Leading DNS experts say they've found a secret dedicated link between Trump and a giant Russian bank

Where and how the security researchers got the DNS lookups from is, which you keep going on and on about, so I assumed that was the evidence you meant.

The conclusion of the article is:

  1. Two servers were setup to communicate only with each other in an exclusive and suspicious manner.
  2. The patterns of the lookups indicate human generated message traffic.
    The article supplies how both were determined and what evidence both those conclusions were based on. The article specifically states we don’t know the what or why of any communication. What specifically is missing?

Question 1 answered, why did you immediately determine it was bogus?
Your perception of lack of evidence. Fair enough, but wouldn’t that just lead to the conclusion that we don’t know enough? NOT that it is bogus? You’d need more information to determine a claim was bogus wouldn’t you?

What conclusion do you deem “most extreme and conspiratorial of all the possible choices.”? The conclusion was clearly that we don’t know the what or why of communications, we only have suspicious patterns that could use some clarification. Is that the “most extreme” conclusion to which you refer or was there another?

3 Likes

I’ve now read the Intercept debunk of Foer’s piece in Slate and I will just say they said it better than I could. Of course it’s spam from Trump’s email server. Duh.

What’s bogus is the way Foer wrote the piece in Slate.

The reason I keep going on about the researchers and evidence and lookups is because if there was an intent to deceive, there would be no DNS lookups in a malware researcher’s DNS logs. Two servers set up to communicate with each other can find many more stealthy ways to do so that don’t involve leaving such traces. Also, the cagey way that rather limited data was presented to the folks writing the Intercept article further leads me to believe there are a lot of exaggerations being made.

The security researchers explain that the trump server was originally used for spam and the intercept article says they have spam from back when it was, that was all accounted for in the original analysis. Long after the spam server was shut down these servers were configured to communicate ONLY with each other, and the pattern of lookups clearly indicated human generated traffic and does not match spam sends which have a clear fingerprint. Again that was all explained and considered by the security researchers.

Sure, they COULD, but since no one had been collecting meta data like this before there was never any indication that traces would have been left. normally they wouldn’t have. this is the kind of thing you would only avoid in retrospect, because no one knew these logs were being compiled.
(i explained this previously, above.)

HOW they got them is now clarified then, since that was your main question in regard to the DNS?

what exaggerations?

Claiming this is bogus is a bit ridiculous. I’d understand a complaint that we don’t know enough about the why and what yet, but the original article stats EXACTLY that.

Also, what was the “most extreme” conclusion?

No one thinks Trump himself could set up an email server or even an email client, this is more, hey look something suspicious can you please explain? Which is a reasonable level of transparency to demand from either candidate. Could be nothing. The point is we don’t know.

8 Likes

Calling them “leading DNS experts” is perhaps overstating the case. Or, at any rate, saying that the leading DNS experts thought that there’s an actual link. There were DNS queries, and the most likely reason is because someone’s mail client was trying to load images from Trump spam. Meaning that people at Alfa Bank and at Spectrum Health had both wound up on Trump spam mailing lists.

Of perhaps greater interest is that fact that someone was trolling through completely un-anonymized passive DNS feeds for specific text strings (in this case “trump”) undoubtedly waaaaaay outside what I would assume to be the terms of their use, whether formal or merely informally-risk-averse. Which is why the sources are anonymous.

His love of Assange really has made him sloppy as of late, hasn’t it?

1 Like

That would be a reasonable explanation if the lookups only happened unidirectionally. That was the first thing I though of before looking to see if they had accounted for that. Of course they had. They wouldn’t be very good security researchers if they hadn’t.

The fact that both servers were configured to communicate only with each other, pretty much rules out their ability to be general purpose email servers or spam servers, does it not?

They explain this, they were looking for breaches against Trump, in the wake of the DNC breaches.

Only the one employee who first found the link, the researchers who analyzed the data, connected to the servers, and followed up were mostly willing to be on record by name.

5 Likes

Perhaps you’ve seen data I haven’t.

Can you explain specifically what you mean? What I saw were excerpted DNS lookups from the Alfa Bank servers for mail1.trump-email.com. What else are you referring to?

I believe the phrase you’re looking for is “parallel construction.”

Who actually saw the data unexcerpted, in context, and is on-record? To the best of my knowledge, Jean Camp never claimed to have seen the data, she just spoke to the character of the person who had. Are you referring to someone else?

I think “debunk” is an overused term. Of course, I grew up associating it with The Skeptical Inquirer’s glorious takedowns of faith healers and UFOs.

In my personal lexicon,
To debunk is not merely to question, but to actually prove, beyond all doubt, that your target is full of shit.

I don’t get the sense that the Intercept piece rises to that level. It does raise interesting questions, though.

8 Likes

To me the best question it raises and one I’m seeing mixed reporting on is whether or not the domain is actually owned by a trump company or his campaign and if the server is one of his or not.

IF he doesn’t own the domain name and if the server isn’t one of his then this is a non story.

Even if trump was emailing Putin personally I can’t see it dissuading any trump supporters or affecting the election. He’s already publicly expressed his admiration for Putin as a strong leader, and that had zero impact on his support.

