A Tale of Two Servers or Maybe More

Last October, Slate ran a series of reports of unusual communication between computers registered by Trump Tower, Alfa Bank, and Spectrum Health. Last spring, researchers working at several companies specializing in malware detection across the internet discovered some unusual communications between a server registered by the Trump Organization at Trump Tower on Fifth Ave and a server from Alpha Bank (a Russian bank).

These researchers discovered an unusual set of DNS queries between these computers as well as a third computer at Spectrum Health, controlled by the DeVos family. DNS or Domain Name System is a service that converts the name of a web site like DailyKos.com into its IP address. A DNS query is used to ask for the IP address of a site name.

A lot of networks keep their own set of DNS table to look up internet address. If the name is not found, then another table, perhaps at the network’s communication service or provider is used. These servers keep their DNS table synced between each other. A DNS query is used to request the IP address from a name. Since DNS is a requirement for most web services, DNS queries are usually allowed to pass through routers.

Malware designers know that DNS queries can pass through most routers, so some malware designers use them to pass data to and from malware. A technique known as DNS tunneling allows data to be placed in a DNS query. DNS tunneling is a form of covert channel. A covert channel is an ordinary communication that also carries a hidden message.

However, botnets can use DNS tunneling to act as a covert channel, and these covert channels are very hard to detect. These can be identified only by looking for any C&C information on the DNS in the covert channel. In all network systems nowadays DNS is served as it is, but protocols like HTTP, FTP are one of many methods to analyze and inspect the traffic. So the botnets using DNS tunneling have a better scope for malware writers.

Now, back to our servers owned by Trump Tower and Alfa Bank. Was there any communication going on in the DNS queries between the servers? The only way to know is to get ahold of the actual data packets comprising the DNS queries. A scientist going by the name of Tea Leaves plotted the logs of the DNS queries and they seemed to happen at politically active times in the Trump campaign.

This is a very sophisticated way to communicate with a low bandwidth channel. DNS queries may be logged, but the packets are rarely stored, unlike email. Encrypted messages can be passed, and if they are small like text or emails, they could easily be sent via a program such as iodine.

Thanks to greenbird at this comment, he had the link to The Jester’s tweet about using DNS tunneling for covert communication.

Until the actual DNS packets are inspected, we don’t know if there was any communication going on between these servers. People on the Trump Team are saying that these are only DNS queries, so no communication could be happening. But using DNS tunneling programs, we can see that one can communicate in a very hidden way from one server to another. Perhaps a hidden network can be constructed to allow several machines to communicate, or even a botnet.

And now, Alfa Bank has put out a statement saying that they were hacked and the hacker sent out spoofed DNS queries to make it look like suspicious activity has taken place between the two servers.

Alfa Bank believes that these malicious attacks are designed to create the false impression that Alfa Bank has a secretive relationship with the Trump Organization. In fact, there is not and never has been such a relationship.

Sounds a little defensive to me and the statement has been put out way too late. And who would bother with putting out spoofed DNS queries as most people would assume they are sent as a regular part of network operation? Only people specialized in low level internet operation and politics would have even noticed the strange pattern of queries. And fewer still would have even matched a capacity for communication with them.


Who else is connected to the servers at Alfa Bank? Why Robert Mercer is connected to this bank. According to The Bipartisan Report, Mercer’s company, Renaissance Technology, invested in two large Russian telecom companies, VimpelCom and Mobile TeleSystems. Those companies are waiting for a large payoff if Russia and the US become friendly. Additionally, VimpelCom is owned by by Ukrainian-born billionaire Mikhail Fridman. Fridman is Chairman of Alfa Bank and a personal friend of Vladimir Putin.

The connection between Mercer, Fridman, Trump, and the Russian government is beyond shady and during the course of the investigation (that needs to take place) it’s only a matter of time before Mercer’s name emerges.

The web of interconnected billionaire and shady business deals is reaching critical mass and something’s going to break. It will be interesting to say the least.

Confused Allegiance


On Sunday, 29 Jan 17, a military convoy with a vehicle flying a “Trump” flag was spotted driving through Louisville, Kentucky. Video was also taken of the vehicles, especially the numbers on the trucks.

Chris Rowzee, a spokeswoman for IndivisibleKY, said she was “disturbed” to see the flag on a military vehicle.

“To show a partisan political leaning on a military vehicle is very reminiscent of Nazi Germany,” she said, as quoted by the Courier-Journal.

Defense Department spokesman Maj. Jamie Davis said that it would violate regulations to fly that flag on a military vehicle.

“That is not standard procedure,” he said as quoted in the report.

