Sunday, October 01, 2017

Trump's Russian Infiltrators Manipulated YouTube Too

>


I'm not a big Facebook user so I wasn't that aware of what the Kremlin campaign to elect Trump was up to there. I do use Twitter a lot and I was experiencing Putin's bots all during 2016-- and 2017. No one talks about how those bots were able to bury access to anti-Trump YouTubes by flooding YouTube's pages with their own propaganda, in effect hiding the videos people were looking for about the election. I hope someone tells Congress about that too. Meanwhile, though, Congress' look into Russian use of Twitter to spread Trumpist messaging is crawling along. "Twitter said Thursday that it had shut down 201 accounts that were tied to the same Russian operatives who posted thousands of political ads on Facebook, but the effort frustrated lawmakers who said the problem is far broader than the company appeared to know. The company said it also found three accounts from the news site RT-- which Twitter linked to the Kremlin-- that spent $274,100 in ads on its platform in 2016."
Despite the disclosures, Sen. Mark R. Warner (D-Va.) questioned whether the company is doing enough to stop Russian operatives from using its platform to spread disinformation and division in U.S. society.

Warner said Twitter’s presentation to a closed-door meeting of Senate Intelligence Committee staffers Thursday morning was “deeply disappointing” and “inadequate on almost every level.” Twitter also made a presentation to House Intelligence Committee staffers in the afternoon.

The company “showed an enormous lack of understanding... about how serious this issue is, the threat it poses to democratic institutions,” a visibly frustrated Warner said.

The meetings between the company and congressional investigators were part of a widening government probe into how Russian operatives used Facebook, Twitter, Google and other technology platforms to widen fissures in the United States and spread disinformation during the 2016 campaign. Those companies have come under increasing pressure from Capitol Hill to investigate Russian meddling and are facing the possibility of new regulations that could affect their massive advertising businesses.

The Washington Post reported this week that some of the 3,000 Facebook ads bought by Russian operatives promoted African American rights groups, including Black Lives Matter. Those ads were targeted at users in specific locations such as Ferguson, Mo., and Baltimore, two cities that have faced violent protests over police shootings of black men. Ads aimed at voters in other regions, meanwhile, suggested that the same groups posed a rising political threat.

Other ads featured Muslims supporting Democrat Hillary Clinton for president and were targeted at Facebook users who might fear Muslims.

Facebook, Google and Twitter are being summoned to a public hearing before the Senate Intelligence Committee on Nov. 1. The Twitter accounts, which were taken down over the past month, were associated with 470 accounts and pages that Facebook this month said came from the Internet Research Agency, a Russia-connected troll farm. Twitter said the groups on Facebook had 22 corresponding Twitter accounts. Twitter then found an additional 179 accounts linked to those 22.

But lawmakers and analysts criticized Twitter for appearing to have accepted and looked into only the data that it had received from Facebook, rather than conducting a broader internal investigation.

...Last week, Warner and Sen. Amy Klobuchar (D-MN) urged colleagues to support a bill that would create new transparency requirements for platforms that run political ads online, akin to those in place for television stations, according to a letter obtained by The Post. Lawmakers from across the political spectrum-- including Sen. Cory Booker (D-NJ) and Sen. Ted Cruz (R-TX)-- have called over the past few months for more scrutiny of the market power of technology companies.

Silicon Valley companies that are targets of the Russia investigation have privately complained that law enforcement and intelligence officials have not shared information with them that could help them catch bad actors.

...In many ways, Twitter has been the most vulnerable to exploitation among social media companies. The company officially says that 5 percent of accounts on Twitter are bots, but outside researchers say the number could be much higher.

It is easy to create fake accounts on Twitter, making it hard for the company to discern the extent of Russian meddling, analysts said.

“They have no idea who is on their platform. If it wasn’t for Facebook’s data, they would have no idea these were even Russian accounts,” said Clint Watts, senior fellow at the Foreign Policy Research Institute. “Anyone can create an account anonymously on Twitter and hide its origin.”


