Experts question if Trump servers shared info with Russian bank

A handful of computer scientists and DNS experts discovered that over the course of four months this year, a Trump Organization server irregularly pinged two servers belonging to the prominent Russian entity Alfa Bank, according to Slate. As former New Republic editor Franklin Foer reports, it is not clear what type of communication passed among the servers, whether emails or spam, but multiple experts agreed that the messages were sent in patterns consistent with human input.

"The parties were communicating in a secretive fashion," DNS authority Paul Vixie told Slate. "The operative word is 'secretive.' This is more akin to what criminal syndicates do if they are putting together a project."

This isn't a cut-and-dry situation. Foer sets the scene in the following manner: The first server was registered to the Trump Organization in 2009 to send out mass emails and other marketing materials for Trump-branded products. Cybersecurity experts investigating the hack of the Democratic National Committee earlier this year started tracking the server when one researcher spotted what appeared to be malware traveling from Russia to a domain with Trump in its name. At this point, the server was no longer used for marketing campaigns. In fact, it handled an oddly tiny amount of traffic.

What's more, the researchers received error messages when they attempted to ping the Trump-Email.com server. They concluded that it was established to accept messages from a small number of IP addresses, and 87 percent of the DNS lookups involved the Alfa Bank servers, Slate reports.

When researchers plotted the log data on a timeline, they found that it spiked during hot moments of the US presidential election. DNS lookups jumped during the Democratic and Republican national conventions, for example.

Nine experts who reviewed the server logs for Slate said that the data would be nearly impossible to fake, since it included thousands of records with nuances too advanced for even skilled programmers to reproduce.

Foer's report continues as follows: The Trump-Email.com domain stopped functioning on September 23rd, shortly after The New York Times reached out to Alfa Bank about the situation. On September 27th, the Trump Organization established a new host name, trump1.contact-client.com, which communicated with that very same server through a new route. The first attempt to look up the new host name came from Alfa Bank. The only way Alfa Bank could have learned the new host name would be through direct contact with whoever changed it, experts said.

"That party had to have some kind of outbound message through SMS, phone, or some non-internet channel they used to communicate [the new configuration]," Vixie told Slate.

In a statement sent to Slate, Alfa Bank denied that it had ever been in contact with the Trump campaign, via these servers or otherwise. The Trump campaign provided Slate the following response:

The Trump spokesperson did not respond to Slate's follow-up questions about the new host name or its finding that the server handled only "regular" DNS traffic (which is usually email traffic), rather than email traffic specifically. Foer emphasizes that his report does not equate a smoking gun, but rather "a suggestive body of evidence that doesn't absolutely preclude alternative explanations."

In early October, the US intelligence community concluded that top Russian officials directed the hacks of the DNC and other US political organizations, and other evidence points to Russia's involvement in the cyberattacks on Gen. Colin Powell and Hillary Clinton campaign manager John Podesta.

Update: The New York Times' sources say that "none" of the investigations thus far have turned up any evidence of a link between Trump and the Russian government.