Davis said it would also violate regulations to run a military convoy with no unit markings on the vehicles, and said he did not think the vehicles belonged to any service branch. Per the report, he suggested that they were military surplus.

According to the story at Talking Points Memo, the Army denied the vehicles were theirs as no unit flag was flying. Tracey Metcalf, a spokesman for Ft Knox said the vehicles were not theirs. Maj. Stephen Martin from the National Guard said that the vehicles are not theirs either.

After the video was posted by IndivisibleKY, ABC news found that the vehicles belonged to a Navy Seal unit.

The vehicles did not have any identifiable markings and the mystery deepened when local military bases in Kentucky said that the vehicles did not belong to their units.

“The convoy were service members assigned to an East Coast-based Naval Special Warfare unit driving vehicles while transiting between two training locations,” Lieutenant Jacqui Maxwell, a spokesperson for Naval Special Warfare Group 2, told ABC News. Naval Special Warfare Units is the official Navy term for its elite SEAL special operations teams.

The spokesperson said that a command inquiry has been initiated to determine what flag was being flown by the vehicle in the convoy.

“Defense Department and Navy regulations prescribe flags and pennants that may be displayed as well as the manner of display,” said Maxwell. “The flag shown in the video was unauthorized.”

Some Navy Seals or support personnel need to be reminded for whom they serve and the oath they took to protect and defend the Constitution of the Untied States, not some guy sitting in the White House. That guy in the White House also needs to be reminded to whom he serves. They serve at the discretion of the People of the United States.

That is why partisan symbols are not allowed on military property. Patriotism is not limited to a specific political party. Put up an American flag all Americans can get behind or put up a unit flag the seals can get behind, but don’t put up a partisan flag with a political phrase on it. Come on Seals, you can do better.

When We Practice to Deceive

On Saturday, Donald Trump went to the CIA to try to patch up the relationship between him and the CIA after a series of tweets and calling the agency Nazis. But it appears Trump made the situation worse by bragging and preening before the CIA memorial honoring the men and women that gave their lives i the performance of their duty.

Worse yet, tone deaf Trump did not even mention the sacrifices of these officers and only spent a couple of minutes praising the agency and saying he wanted to work with them. The rest of the time he spent trying to tell the agents that he had more attendance at his inauguration than Obama did. The question to ask is “How did the lie go over at the CIA?”

According to CBS news:

U.S. government sources tell CBS News that there is a sense of unease in the intelligence community after President Trump’s visit to CIA headquarters on Saturday.

From Talking Points Memo:

A presidential speech that was intended to thank the intelligence community quickly went off the rails Saturday as Donald Trump talked about himself, his inauguration crowd, the dishonest media and how great his party was.

Here is the entire speech in all of its vainglorius, rambling, narcissism.

Here is the reaction of a former CIA agent to Donald Trump’s speech.

“I mean there’s a sense of outrage, but there’s also such a sense of sadness,” Mudd added. “Those aren’t stars, Wolf, those are people.”

“We have a president who has to talk about how many times he’s been on a Time Magazine cover in comparison to a football player,” Mudd later added. “He has to talk about how many people showed up at his inauguration. He’s got to talk about how many people in the CIA enjoyed his speech. That’s what we get to honor the people who lost their lives.”

And even more bizarrely, CBS news reports that Trump brought along a crew to clap and yell for him. According to CBS, these people sat in the front while the CIA agents and management sat behind them and were mostly silent.

Again from CBS:

Authorities are also pushing back against the perception that the CIA workforce was cheering for the president. They say the first three rows in front of the president were largely made up of supporters of Mr. Trump’s campaign.

An official with knowledge of the make-up of the crowd says that there were about 40 people who’d been invited by the Trump, Mike Pence and Rep. Mike Pompeo teams. The Trump team originally expected Rep. Pompeo, R-Kansas, to be sworn in during the event as the next CIA director, but the vote to confirm him was delayed on Friday by Senate  Democrats. Also sitting in the first several rows in front of the president was the CIA’s senior leadership, which was not cheering the remarks.

Yael Eisenstat is a former CIA officer and lost a good friend, Gregg Wenzel, who’s star is one of the 117 stars on the wall at CIA. Here’s what she had to say about Trump’s visit to CIA last Saturday:

In Mr. Trump’s rambling, 15-minute speech, he made only one reference to the memorial, saying, “The wall behind me is very, very special,” before pivoting to his familiar mode of narcissistic diatribe, peppered with the occasional misplaced joke.

He used my former agency to advance his own delusional vision of grandeur. When I see our president use a wall that symbolizes the ultimate sacrifice as a backdrop for his vanity, I cannot play down its seriousness. And when he borrows a line straight from a dictator’s playbook — “Probably almost everybody in this room voted for me, but I will not ask you to raise your hands if you did” — I cannot remain silent.

