05-14-2019 01:57:15 PM -0400
05-09-2019 05:01:30 PM -0400
05-09-2019 01:41:48 PM -0400
04-18-2019 10:46:35 AM -0400
04-18-2019 10:18:40 AM -0400
It looks like you've previously blocked notifications. If you'd like to receive them, please update your browser permissions.
Desktop Notifications are  | 
Get instant alerts on your desktop.
Turn on desktop notifications?
Remind me later.


The Trump 'Secret Server' Hoax Was a Subplot of the DNC Spygate Strategy to Foment the Russia Collusion Conspiracy

President Donald Trump speaks during a cabinet meeting at the White House.

The “secret Trump-Alfa Bank servers communication” is a piece of Spygate that demonstrates the mechanics of the operation. It also shows that the Steele report was purely a product of Fusion GPS, manufactured to support and/or exploit DNC public messaging and FBI/CIA operations against the Trump campaign. No intelligence collection was involved in the “Steele dossier” preparation.

This hoax was executed by DNC contractors — the Perkins Coie law firm and Fusion GPS (with the aid of the DNC loyalists in the FBI) between August and October of 2016. Somebody connected to the DNC and/or Fusion GPS produced an “oppo research” report alleging that Trump was communicating with “Putin-tied Alfa Bank” through a secret server with the DNS logs purportedly confirming that.

The claims are obvious nonsense, both the technical part and the legend of the non-partisan origin of the “research.” But Fusion GPS injected purported evidence (alleged “Alpha” Bank-Putin connections) into the Steele report, which was widely disseminated within the intelligence community and the media. Purported “DNS logs” evidence was injected by Perkins Coie directly into the FBI, and by Fusion GPS into the media. The FBI investigated these “leads” and leaked that information. The media reported what Fusion GPS pitched, although many expressed skepticism about it. But that was enough to create an echo chamber.

The DNS Logs

Amongst all the hoaxes created and promoted by the DNC and its contractors (Fusion GPS, CrowdStrike, and Perkins Coie), the “Trump server talking to Alfa Bank server” is the most obviously absurd one. It was so absurd that even the Washington Post rejected it. Nevertheless, the FBI investigated and refused to call it out as a hoax, and probably used it as a pretext to wiretap Trump Tower. Mueller also used this hoax and its accompanying fake oppo research, mentioning the family of Secretary of Education Betsy DeVos to harass her brother, Erik Prince.

The hoax narrative, as pushed by Franklin Foer in Slate (2016-10-31), is as follows: A group of non-partisan computer experts (described by one of its members as “the Union of Concerned Nerds”) worried about elections integrity, reviewed some DNS logs, and found a pattern of communication between Alfa Bank and the Trump organization. They saw that 2,700 DNS lookups for mail1.trump-email.com were made from IP addresses owned by Alfa Bank over a period of about three months. After investigating, this group of experts arrived at the conclusion that this was a secret communication channel between Trump and Putin. This is BS, and is obvious to anybody familiar with computer networking or internet infrastructure. Allow me to explain why:

  • A DNS lookup is one of the most ordinary operations on the internet. It is performed every time a computer needs to connect to another computer known by name, for example, or when anti-spam software checks whether another computer name and IP address match. They can be performed by any computer for any reason, including misconfiguration. There is no cost to perform a DNS lookup. Even if there were millions of DNS lookups, it would not be a cause for concern.
  • DNS logs are not publicly available, and they are carefully protected by providers for security, privacy, and business confidentiality reasons. Thus, the logs presented by the self-described “concerned nerds” had been stolen, forged, or both. DNS logs are simple text files and can be easily manufactured or altered. Any decent researcher presented with such logs would first be concerned with their authenticity. Independent analysis suggests that the published DNS logs were forged or altered. The Intercept effectively confirmed that by reporting that it was given multiple versions of them. The published version has deleted the lookups from many IP addresses.
  • Like all businesses, Trump Hotels regularly send emails to their former, future, and prospective customers. Alfa Bank, one of the largest in Russia, has many employees, and it is not surprising that some of them are on the mailing lists of Trump Hotels. Each email is likely to trigger one or more host lookups.
  • Finally, there are plenty of ways for persons in the U.S. and Russia to communicate secretly and without a trace, such as the Tor network. Nobody needs to communicate through Alfa Bank or to leave traces in DNS logs. By the way, other allegations of “back channels” between Trump and Putin are fake for the same reason and sound like 1970s spy thrillers.

The only person who came out publicly as the face of the “union of concerned nerds,” Dr. Jean Camp, is a Clinton partisan and donor. Her Ph.D. is in engineering and public policy. She is a tenured professor at Indiana University, but nothing in her CV indicates any hands-on technical experience. She advertises herself as an information security expert on her unsecure website (http://www.ljean.comindicating professional incompetence. The vast majority of U.S. websites use https: (secure HTTP) rather than plain old unsecure http:.

The Steele Dossier

This hoax was a subplot of the broader DNC strategy to entangle Trump in the Russia collusion conspiracy theory. Like other subplots, it had multiple prongs:

  • Recruiting purported computer scientists who were willing to show purloined and/or forged DNS logs and were willing to claim “secret communication” between Alfa Bank and the Trump organization servers (August 2016 or earlier, according to Slate and the New York Times)
  • Creating a special Steele report entirely devoted to alleging close relations between Putin and Alfa (misspelled as Alpha) Bank. This report mentioned neither Trump nor any servers. The Steele reports were received by the FBI, CIA, ODNI, the “gang of eight,” journalists, etc.
  • Injecting allegations of “secret communication” between Alfa Bank and Trump servers into the FBI from the top: Michael Sussman of Perkins Coie gave papers and electronic media to James A. Baker (September 19), and the FBI started investigating as though they were evidence
  • Repeating those allegations in the meeting of Steele and Kathleen Kavalec of State Department (October 11)
  • Injecting those same allegations directly into the media (many attempts were made in October, but they succeeded only with Slate)

All these activities were performed secretly by DNC contractors. After that, the DNC/Hillary Clinton PR machine weighed in officially, and Hillary tweeted:

It's time for Trump to answer serious questions about his ties to Russia.

Four things you need to know about the Trump organization’s secret server to communicate with Russian Alfa Bank.

  • Donald Trump has a secret server. (Yes, Donald Trump.)
  • It was set up to communicate privately with a Putin-tied Russian bank called Alfa Bank.
  • When a reporter asked about it, they shut it down.
  • One week later, they created a new server with a different name for the same purpose.

(And her supporters wonder why people call her crooked.)

Notice that the allegations made by purported computer scientists and those made by Steele look independent, yet mutually reinforce each other. Steele (or whoever wrote the “Steele report”) even misspelled Alfa Bank as “Alpha Bank” like a native Russian speaker would have if he had never seen the name of the largest bank in Russia written in English. Fusion GPS created the Steele report’s echo chamber by injecting it into the FBI and the MSM from many directions. It is unbelievable that anybody performed such an elaborate intrigue in real life, and yet it almost succeeded.

Such complex plans usually don’t work in real life. For example, many MSM journalists were pitched that story. Any decent one would have raised an alarm when he or she heard that the FBI was investigating it as true allegations. None of them did. The FBI officials should have been asked why they investigated the Trump campaign based on the “evidence” from the DNC. I am not aware of anybody who did. Apparently, the MSM and the FBI headquarters were already so depraved as to allow any DNC plan to work.

Notice that the FBI, media outlets, and other parties likely received different versions of the DNS logs; it’s not clear whether Fusion GPS or Dr. Jean Camp and co. initiated the hoax.

Within a few days of the first publication in Slate, the hoax was debunked by cybersecurity expert Robert Graham (and again), MSM tech publication Engadget, The Intercept, and The Federalist.

Robert Graham:

According to this Slate article, Trump has a secret server for communicating with Russia. Even Hillary has piled onto this story. [Hillary’s tweet is removed] This is nonsense. The evidence available on the Internet is that Trump neither (directly) controls the domain "trump-email.com", nor has access to the server. Instead, the domain was setup and controlled by Cendyn, a company that does marketing/promotions for hotels, including many of Trump's hotels. Cendyn outsources the email portions of its campaigns to a company called Listrak, which actually owns/operates the physical server in a data center in Philadelphia. …

The following remarks are very useful in many other contexts:

But the article quotes several experts confirming the story, so how does that jibe with this blog post. The answer is that none of the experts confirmed the story. Read more carefully. None of the identified experts confirmed the story. Instead, the experts looked at pieces, and confirmed part of the story. (the first article)

The story claims:

"I spoke with many DNS experts. They found the evidence strongly suggestive of a relationship between the Trump Organization and the bank".

No, he didn't. He gave experts limited information and asked them whether it's consistent with a conspiracy theory. He didn't ask if it was "suggestive" of the conspiracy theory, or that this was the best theory that fit the data. (the second article)

From The Intercept, which spoke directly to the hoaxers:

The New York Times, the Washington Post, Reuters, the Daily Beast, and Vice all examined these materials to at least some extent and did not publish the claims. …

On Tea Leaves’ WordPress site, he claimed that “only two networks resolved the mail1.trump-email.com host.” This is contradicted by the very works of analysis furnished by Tea Leaves’ collaborators: The author of the white paper found that at least 19 IP addresses, all belonging to different networks except for the two that belong to Alfa Bank, had looked up Trump’s server.

The white paper included DNS look-up data, but not nearly enough to reproduce the results. Rather than the 19 IP addresses we expected to see, the data only included three, and the DNS look-ups were not for the same time period that the paper described. …

How can they be sure that the majority of DNS look-ups for Trump’s email server originated from Alfa Bank, when much of the data they collected didn’t even include DNS look-ups from IPs described in their own paper?

That didn’t prevent the Fake News from resurrecting and running this hoax later – behavior all too familiar. It repeated with other parts of the Russian collusion hoax, the climate change hoax, and all other strong agendas of the far left.