Quote:
Originally Posted by m_reed05
Anybody with technical knowledge have theories on this Trump Russia computer connection? Listening to 'experts' on CNN, nothing really makes sense.
Quote:
Originally Posted by 8=====D
If the computer was hacked and it was sending data back to the hacker they'd probably have it send the data first to some botnet computer and then through tor to hide their tracks. So it was unlikely that.
If someone was doing communicating with russians doing something shady they'd probably be using tor also, so probably not that either.
So it was probably innocent stuff like a russian advertisement embedded on a porn or torrent site, maybe worst case a non state backed hacker who didn't care about covering his tracks.
Well the facts of the data is pretty interesting.
Quote:
Internet data shows that last summer, a computer server owned by Russia-based Alfa Bank repeatedly looked up the contact information for a computer server being used by the Trump Organization -- far more than other companies did, representing 80% of all lookups to the Trump server.
It's unclear if the Trump Organization server itself did anything in return. No one has produced evidence that the servers actually communicated.
...
From May 4 until September 23, the Russian bank looked up the address to this Trump corporate server 2,820 times -- more lookups than the Trump server received from any other source.
As noted, Alfa Bank alone represents 80% of the lookups, according to these leaked internet records.
Far back in second place, with 714 such lookups, was a company called Spectrum Health.
Spectrum is a medical facility chain led by Dick DeVos, the husband of Betsy DeVos, who was appointed by Trump as U.S. education secretary.
Together, Alfa and Spectrum accounted for 99% of the lookups.
http://www.cnn.com/2017/03/09/politi...ion/index.html
So 99% of the Russian bank's server's DNS lookups were for servers owned by Trump, and Devos.
The Trump server was apparently an email server.
I haven't looked into this much, but I don't know what kind of server the Devos server is. But I think the advertisement theory doesn't hold much water, because DNS queries to the Devos server comprised 19% of the DNS queries.
The advertisement theory, which apparently is being pushed by the Russian bank itself, is this:
Quote:
Alfa Bank has maintained that the most likely explanation is that the server communication was the result of spam marketing. Bank executives have stayed at Trump hotels, so it's possible they got subsequent spam marketing emails from the Trump Organization. Those emails might have set off defensive cybersecurity measures at the bank, whose servers would respond with a cautious DNS lookup. Alfa Bank said it used antispam software from Trend Micro, whose tools would do a DNS lookup to know the source of the spam.
Alfa Bank said it brought U.S. cybersecurity firm Mandiant to Moscow to investigate. Mandiant had a "working hypothesis" that the activity was "caused by email marketing/spam" on the Trump server's end, according to representatives for Alfa Bank and Mandiant. The private investigation is now over, Alfa Bank said.
OK, so what about the other 19% of DNS queries to the Devos server?
I don't have a theory, but with 99% of DNS queries going collectively to a Trump and Devos server, it's very fishy imo.