• United States




Is it real? The Trump-Russia server connection

News Analysis
Nov 01, 20163 mins
Data and Information SecurityGovernmentSecurity

A recent report suggests a link between a server maintained by Trump's organization and another by Russia's Alfa Bank

Does the Trump organization have a private internet connection with Russia? That’s what a long, detailed article from Slate is asking.

Here’s the story in a nutshell: The Russian-owned Alfa Bank appears to have had a private connection to a Trump server. The server in question was registered as belonging to the domain. It has a history of sending Trump-branded marketing emails, but in the recent past appeared to have been communicating only with a Russian server registered to Alfa Bank. The Alfa server seems to have regularly communicated with the Trump server, yet other connection attempts from other servers seem to be blocked (likely indicating that the servers only accept connections from each other or a limited list of servers).

When the media started to investigate and asked the Russian organization about the domain name and server, the Trump server, after years of existing in the same place, suddenly changed names and domain names. The first server to reconnect to the Trump server with its new name? The Russian server that had previously connected to it. After the media inquired about the second, newer connection, the Trump server was taken down.

Much of the data and analysis has been shared publicly. I checked it out as much as I could and I agree with experts already quoted in the Slate article: There’s no definitive proof, but it’s highly likely there was a formal connection. The biggest smoking gun, in my opinion, is the timing of the domain name change and the automatic reconnection to the new name after the server had been moved. That suggests a formal, established, private connection.

This is not my opinion alone. The Slate article quotes internet pioneer Paul Vixie, who after examining the logs concluded that the two parties were communicating in a “secretive” fashion.

Slate reported that both involved entities deny any connection to the other, other than what must be either innocent, random spam or regular DNS traffic. This answer is even more confusing — and likely wrong. If the data is correct and the Russian server reconnected to the Trump server with its new name and domain, it doesn’t seem like either spam or DNS traffic. It’s the opposite of random.

Alfa Bank has purportedly hired the trusted industry firm Mandiant to investigate the matter (the founder of Mandiant, along with several other early employees, came from Foundstone, where I used to work). I’d trust what Mandiant says, but in response to a Slate request, Mandiant said it was unable to comment until the investigation was complete.

If I were Alfa Bank or Trump enterprises, and there was nothing illegal or unethical going on, I would release a detailed forensic analysis for both servers. We have enough data outside of their control to confirm or contradict the findings. It would be difficult for anyone to fake a full forensic analysis that agreed with publicly available data.

In the end, even if there was a dedicated private connection between Trump and Russia, who knows what it was about? It could be anything. It could be regular business or marketing emails without a hint of illegal or unethical behavior. But without either side being more forthcoming, we can’t know. FBI criminal investigations have been approved with less evidence.


Roger A. Grimes is a contributing editor. Roger holds more than 40 computer certifications and has authored ten books on computer security. He has been fighting malware and malicious hackers since 1987, beginning with disassembling early DOS viruses. He specializes in protecting host computers from hackers and malware, and consults to companies from the Fortune 100 to small businesses. A frequent industry speaker and educator, Roger currently works for KnowBe4 as the Data-Driven Defense Evangelist and is the author of Cryptography Apocalypse.

More from this author