A Tale of Two Servers or Maybe More

Last October, Slate ran a series of reports of unusual communication between computers registered by Trump Tower, Alfa Bank, and Spectrum Health. Last spring, researchers working at several companies specializing in malware detection across the internet discovered some unusual communications between a server registered by the Trump Organization at Trump Tower on Fifth Ave and a server from Alpha Bank (a Russian bank).

These researchers discovered an unusual set of DNS queries between these computers as well as a third computer at Spectrum Health, controlled by the DeVos family. DNS or Domain Name System is a service that converts the name of a web site like DailyKos.com into its IP address. A DNS query is used to ask for the IP address of a site name.

A lot of networks keep their own set of DNS table to look up internet address. If the name is not found, then another table, perhaps at the network’s communication service or provider is used. These servers keep their DNS table synced between each other. A DNS query is used to request the IP address from a name. Since DNS is a requirement for most web services, DNS queries are usually allowed to pass through routers.

Malware designers know that DNS queries can pass through most routers, so some malware designers use them to pass data to and from malware. A technique known as DNS tunneling allows data to be placed in a DNS query. DNS tunneling is a form of covert channel. A covert channel is an ordinary communication that also carries a hidden message.

However, botnets can use DNS tunneling to act as a covert channel, and these covert channels are very hard to detect. These can be identified only by looking for any C&C information on the DNS in the covert channel. In all network systems nowadays DNS is served as it is, but protocols like HTTP, FTP are one of many methods to analyze and inspect the traffic. So the botnets using DNS tunneling have a better scope for malware writers.

Now, back to our servers owned by Trump Tower and Alfa Bank. Was there any communication going on in the DNS queries between the servers? The only way to know is to get ahold of the actual data packets comprising the DNS queries. A scientist going by the name of Tea Leaves plotted the logs of the DNS queries and they seemed to happen at politically active times in the Trump campaign.

This is a very sophisticated way to communicate with a low bandwidth channel. DNS queries may be logged, but the packets are rarely stored, unlike email. Encrypted messages can be passed, and if they are small like text or emails, they could easily be sent via a program such as iodine.

Thanks to greenbird at this comment, he had the link to The Jester’s tweet about using DNS tunneling for covert communication.

Until the actual DNS packets are inspected, we don’t know if there was any communication going on between these servers. People on the Trump Team are saying that these are only DNS queries, so no communication could be happening. But using DNS tunneling programs, we can see that one can communicate in a very hidden way from one server to another. Perhaps a hidden network can be constructed to allow several machines to communicate, or even a botnet.

And now, Alfa Bank has put out a statement saying that they were hacked and the hacker sent out spoofed DNS queries to make it look like suspicious activity has taken place between the two servers.

Alfa Bank believes that these malicious attacks are designed to create the false impression that Alfa Bank has a secretive relationship with the Trump Organization. In fact, there is not and never has been such a relationship.

Sounds a little defensive to me and the statement has been put out way too late. And who would bother with putting out spoofed DNS queries as most people would assume they are sent as a regular part of network operation? Only people specialized in low level internet operation and politics would have even noticed the strange pattern of queries. And fewer still would have even matched a capacity for communication with them.

[UPDATE]

Who else is connected to the servers at Alfa Bank? Why Robert Mercer is connected to this bank. According to The Bipartisan Report, Mercer’s company, Renaissance Technology, invested in two large Russian telecom companies, VimpelCom and Mobile TeleSystems. Those companies are waiting for a large payoff if Russia and the US become friendly. Additionally, VimpelCom is owned by by Ukrainian-born billionaire Mikhail Fridman. Fridman is Chairman of Alfa Bank and a personal friend of Vladimir Putin.

The connection between Mercer, Fridman, Trump, and the Russian government is beyond shady and during the course of the investigation (that needs to take place) it’s only a matter of time before Mercer’s name emerges.

The web of interconnected billionaire and shady business deals is reaching critical mass and something’s going to break. It will be interesting to say the least.

A False Flag Operation?

trumpflag2

The above image was taken at the CPAC conference today. CPAC is a conservative political action committee of right-wing Republican supporters. Someone handed out these Russian flags with Trumps name on them. The not-too-bright attendees started waving them, unaware that they were Russian flags. An epic troll.

Here is a close up:

trumprussiaflag

Update:

Here is one of the young men who purchased a ticket to CPAC and handed out the flags.

“I asked people if they wanted a Trump flag and they took it,” Charter said. “Many Trump supporters were proudly waving their Russian Trump flag.”

“I think it says a lot about Donald Trump’s base and their education level,” he added. “I don’t want to insult anyone, but I think you should know what the Russian flag is. They are one of the world’s major powers, and it’s a pretty easily recognized flag.”

xyhyw1follvkfjdvdy4h

You go guy. Let your freak flag fly.

Glue + Genitals = Bad Idea

I was browsing Vice’s Motherboard blog and saw the story, Please Don’t Glue Your Labia Shut. What’s this? I ask, gluing your labia together? Why for fuck’s sake would anyone do this? What could possibly be the benefit to pasting the old cooter together? Intrigued and mortified at the same time, and clenching my legs together protectively, I clicked on the link.

logowhite

According to Vice:

Wichita-based chiropractor Daniel Dopps’ created Mensez, a product named for a pun on “menses” but definitely also a good pun for “men says.” It’s a combination of amino acids and natural oils in a lipstick applicator, according to his product website. He claims that it seals one’s labia minora shut, trapping all of that icky lady business inside, and dissolves when it comes in contact with urine.