And concluding with:

In my years of service, and since, I never imagined that it would be the president himself who would denigrate our very institutions and those who serve faithfully. Mr. Trump’s speech on Saturday was, for me, a terrifying display of the dangerous way in which he will govern. It also showed his complete disregard for the very people we rely on to keep us safe, including my friend Gregg Wenzel.

Trump and Putin Sitting in a Tree


Trump and Putin sitting in a tree, K-I-S-S-I-N-G. First comes love [money], then comes marriage [taking down NATO], then comes baby in a baby carriage [Russia taking the Baltic States].

Donald Trump is now the official nominee of the Republican party in the United States. In the past year, there have been disturbing hints of unusually close ties between the Trump family and the Russian government.

Over the last year there has been a recurrent refrain about the seeming bromance between Donald Trump and Russian President Vladimir Putin. More seriously, but relatedly, many believe Trump is an admirer and would-be emulator of Putin’s increasingly autocratic and illiberal rule. But there’s quite a bit more to the story. At a minimum, Trump appears to have a deep financial dependence on Russian money from persons close to Putin. And this is matched to a conspicuous solicitousness to Russian foreign policy interests where they come into conflict with US policies which go back decades through administrations of both parties. There is also something between a non-trivial and a substantial amount of evidence suggesting Putin-backed financial support for Trump or a non-tacit alliance between the two men.

Now that Donald Trump is the official Republican party nominee, he and his campaign will be getting highly classified national security briefings. I guess its from the CIA, to Donald, to Manafort, to Trumps Russian investors, to Putin. Could Manafort even get any clearance at all? He’s worked for various dictators as well as the Pakistani Intelligence Services who have close ties to Al Qaeda. Paul Manafort may not want to get those briefings because having the clearance means he could get prison time if he fucks up and shares information.

The aides were rushed through an intense security-clearance process, and while the Trump campaign didn’t respond to an inquiry about which aide would join Trump in the briefings, people familiar with the process said it is difficult to imagine Manafort clearing such a process.

“Ties to Russia and the Kremlin would without question be a matter of concern. He’d have to explain in far more detail what the contact has been. That will have to be fleshed out in far more detail,” said Moss. “It would be difficult — but not impossible — to imagine security clearing him.”

A former Republican national security official put it more bluntly: “He’s an intelligence classification vetting nightmare scenario.”

And last week, during the run up to the Republican convention, the only time Trump’s campaign expressed any interest in international events was to strip out any support for an independent Ukraine.

Still, Republican delegates at last week’s national security committee platform meeting in Cleveland were surprised when the Trump campaign orchestrated a set of events to make sure that the GOP would not pledge to give Ukraine the weapons it has been asking for from the United States.

Inside the meeting, Diana Denman, a platform committee member from Texas who was a Ted Cruz supporter, proposed a platform amendment that would call for maintaining or increasing sanctions against Russia, increasing aid for Ukraine and “providing lethal defensive weapons” to the Ukrainian military.

“Today, the post-Cold War ideal of a ‘Europe whole and free’ is being severely tested by Russia’s ongoing military aggression in Ukraine,” the amendment read. “The Ukrainian people deserve our admiration and support in their struggle.”

Trump staffers in the room, who are not delegates but are there to oversee the process, intervened. By working with pro-Trump delegates, they were able to get the issue tabled while they devised a method to roll back the language.

On the sideline, Denman tried to persuade the Trump staffers not to change the language, but failed. “I was troubled when they put aside my amendment and then watered it down,” Denman told me. “I said, ‘What is your problem with a country that wants to remain free?’ It seems like a simple thing.”

Finally, Trump staffers wrote an amendment to Denman’s amendment that stripped out the platform’s call for “providing lethal defensive weapons” and replaced it with softer language calling for “appropriate assistance.”

Apparently Trump’s own party is outraged about Trumps remarks about not supporting our NATO allies.

Republicans are already reacting with outrage. “Totally insane,” is how former ambassador Eric Edelman describes the remarks. “He says he has been advised by Secretaries Baker and Kissinger but I find it hard to imagine that they would have recommended the things that he said in his New York Times interview. It would be totally contrary to everything they have written and the manner in which they conducted themselves in office.” He continued, “His comments have already undermined U.S. alliances, emboldened Russian revanchists, degraded our extended nuclear deterrent, threatened multiple trade wars that would beggar the international economy and destroy American prosperity.” Danielle Pletka of the American Enterprise Institute tells Right Turn, “Donald Trump is apparently the bastard stepchild of Charles Lindbergh and Barack Obama, at once embarrassed by American values and leadership, contemptuous of loyalty unless it’s to him, strangely drawn to dictators and utterly ignorant of history.” She added, “If this guy led another country, we’d be considering sanctions and fretting about his political enemies languishing in prison.”

