HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » Editorials & Other Articles (Forum) » Was a Trump Server Commun...

Wed Nov 2, 2016, 05:26 PM

Was a Trump Server Communicating With Russia? - a group of computer scientists investigates

http://www.slate.com/articles/news_and_politics/cover_story/2016/10/was_a_server_registered_to_the_trump_organization_communicating_with_russia.html
In late spring, this community of malware hunters placed itself in a high state of alarm. Word arrived that Russian hackers had infiltrated the servers of the Democratic National Committee, an attack persuasively detailed by the respected cybersecurity firm CrowdStrike. The computer scientists posited a logical hypothesis, which they set out to rigorously test: If the Russians were worming their way into the DNC, they might very well be attacking other entities central to the presidential campaign, including Donald Trump’s many servers. “We wanted to help defend both campaigns, because we wanted to preserve the integrity of the election,” says one of the academics, who works at a university that asked him not to speak with reporters because of the sensitive nature of his work.

Hunting for malware requires highly specialized knowledge of the intricacies of the domain name system—the protocol that allows us to type email addresses and website names to initiate communication. DNS enables our words to set in motion a chain of connections between servers, which in turn delivers the results we desire. Before a mail server can deliver a message to another mail server, it has to look up its IP address using the DNS. Computer scientists have built a set of massive DNS databases, which provide fragmentary histories of communications flows, in part to create an archive of malware: a kind of catalog of the tricks bad actors have tried to pull, which often involve masquerading as legitimate actors. These databases can give a useful, though far from comprehensive, snapshot of traffic across the internet. Some of the most trusted DNS specialists—an elite group of malware hunters, who work for private contractors—have access to nearly comprehensive logs of communication between servers. They work in close concert with internet service providers, the networks through which most of us connect to the internet, and the ones that are most vulnerable to massive attacks. To extend the traffic metaphor, these scientists have cameras posted on the internet’s stoplights and overpasses. They are entrusted with something close to a complete record of all the servers of the world connecting with one another.

In late July, one of these scientists—who asked to be referred to as Tea Leaves, a pseudonym that would protect his relationship with the networks and banks that employ him to sift their data—found what looked like malware emanating from Russia. The destination domain had Trump in its name, which of course attracted Tea Leaves’ attention. But his discovery of the data was pure happenstance—a surprising needle in a large haystack of DNS lookups on his screen. “I have an outlier here that connects to Russia in a strange way,” he wrote in his notes. He couldn’t quite figure it out at first. But what he saw was a bank in Moscow that kept irregularly pinging a server registered to the Trump Organization on Fifth Avenue.

More data was needed, so he began carefully keeping logs of the Trump server’s DNS activity. As he collected the logs, he would circulate them in periodic batches to colleagues in the cybersecurity world. Six of them began scrutinizing them for clues.
(more)

1 replies, 721 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 1 replies Author Time Post
Reply Was a Trump Server Communicating With Russia? - a group of computer scientists investigates (Original post)
Bill USA Nov 2016 OP
SunSeeker Nov 2016 #1

Response to Bill USA (Original post)

Wed Nov 2, 2016, 10:01 PM

1. EVERYONE should read this Slate article. nt

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread