The latest issue of The New Yorker takes a close look the ongoing efforts to decipher a curious pattern of server traffic between Alfa Bank and the Trump Organization during the 2016 campaign.
It's a long piece worth reading to understand why computer experts believe something significant lies in the data.
Examining records for the Trump domain, Max’s group discovered D.N.S. lookups from a pair of servers owned by Alfa Bank, one of the largest banks in Russia. Alfa Bank’s computers were looking up the address of the Trump server nearly every day. There were dozens of lookups on some days and far fewer on others, but the total number was notable: between May and September, Alfa Bank looked up the Trump Organization’s domain more than two thousand times. “We were watching this happen in real time—it was like watching an airplane fly by,” Max said. “And we thought, Why the hell is a Russian bank communicating with a server that belongs to the Trump Organization, and at such a rate?”
Only one other entity seemed to be reaching out to the Trump Organization’s domain with any frequency: Spectrum Health, of Grand Rapids, Michigan. Spectrum Health is closely linked to the DeVos family; Richard DeVos, Jr., is the chairman of the board, and one of its hospitals is named after his mother. His wife, Betsy DeVos, was appointed Secretary of Education by Donald Trump. Her brother, Erik Prince, is a Trump associate who has attracted the scrutiny of Robert Mueller, the special counsel investigating Trump’s ties to Russia ...
(...)
The D.N.S. records raised vexing questions. Why was the Trump Organization’s domain, set up to send mass-marketing e-mails, conducting such meagre activity? And why were computers at Alfa Bank and Spectrum Health trying to reach a server that didn’t seem to be doing anything? After analyzing the data, Max said, “We decided this was a covert communication channel.”
(...)
Given the limitations of D.N.S. data, none of the independent experts I spoke to could be certain of what Alfa Bank and the Trump Organization were doing. Some of them cautioned that it was impossible even to guess at every way that an e-mail system might malfunction. A senior analyst at a D.N.S.-service provider said, “Things can get messed up in unexpected ways.” But Paul and Leto maintained that they had considered and rejected every scenario that they had encountered in decades of cybersecurity work. “Is it possible there is an innocuous explanation for all this?” Paul said. “Yes, of course. And it’s also possible that space aliens did this. It’s possible—just not very likely.”
(...)
This March, after Republicans on the House Intelligence Committee announced that it had found no evidence of collusion between the Trump campaign and Russia, the committee’s Democrats filed a dissent, arguing that there were many matters still to be investigated, including the Trump Organization’s connections to Alfa Bank. The Democrats implored the majority to force Cendyn to turn over computer data that would help determine what had happened. Those records could show who in the Trump Organization used the server. There would probably also be a record of who shut down the Trump domain after the Times contacted Alfa Bank. Cendyn might have records of any outgoing communications sent by the Trump Organization. But the request for further investigation is unlikely to proceed as long as Republicans hold the majority. “We’ve all looked at the data, and it doesn’t look right,” a congressional staffer told me. “But how do you get to the truth?”
Read the full story: Was There a Connection Between a Russian Bank and the Trump Campaign? (The New Yorker)