I think it was Franklin Foer, writing for Slate who persuaded me that Putin was, indeed, very actively trying to manipulate the 2016 election to make sure an incompetent and divisive imbecile would take over the American government. His somewhat technical and complicated questions about Putin communicating with the Trump campaign through Alpha Bank a week before the election got lost in the shuffle. They shouldn't have been. "This spring," he wrote, "a group of computer scientists set out to determine whether hackers were interfering with the Trump campaign. They found something they weren’t expecting."
In late spring, this community of malware hunters placed itself in a high state of alarm. Word arrived that Russian hackers had infiltrated the servers of the Democratic National Committee, an attack persuasively detailed by the respected cybersecurity firm CrowdStrike. The computer scientists posited a logical hypothesis, which they set out to rigorously test: If the Russians were worming their way into the DNC, they might very well be attacking other entities central to the presidential campaign, including Donald Trump’s many servers. “We wanted to help defend both campaigns, because we wanted to preserve the integrity of the election,” says one of the academics, who works at a university that asked him not to speak with reporters because of the sensitive nature of his work.

...In late July, one of these scientists-- who asked to be referred to as Tea Leaves, a pseudonym that would protect his relationship with the networks and banks that employ him to sift their data-- found what looked like malware emanating from Russia. The destination domain had Trump in its name, which of course attracted Tea Leaves’ attention. But his discovery of the data was pure happenstance-- a surprising needle in a large haystack of DNS lookups on his screen. “I have an outlier here that connects to Russia in a strange way,” he wrote in his notes. He couldn’t quite figure it out at first. But what he saw was a bank in Moscow that kept irregularly pinging a server registered to the Trump Organization on Fifth Avenue.

More data was needed, so he began carefully keeping logs of the Trump server’s DNS activity. As he collected the logs, he would circulate them in periodic batches to colleagues in the cybersecurity world. Six of them began scrutinizing them for clues.

The researchers quickly dismissed their initial fear that the logs represented a malware attack. The communication wasn’t the work of bots. The irregular pattern of server lookups actually resembled the pattern of human conversation-- conversations that began during office hours in New York and continued during office hours in Moscow. It dawned on the researchers that this wasn’t an attack, but a sustained relationship between a server registered to the Trump Organization and two servers registered to an entity called Alfa Bank.

The researchers had initially stumbled in their diagnosis because of the odd configuration of Trump’s server. “I’ve never seen a server set up like that,” says Christopher Davis, who runs the cybersecurity firm HYAS InfoSec Inc. and won a FBI Director Award for Excellence for his work tracking down the authors of one of the world’s nastiest botnet attacks. “It looked weird, and it didn’t pass the sniff test.” The server was first registered to Trump’s business in 2009 and was set up to run consumer marketing campaigns. It had a history of sending mass emails on behalf of Trump-branded properties and products. Researchers were ultimately convinced that the server indeed belonged to Trump. But now this capacious server handled a strangely small load of traffic, such a small load that it would be hard for a company to justify the expense and trouble it would take to maintain it. “I get more mail in a day than the server handled,” Davis says.

That wasn’t the only oddity. When the researchers pinged the server, they received error messages. They concluded that the server was set to accept only incoming communication from a very small handful of IP addresses. A small portion of the logs showed communication with a server belonging to Michigan-based Spectrum Health. (The company said in a statement: “Spectrum Health does not have a relationship with Alfa Bank or any of the Trump organizations. We have concluded a rigorous investigation with both our internal IT security specialists and expert cyber security firms. Our experts have conducted a detailed analysis of the alleged internet traffic and did not find any evidence that it included any actual communications-- no emails, chat, text, etc.-- between Spectrum Health and Alfa Bank or any of the Trump organizations. While we did find a small number of incoming spam marketing emails, they originated from a digital marketing company, Cendyn, advertising Trump Hotels.”)

Spectrum accounted for a relatively trivial portion of the traffic. Eighty-seven percent of the DNS lookups involved the two Alfa Bank servers. “It’s pretty clear that it’s not an open mail server,” Camp told me. “These organizations are communicating in a way designed to block other people out.”


Earlier this month, the group of computer scientists passed the logs to Paul Vixie. In the world of DNS experts, there’s no higher authority. Vixie wrote central strands of the DNS code that makes the internet work. After studying the logs, he concluded, “The parties were communicating in a secretive fashion. The operative word is secretive. This is more akin to what criminal syndicates do if they are putting together a project.” Put differently, the logs suggested that Trump and Alfa had configured something like a digital hotline connecting the two entities, shutting out the rest of the world, and designed to obscure its own existence. Over the summer, the scientists observed the communications trail from a distance.

While the researchers went about their work, the conventional wisdom about Russian interference in the campaign began to shift. There were reports that the Trump campaign had ordered the Republican Party to rewrite its platform position on Ukraine, maneuvering the GOP toward a policy preferred by Russia, though the Trump campaign denied having a hand in the change. Then Trump announced in an interview with the New York Times his unwillingness to spring to the defense of NATO allies in the face of a Russian invasion. Trump even invited Russian hackers to go hunting for Clinton’s emails, then passed the comment off as a joke.

