In late July, one of these scientists—who asked to be referred to as Tea Leaves, a pseudonym that would protect his relationship with the networks and banks that employ him to sift their data—found what looked like malware emanating from Russia. The destination domain had Trump in its name, which of course attracted Tea Leaves’ attention. But his discovery of the data was pure happenstance—a surprising needle in a large haystack of DNS lookups on his screen. “I have an outlier here that connects to Russia in a strange way,” he wrote in his notes. He couldn’t quite figure it out at first. But what he saw was a bank in Moscow that kept irregularly pinging a server registered to the Trump Organization on Fifth Avenue.
More data was needed, so he began carefully keeping logs of the Trump server’s DNS activity. As he collected the logs, he would circulate them in periodic batches to colleagues in the cybersecurity world. Six of them began scrutinizing them for clues.
The researchers quickly dismissed their initial fear that the logs represented a malware attack. The communication wasn’t the work of bots. The irregular pattern of server lookups actually resembled the pattern of human conversation—conversations that began during office hours in New York and continued during office hours in Moscow. It dawned on the researchers that this wasn’t an attack, but a sustained relationship between a server registered to the Trump Organization and two servers registered to an entity called Alfa Bank.
* * *
Alfa’s oligarchs occupied an unusual position in Putin’s firmament. They were insiders but not in the closest ring of power. “It’s like they were his judo pals,” one former U.S. government official who knows Fridman told me. “They were always worried about where they stood in the pecking order and always feared expropriation.” Fridman and Aven, however, are adept at staying close to power. As the U.S. District Court for the District of Columbia once ruled, in the course of dismissing a libel suit the bankers filed, “Aven and Fridman have assumed an unforeseen level of prominence and influence in the economic and political affairs of their nation.”
* * *
Tea Leaves and his colleagues plotted the data from the logs on a timeline. What it illustrated was suggestive: The conversation between the Trump and Alfa servers appeared to follow the contours of political happenings in the United States. “At election-related moments, the traffic peaked,” according to Camp. There were considerably more DNS lookups, for instance, during the two conventions.
No comments:
Post a Comment