Who the hell would want all of that sloshing around inside all day? Actually I would be afraid of undoing the glue. Wouldn’t it hurt? Supposedly your urine would make the glue dissolve. But isn’t the urethral opening in front of the labia? How would the urine get inside where the labial lips are glued together? So many questions and I see Kavin Senapathy over at Forbes has many of the same questions.

This has got to be a joke right? Actually Daniel Dopps patented his “invention”.

Yeah, this sounds like a joke, but it’s real enough for Dopps to have filed a patent for his miracle product in January. “Our products are still in development and will be available some time in 2017,” Mensez Technologies’ website states. “Check with your favorite retailer and ask them watch for and stock Mensez.” We’ve reached out to Dopps to confirm these plans and will update if he responds.

And the name “Mensez”, sounds rather like Men says. And on his now defunct Facebook page, he is extremely condescending to women, but at the same time seems incredibly ignorant how lady parts work.

He easily corroborated this charge in a response to one visitor’s comment on the Mensez Facebook page, in which he explained that “[Y]ou as a woman should have come up with a better solution than diapers and plugs, but you didn’t. Reason being women are focused on and distracted by your period 25% of the time, making them far less productive than they could be. Women tend to be far more creative than men, but their periods that [sic] stifle them and play with their heads.” Dopps added over the phone that “a lot of the LGBT community, lesbians in particular, are furious at me because I’m a white straight man.”

Dr Jen Gunter, OB/GYN, has a blog dealing with women’s issues has a great takedown:

So no, a Kansas chiropractor has likely not invented Post-it Notes glue for the labia. However, if it is as amazing as he claims I would love to see a video or him using it on his own lips. How he gets the urine up there is, of course, his business.

So I read the linked articles, and me and my vajayjay now feel reassured that this substance (most likely imaginary) will never make it to market. Dopps is now claiming that his Facebook page has been hacked and that is why it has been shutdown. Like that is the real reason. It probably has to do with the wide mockery about his product from women.

Imitating Alex Jones

A new character on Showtime’s Homeland seems to be modeled on Alex Jones, the host of rightwing conspiracy site InfoWars.

Franny is going to have the weirdest teen years. “Casus Belli” opens with Quinn’s new pal “Fake Alex Jones” yelling hoarse accusations on air at Madame President-Elect Keane regarding the now infamous Sekou van explosion and the ever looming threat of general terror. This actor really spun together a vividly inspired and unique take on “unhinged radio personality.” Our host of “Real Truth” has a voice like 30 years of Dunkin’ Donuts coffee and the emo hair and dad sweater of a man trying to stay relevant in 2017. Oddly enough, and by no fault of Homeland, it still isn’t as weird as the actual Alex Jones yelling about the actual president. This is just going to be a recurring phenomenon in Homeland from here on out, I suspect.

The following is an example of the real Alex Jones, who may be far more bizarre then anything come up with by a writer or actor. He’s a man who believes in aliens taking over the government, chemtrails, foreign infiltration of the government, and any other delusional crap he can come up with. He also promoted PizzaGate and thinks Hillary Clinton is the Anti-Christ and demon possessed.

According to RawStory:

After calling it “not a very good imitation,” Jones admitted that some people actually think he’s on the show now.

Even Jones admitted that the character is not a very good imitation of him. He’s right, there’s no amount of acting that can accurately portray that amount of whacked out delusion. And those viewers of his who think he is on Homeland, wow, not even existing in the same reality as the rest of us.

Confused Allegiance

trumpmilveh

On Sunday, 29 Jan 17, a military convoy with a vehicle flying a “Trump” flag was spotted driving through Louisville, Kentucky. Video was also taken of the vehicles, especially the numbers on the trucks.

Chris Rowzee, a spokeswoman for IndivisibleKY, said she was “disturbed” to see the flag on a military vehicle.

“To show a partisan political leaning on a military vehicle is very reminiscent of Nazi Germany,” she said, as quoted by the Courier-Journal.

Defense Department spokesman Maj. Jamie Davis said that it would violate regulations to fly that flag on a military vehicle.

“That is not standard procedure,” he said as quoted in the report.

Davis said it would also violate regulations to run a military convoy with no unit markings on the vehicles, and said he did not think the vehicles belonged to any service branch. Per the report, he suggested that they were military surplus.

According to the story at Talking Points Memo, the Army denied the vehicles were theirs as no unit flag was flying. Tracey Metcalf, a spokesman for Ft Knox said the vehicles were not theirs. Maj. Stephen Martin from the National Guard said that the vehicles are not theirs either.

After the video was posted by IndivisibleKY, ABC news found that the vehicles belonged to a Navy Seal unit.

The vehicles did not have any identifiable markings and the mystery deepened when local military bases in Kentucky said that the vehicles did not belong to their units.

“The convoy were service members assigned to an East Coast-based Naval Special Warfare unit driving vehicles while transiting between two training locations,” Lieutenant Jacqui Maxwell, a spokesperson for Naval Special Warfare Group 2, told ABC News. Naval Special Warfare Units is the official Navy term for its elite SEAL special operations teams.

The spokesperson said that a command inquiry has been initiated to determine what flag was being flown by the vehicle in the convoy.

“Defense Department and Navy regulations prescribe flags and pennants that may be displayed as well as the manner of display,” said Maxwell. “The flag shown in the video was unauthorized.”

Some Navy Seals or support personnel need to be reminded for whom they serve and the oath they took to protect and defend the Constitution of the Untied States, not some guy sitting in the White House. That guy in the White House also needs to be reminded to whom he serves. They serve at the discretion of the People of the United States.

That is why partisan symbols are not allowed on military property. Patriotism is not limited to a specific political party. Put up an American flag all Americans can get behind or put up a unit flag the seals can get behind, but don’t put up a partisan flag with a political phrase on it. Come on Seals, you can do better.