The New Yorker writer Dexter Filkins asks Was There a Connection Between a Russian Bank and the Trump Campaign? A team of computer scientists sifted through records of unusual Web traffic in search of answers.
You might recall my preoccupation with this story. I’m not sure that you will get more out of it than what’s already been reported, but here is the beginning (for background) and conclusion.
In June, 2016, after news broke that the Democratic National Committee had been hacked, a group of prominent computer scientists went on alert. Reports said that the infiltrators were probably Russian, which suggested to most members of the group that one of the country’s intelligence agencies had been involved. They speculated that if the Russians were hacking the Democrats they must be hacking the Republicans, too. “We thought there was no way in the world the Russians would just attack the Democrats,” one of the computer scientists, who asked to be identified only as Max, told me.
The group was small—a handful of scientists, scattered across the country—and politically diverse. (Max described himself as “a John McCain Republican.”) Its members sometimes worked with law enforcement or for private clients, but mostly they acted as self-appointed guardians of the Internet, trying to thwart hackers and to keep the system clean of malware—software that hackers use to control a computer remotely, or to extract data. “People think the Internet runs on its own,” Max told me. “It doesn’t. We do this to keep the Internet safe.” The hack of the D.N.C. seemed like a pernicious attack on the integrity of the Web, as well as on the American political system. The scientists decided to investigate whether any Republicans had been hacked, too. “We were trying to protect them,” Max said.
Max’s group began combing the Domain Name System, a worldwide network that acts as a sort of phone book for the Internet, translating easy-to-remember domain names into I.P. addresses, the strings of numbers that computers use to identify one another. Whenever someone goes online—to send an e-mail, to visit a Web site—her device contacts the Domain Name System to locate the computer that it is trying to connect with. Each query, known as a D.N.S. lookup, can be logged, leaving records in a constellation of servers that extends through private companies, public institutions, and universities. Max and his group are part of a community that has unusual access to these records, which are especially useful to cybersecurity experts who work to protect clients from attacks.
As Max and his colleagues searched D.N.S. logs for domains associated with Republican candidates, they were perplexed by what they encountered. “We went looking for fingerprints similar to what was on the D.N.C. computers, but we didn’t find what we were looking for,” Max told me. “We found something totally different—something unique.” In the small town of Lititz, Pennsylvania, a domain linked to the Trump Organization (mail1.trump-email.com) seemed to be behaving in a peculiar way. The server that housed the domain belonged to a company called Listrak, which mostly helped deliver mass-marketing e-mails: blasts of messages advertising spa treatments, Las Vegas weekends, and other enticements. Some Trump Organization domains sent mass e-mail blasts, but the one that Max and his colleagues spotted appeared not to be sending anything. At the same time, though, a very small group of companies seemed to be trying to communicate with it.
Examining records for the Trump domain, Max’s group discovered D.N.S. lookups from a pair of servers owned by Alfa Bank, one of the largest banks in Russia. Alfa Bank’s computers were looking up the address of the Trump server nearly every day. There were dozens of lookups on some days and far fewer on others, but the total number was notable: between May and September, Alfa Bank looked up the Trump Organization’s domain more than two thousand times. “We were watching this happen in real time—it was like watching an airplane fly by,” Max said. “And we thought, Why the hell is a Russian bank communicating with a server that belongs to the Trump Organization, and at such a rate?”
The researchers I spoke with were careful to point out that the limits of D.N.S. data prevent them from going beyond speculation. If employees of the companies were talking, the traffic reveals nothing about who they were or what they were saying; it is difficult to rule out something as banal as a protracted game of video poker. “If I’m a cop, I’m not going to take this to the D.A. and say we’re ready to prosecute,” Leto said. “I’m going to say we have enough to ask for a search warrant.” More complete information could be difficult to obtain. This March, after Republicans on the House Intelligence Committee announced that it had found no evidence of collusion between the Trump campaign and Russia, the committee’s Democrats filed a dissent, arguing that there were many matters still to be investigated, including the Trump Organization’s connections to Alfa Bank. The Democrats implored the majority to force Cendyn to turn over computer data that would help determine what had happened. Those records could show who in the Trump Organization used the server. There would probably also be a record of who shut down the Trump domain after the Times contacted Alfa Bank. Cendyn might have records of any outgoing communications sent by the Trump Organization. But the request for further investigation is unlikely to proceed as long as Republicans hold the majority. “We’ve all looked at the data, and it doesn’t look right,” a congressional staffer told me. “But how do you get to the truth?”
The enigma, for now, remains an enigma. The only people likely to finally resolve the question of Alfa Bank and the Trump Organization are federal investigators. Max told me that no one in his group had been contacted. But, he said, it wasn’t necessary for anyone in the F.B.I. to talk to him, if the agents gathered the right information from other sources, like Listrak and Cendyn. “I hope Mueller has all of it,” he said.