Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
Was a Trump Server Communicating With Russia? - a group of computer scientists investigates
http://www.slate.com/articles/news_and_politics/cover_story/2016/10/was_a_server_registered_to_the_trump_organization_communicating_with_russia.htmlIn late spring, this community of malware hunters placed itself in a high state of alarm. Word arrived that Russian hackers had infiltrated the servers of the Democratic National Committee, an attack persuasively detailed by the respected cybersecurity firm CrowdStrike. The computer scientists posited a logical hypothesis, which they set out to rigorously test: If the Russians were worming their way into the DNC, they might very well be attacking other entities central to the presidential campaign, including Donald Trumps many servers. We wanted to help defend both campaigns, because we wanted to preserve the integrity of the election, says one of the academics, who works at a university that asked him not to speak with reporters because of the sensitive nature of his work.
Hunting for malware requires highly specialized knowledge of the intricacies of the domain name systemthe protocol that allows us to type email addresses and website names to initiate communication. DNS enables our words to set in motion a chain of connections between servers, which in turn delivers the results we desire. Before a mail server can deliver a message to another mail server, it has to look up its IP address using the DNS. Computer scientists have built a set of massive DNS databases, which provide fragmentary histories of communications flows, in part to create an archive of malware: a kind of catalog of the tricks bad actors have tried to pull, which often involve masquerading as legitimate actors. These databases can give a useful, though far from comprehensive, snapshot of traffic across the internet. Some of the most trusted DNS specialistsan elite group of malware hunters, who work for private contractorshave access to nearly comprehensive logs of communication between servers. They work in close concert with internet service providers, the networks through which most of us connect to the internet, and the ones that are most vulnerable to massive attacks. To extend the traffic metaphor, these scientists have cameras posted on the internets stoplights and overpasses. They are entrusted with something close to a complete record of all the servers of the world connecting with one another.
In late July, one of these scientistswho asked to be referred to as Tea Leaves, a pseudonym that would protect his relationship with the networks and banks that employ him to sift their datafound what looked like malware emanating from Russia. The destination domain had Trump in its name, which of course attracted Tea Leaves attention. But his discovery of the data was pure happenstancea surprising needle in a large haystack of DNS lookups on his screen. I have an outlier here that connects to Russia in a strange way, he wrote in his notes. He couldnt quite figure it out at first. But what he saw was a bank in Moscow that kept irregularly pinging a server registered to the Trump Organization on Fifth Avenue.
More data was needed, so he began carefully keeping logs of the Trump servers DNS activity. As he collected the logs, he would circulate them in periodic batches to colleagues in the cybersecurity world. Six of them began scrutinizing them for clues.
(more)
Hunting for malware requires highly specialized knowledge of the intricacies of the domain name systemthe protocol that allows us to type email addresses and website names to initiate communication. DNS enables our words to set in motion a chain of connections between servers, which in turn delivers the results we desire. Before a mail server can deliver a message to another mail server, it has to look up its IP address using the DNS. Computer scientists have built a set of massive DNS databases, which provide fragmentary histories of communications flows, in part to create an archive of malware: a kind of catalog of the tricks bad actors have tried to pull, which often involve masquerading as legitimate actors. These databases can give a useful, though far from comprehensive, snapshot of traffic across the internet. Some of the most trusted DNS specialistsan elite group of malware hunters, who work for private contractorshave access to nearly comprehensive logs of communication between servers. They work in close concert with internet service providers, the networks through which most of us connect to the internet, and the ones that are most vulnerable to massive attacks. To extend the traffic metaphor, these scientists have cameras posted on the internets stoplights and overpasses. They are entrusted with something close to a complete record of all the servers of the world connecting with one another.
In late July, one of these scientistswho asked to be referred to as Tea Leaves, a pseudonym that would protect his relationship with the networks and banks that employ him to sift their datafound what looked like malware emanating from Russia. The destination domain had Trump in its name, which of course attracted Tea Leaves attention. But his discovery of the data was pure happenstancea surprising needle in a large haystack of DNS lookups on his screen. I have an outlier here that connects to Russia in a strange way, he wrote in his notes. He couldnt quite figure it out at first. But what he saw was a bank in Moscow that kept irregularly pinging a server registered to the Trump Organization on Fifth Avenue.
More data was needed, so he began carefully keeping logs of the Trump servers DNS activity. As he collected the logs, he would circulate them in periodic batches to colleagues in the cybersecurity world. Six of them began scrutinizing them for clues.
(more)
InfoView thread info, including edit history
TrashPut this thread in your Trash Can (My DU » Trash Can)
BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks)
1 replies, 786 views
ShareGet links to this post and/or share on social media
AlertAlert this post for a rule violation
PowersThere are no powers you can use on this post
EditCannot edit other people's posts
ReplyReply to this post
EditCannot edit other people's posts
Rec (8)
ReplyReply to this post
1 replies
= new reply since forum marked as read
Highlight:
NoneDon't highlight anything
5 newestHighlight 5 most recent replies
Was a Trump Server Communicating With Russia? - a group of computer scientists investigates (Original Post)
Bill USA
Nov 2016
OP
SunSeeker
(51,559 posts)1. EVERYONE should read this Slate article. nt