In the face of accusations that he is somehow backed by Putin or in business with Russian investors, Trump has issued categorical statements. “I mean I have nothing to do with Russia,” he told one reporter, a flat denial that he repeated over and over. Of course, it’s possible that these statements are sincere and even correct. The sweeping nature of Trump’s claim, however, prodded the scientists to dig deeper. They were increasingly confident that they were observing data that contradicted Trump’s claims.

... The researchers were seeing patterns in the data-- and the Trump Organization’s potential interlocutor was itself suggestive. Alfa Bank emerged in the messy post-Soviet scramble to create a private Russian economy. Its founder was a Ukrainian called Mikhail Fridman. He erected his empire in a frenetic rush-- in a matter of years, he rose from operating a window washing company to the purchase of the Bolshevik Biscuit Factory to the co-founding of his bank with some friends from university. Fridman could be charmingly open when describing this era. In 2003, he told the Financial Times, “Of course we benefitted from events in the country over the past 10 years. Of course we understand that the distribution of state property was not very objective… I don’t want to lie and play this game. To say one can be completely clean and transparent is not realistic.”

To build out the bank, Fridman recruited a skilled economist and shrewd operator called Pyotr Aven. In the early ’90s, Aven worked with Vladimir Putin in the St. Petersburg government—and according to several accounts, helped Putin wiggle out of accusations of corruption that might have derailed his ascent. (Karen Dawisha recounts this history in her book Putin’s Kleptocracy.) Over time, Alfa built one of the world’s most lucrative enterprises. Fridman became the second richest man in Russia, valued by Forbes at $15.3 billion.

Alfa’s oligarchs occupied an unusual position in Putin’s firmament. They were insiders but not in the closest ring of power. “It’s like they were his judo pals,” one former U.S. government official who knows Fridman told me. “They were always worried about where they stood in the pecking order and always feared expropriation.” Fridman and Aven, however, are adept at staying close to power. As the U.S. District Court for the District of Columbia once ruled, in the course of dismissing a libel suit the bankers filed, “Aven and Fridman have assumed an unforeseen level of prominence and influence in the economic and political affairs of their nation.”

Unlike other Russian firms, Alfa has operated smoothly and effortlessly in the West. It has never been slapped with sanctions. Fridman and Aven have cultivated a reputation as beneficent philanthropists. They endowed a prestigious fellowship. The Woodrow Wilson International Center for Scholars, the American-government funded think tank, gave Aven its award for “Corporate Citizenship” in 2015. To protect its interests in Washington, Alfa hired as its lobbyist former Reagan administration official Ed Rogers. Richard Burt, who helped Trump write the speech in which he first laid out his foreign policy, previously served on Alfa’s senior advisory board.* The branding campaign has worked well. During the first Obama term, Fridman and Aven met with officials in the White House on two occasions, according to visitor logs.

Fridman and Aven have significant business interests to promote in the West. One of their holding companies, LetterOne, has vowed to invest as much as $3 billion in U.S. health care. This year, it sank $200 million into Uber. This is, of course, money that might otherwise be invested in Russia. According to a former U.S. official, Putin tolerates this condition because Alfa advances Russian interests. It promotes itself as an avatar of Russian prowess. “It’s our moral duty to become a global player, to prove a Russian can transform into an international businessman,” Fridman told the Financial Times.



Tea Leaves and his colleagues plotted the data from the logs on a timeline. What it illustrated was suggestive: The conversation between the Trump and Alfa servers appeared to follow the contours of political happenings in the United States. “At election-related moments, the traffic peaked,” according to Camp. There were considerably more DNS lookups, for instance, during the two conventions.

In September, the scientists tried to get the public to pay attention to their data. One of them posted a link to the logs in a Reddit thread. Around the same time, the New York Times’ Eric Lichtblau and Steven Lee Myers began chasing the story. (They are still pursuing it.) Lichtblau met with a Washington representative of Alfa Bank on Sept. 21, and the bank denied having any connection to Trump. (Lichtblau told me that Times policy prevents him from commenting on his reporting.)