3 Likes

Domain Name: TRUMP-EMAIL.COM
Registry Domain ID: 1565681481_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Update Date: 2016-06-29T14:27:44Z
Creation Date: 2009-08-14T20:06:37Z
Registrar Registration Expiration Date: 2017-07-01T03:59:59Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited http://www.icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited EPP Status Codes | What Do They Mean, and Why Should I Know? - ICANN
Domain Status: clientDeleteProhibited EPP Status Codes | What Do They Mean, and Why Should I Know? - ICANN
Registry Registrant ID: Not Available From Registry
Registrant Name: Trump Orgainzation
Registrant Organization: Trump Orgainzation
Registrant Street: 725 Fifth Avenue
Registrant City: New York
Registrant State/Province: New York
Registrant Postal Code: 10022
Registrant Country: US
Registrant Phone: +1.2128322000
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: @cendyn.com
Registry Admin ID: Not Available From Registry
Admin Name: [Removed]
Admin Organization: Cendyn
Admin Street: [Removed]
Admin Street: Suite 419
Admin City: Boca Raton
Admin State/Province: Florida
Admin Postal Code: 33432
Admin Country: US
Admin Phone: [Removed]
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: ssl.admin@cendyn.com
Registry Tech ID: Not Available From Registry
Tech Name: [Removed]
Tech Organization: Cendyn
Tech Street: [Removed]
Tech Street: Suite 419
Tech City: Boca Raton
Tech State/Province: Florida
Tech Postal Code: 33432
Tech Country: US
Tech Phone: [Removed]
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: ssl.admin@cendyn.com
Name Server: NS1.CDCSERVICES.COM
Name Server: NS2.CDCSERVICES.COM
Name Server: NS3.CDCSERVICES.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/

Last update of WHOIS database: 2016-11-01T01:00:00Z

source for what it’s worth. Probably not a whole lot.

4 Likes

thanks.

i think the reporting confusion arises from the organization and physical address being his, but the registrant tech/admin contact being a marketing company he hired, and of course trump’s campaign hasn’t replied or bothered to clear even something that simple up. they don’t do transparency do they?

2 Likes

some almost on topic humor for the thread:

4 Likes

Well the article was written by Sam Biddle, Lee Fang, Micah Lee, and Morgan Marquis-Boire, so I guess you are calling all of them sloppy and know their personal opinions on Assange, Wikileaks and journalistic integrity?

The article states that the information the Slate article was based on was also reviewed by The New York Times, the Washington Post, Reuters, the Daily Beast, and Vice, since this past summer and that none of these outlets chose to publish it and certainly did not believe that it warranted any “looking into,” something journalistic sources do before publishing news. Therefore, it does seem as you characterize it, a “reminder” of nothing. The Intercept also states that it believes the “communication” you speak of is due to spam: “Although the Slate article mentions Occam’s Razor, Foer never actually takes seriously the simplest plausible explanation for all of this: The Trump Organization owns a bunch of expensive, obnoxious spam servers that churn out marketing emails for its expensive, obnoxious hotels.”

yeah, i saw that multiple news outlets were looking into it, i had not seen any statements that they had decided not to follow the story, or rule any opinion on it, or if they were simply still investigating? source?

if the servers were configured to communicate only with each other as claimed, that rules out the possibility of them being spam servers. if they were spam servers then that claim must be false.

likewise if the traffic patterns and levels were as claimed then this wasn’t a spam server. if it was a spam server then those claims must also be false.

if these were just spam servers wouldn’t it be great if the trump campaign would respond to clear things up? you know transparency?

The Intercept also claims that servers just look up DNS records without necessarily having any traffic, which was their first point and is incorrect.

I don’t think Trump is smart enough to personally pull off anything nefarious like cloak and dagger email servers, if anything did happen i’d guess an aid being paid to keep tabs and offer inside scoops, but i’m not going to delve into conjecture. Just emphasizing that i’m not jumping to any conclusions until something actually points to something nefarious.

If the suspicious configuration and activity are true, it is worth looking into.

If the domain and email server aren’t his as the intercept article claims then this is a non story.

3 Likes

ive got a different view of this.

for quite sometime democrats and republicans alike have believed oil is necessary for our survival. and not just personal survival, the stability of the modern world.

all over the middle east, we’ve been instigating wars and supporting dictatorships in an effort to further these oil interests.

in this view, the clinton and bush saudi connection are all about this. and, in this context, it’s very hard to distinguish between personal interest and personal views. ( except for cheney. he’s evil. and tge iraq war for him was all personal interest. )

in this situation, money is a signal of: hey we’re friendly ( and rich. ) a reminder that interests overlap. it winds up not being so much payola, as simply smoothing the waters.

the problem - as i see it - is that people, with their money and connections, are creating an echo chamber. just like any lobbying situation. all they hear all day are their shared interests, and they forget that the world is warming, that people are dying, and that it’s only going to get worse.

i can believe hilary honestly believes she’s doing something good for us all. even though i disagree with her about that.

i feel the current republican nominee is in cheney’s mold, fwiw.

2 Likes

There was a repeat operation during the lead up to D-day. In fact, there was an entire fake radio network operating in the area to make it appear that units were massing for the invasion there.

1 Like

I don’t know about republicans specifically, but in my very limited experience (certainly not representative) I’d say the breakdown of IT people I know is something like 60% democrat or progressive or even socialist, 30% libertarian (unaffiliated with republicans) and 10% some kind of anarchist or single issue voter with no party loyalty at all (“I want mandatory handkerchief training” randomness) or just don’t give a fuck.

3 Likes

I’m not a libertarian, but a lot of my IT co-workers are. And they tend to end up doing the whole “end users who aren’t professional IT staff are stupid for not knowing all the tricks of my trade” guys.

There’s only one Drumpf “supporter” in my office, but he says he’s abstaining because while he’d rather vote for tRump than Hillary because he believes Hillary sends deathsquads to kill political rivals, he’s said he’s decided to abstain from voting altogether because he claims it doesn’t matter.

I’m just happy he’s throwing his vote away rather than voting tRump. Although I have tried convincing him to write in GoodSpaceGuy who didn’t get on the Washington ballot this year, although he was on it the last few elections. I think GoodSpaceGuy runs on the presidential platform of bringing the Sonics back, IIRC.

3 Likes

Believing it has made it happen.

1 Like