the site and thorough facts you offer. It is wonderful to find a blog from time to time which isn’t the same old rehashed information. Fantastic read! We have bookmarked your blog and I am including your RSS feeds to our facetime for android web page.

  6. Bluestacks offline Installer

    June 21, 2017 at 9:49 am

    Admiring the persistence you invested in the blog and in-depth facts you present. It’s nice to find a site every now and then that is not the similar obsolete re-written stuff. Wonderful read! We have saved your blog and I am adding the RSS feeds to my own bluestacks latest version web page.

  7. Firestarter Kodi

    June 22, 2017 at 4:40 am

    I really love your blog and find a lot of your content to be exactly I’m searching for. Do you offer guest writers to write content material for you? I wouldn’t mind producing an article regarding firestarter kodi download or perhaps on many of the topics you are writing about on this site. Nice website!

  8. Collin

    June 27, 2017 at 12:02 am

    I was recommended this website by means of my cousin. I am now not sure whether this submit is written via him as no one else recognise such distinct approximately my trouble. You’re wonderful! Thank you!

Leave a Reply

Your email address will not be published.

To Top