The Times hadn’t yet been in touch with the Trump campaign-- Lichtblau spoke with the campaign a week later-- but shortly after it reached out to Alfa, the Trump domain name in question seemed to suddenly stop working. When the scientists looked up the host, the DNS server returned a fail message, evidence that it no longer functioned. Or as it is technically diagnosed, it had “SERVFAILed.” (On the timeline above, this is the moment at the end of the chronology when the traffic abruptly spikes, as servers frantically attempt to resend rejected messages.) The computer scientists believe there was one logical conclusion to be drawn: The Trump Organization shut down the server after Alfa was told that the Times might expose the connection. Weaver told me the Trump domain was “very sloppily removed.” Or as another of the researchers put it, it looked like “the knee was hit in Moscow, the leg kicked in New York.”

Four days later, on Sept. 27, the Trump Organization created a new host name, trump1.contact-client.com, which enabled communication to the very same server via a different route. When a new host name is created, the first communication with it is never random. To reach the server after the resetting of the host name, the sender of the first inbound mail has to first learn of the name somehow. It’s simply impossible to randomly reach a renamed server. “That party had to have some kind of outbound message through SMS, phone, or some noninternet channel they used to communicate [the new configuration],” Paul Vixie told me. The first attempt to look up the revised host name came from Alfa Bank. “If this was a public server, we would have seen other traces,” Vixie says. “The only look-ups came from this particular source.”

According to Vixie and others, the new host name may have represented an attempt to establish a new channel of communication. But media inquiries into the nature of Trump’s relationship with Alfa Bank, which suggested that their communications were being monitored, may have deterred the parties from using it. Soon after the New York Times began to ask questions, the traffic between the servers stopped cold.

Last week, I wrote to Alfa Bank asking if it could explain why its servers attempted to connect with the Trump Organization on such a regular basis. Its Washington representative, Jeffrey Birnbaum of the public relations firm BGR, provided me the following response:
Alfa hired Mandiant, one of the world's foremost cyber security experts, to investigate and it has found nothing to the allegations. I hope the below answers respond clearly to your questions. Neither Alfa Bank nor its principals, including Mikhail Fridman and Petr Aven, have or have had any contact with Mr. Trump or his organizations. Fridman and Aven have never met Mr. Trump nor have they or Alfa Bank had any business dealings with him. Neither Alfa nor its officers have sent Mr. Trump or his organizations any emails, information or money. Alfa Bank does not have and has never had any special or exclusive internet connection with Mr. Trump or his entities. The assertion of a special or private link is patently false.
...I posed the same basic questions to the Trump campaign. Trump spokeswoman Hope Hicks sent me this in response to my questions by email:
The email server, set up for marketing purposes and operated by a third-party, has not been used since 2010. The current traffic on the server from Alphabank's [sic] IP address is regular DNS server traffic-- not email traffic. To be clear, The Trump Organization is not sending or receiving any communications from this email server. The Trump Organization has no communication or relationship with this entity or any Russian entity.
I asked Hicks to explain what caused the Trump Organization to rename its host after the New York Times called Alfa. I also asked how the Trump Organization arrived at its judgment that there was no email traffic. (Furthermore, there’s no such thing as “regular” DNS server traffic, at least not according to the computer scientists I consulted. The very reason DNS exists is to enable email and other means of communication.) She never provided me with a response.

What the scientists amassed wasn’t a smoking gun. It’s a suggestive body of evidence that doesn’t absolutely preclude alternative explanations. But this evidence arrives in the broader context of the campaign and everything else that has come to light: The efforts of Donald Trump’s former campaign manager to bring Ukraine into Vladimir Putin’s orbit; the other Trump adviser whose communications with senior Russian officials have worried intelligence officials; the Russian hacking of the DNC and John Podesta’s email.

We don’t yet know what this server was for, but it deserves further explanation.

Labels: , , ,

1 Comments:

At 8:31 PM, Anonymous Anonymous said...

This is interesting. It is in addition to traffic that originated in servers associated or openly owned/operated by Russian hackers and oligarchs that sought to penetrate election and vote-counting servers in at least 7 states, all won by trump with numbers that were contra-indicated by exit polling and other means of sniff-testing them and all having web-based voting and/or counting.

But don't bother holding your breath over anyone being held accountable for any of it. If law enforcement does this, it will make the democraps unable to goon voting for THEIR purposes, like tilting the primaries in '16 toward the RIGHTFUL heir to their throne. And the doj is under sessions who ONLY cares about prosecuting drug offenses and nonwhites for whatever he can make up.

And voters will affirm all of this shit again... still... in '18.

Laws don't matter. Crimes are LEGAL when nobody enforces the law. Mnuchin is in the cabinet instead of prison because of this simple meme.

 

Post a Comment

<< Home