When this story finally starts making more traction in the news, what will happen to the Republican’s Siberian candidate?

At some level, Mr. Trump’s motives shouldn’t matter. We should be horrified at the spectacle of a major-party candidate casually suggesting that he might abandon American allies — just as we should be horrified when that same candidate suggests that he might welsh on American financial obligations. But there’s something very strange and disturbing going on here, and it should not be ignored.

And the right is also getting worried about Trump’s Russian connections of Paul Manafort, Carter Page, and retired Lt. Gen Michael Flynn.

Honest and patriotic Republicans who support Trump, or are tempted to do so, should review some of the publicly available evidence. Trump’s business seems to be heavily dependent on Russian investment. His top campaign advisor, Paul Manafort, was the advisor to the Putin-backed stooge Viktor Yanukovich, and has deep ties to the Putin apparat. One of Trump’s national security advisors, retired Lt. General Michael Flynn, was paid to give a speech at a Russian propaganda celebration and was seated next to Putin. Trump’s Russia advisor Carter Page, who does much of his business with Russian companies, has argued, among other things, that “a few officials in Washington” annexed Ukraine and that the “so-called annexation” of Crimea by Russia was a rational response to this injustice.

I sincerely hope that the Republican party rethinks its current selection of the Donald Trump as its nominee. As a left leaning independent, I’m horrified that a major national political party did so little vetting on its nominee.

Trump, Nazi-Enabler

UPDATE (3/2/16):

Until today, I was using the term Nazi Enabler in a rhetorical manner, but not now. Here is a video of actual neo-nazis roughing up a black woman at a Trump rally.

The hat-wearing Trump supporter appears to be white nationalist Matthew Heimbach, head of the Traditionalist Worker Party, according to other protesters who spoke with the New York Daily News.

Matthew Heimbach was fired as a child welfare case worker in Illinois, according to Hatewatch.

“Matthew Heimbach was employed with DCS from Jan. 11 to Jan. 28, 2016, as a family case manager trainee,” Hungate said in a brief email response. “His probationary working test was terminated on Jan. 28.

When pressed, the agency spokeswoman said Heimbach “was dismissed for his behavior at work.”

“His behavior in training was disruptive of the workplace, incompatible with public service, and not protected speech. For example, what I’ve been told is that, while in training, his response to a question suggested violence against a client,” Hungate told Hatewatch.

And finally, Donald’s son is being interviewed by a white supremacist show, The Political Cesspool.

As Edwards broadcast his show live from the Trump rally on Saturday, he and his co-hosts praised the real estate developer for building support among a broad swath of white people. Edwards compared Trump’s coalition-building to the efforts of the hated Republican elites, whose, “way of growing the party is to let every minority in and pander to them and sell out the traditional base of the Republican party, which is white people.”

Edwards said he and his co-hosts have attended three different Trump rallies in recent months: One in Illinois, one in Arkansas, and the rally in Memphis. With press credentials from Trump, the white supremacists feel “every bit as legit” as members of the traditional media, he added.

I have a friend, who was supporting Donal Trump for president, until this weekend that is. Earlier he had asked why I was not supporting Trump as his earlier political positions seemed very moderate. I said that I thought he was a Nazi Enabler and a probable supporter of white supremacy based on what has actually come out of his mouth in his earlier statements. Now this weekend he is retweeting Mussolini. He actually retweeted a Gawker bot that would periodically send out fascist quotes attributed to Trump.

Twitter is Trump’s preferred social media platform for direct communication with his followers, haters, and—most importantly—the journalists who obsessively cover his carnival-like presidential campaign. It’s where Trump goes to personally insult his enemies and opponents, but it’s also where he seeks evidence of his greatness, and regularly retweets (in his idiosyncratic style, quoting entire tweets rather than using the network’s built-in retweet tool) praise for himself.

And here is is refusing to disavow the Klan and white supremacy on CNN:

What really interesting about his claim to know nothing of white supracism and the KKK, is that in earlier run for president, he explicitly called out David Duke and the Klan as something he would not support. He most certainly knows the Klan as his father was a member in the Klan before WW2.

I can’t believe he has this much support. But the Nazis rose to power with about 38% of Germans supporting them. It’s frightening to realize the GOP is about 38% of the American populace. As an Independent, I’m starting to be concerned.