Clinton Plugs Another Weak Story About Trump’s Ties to Putin
With the polls tightening, and the unexpected announcement that the Federal Bureau of Investigation is still looking into her e-mails, it was perhaps inevitable that Hillary Clinton would strike out at Donald Trump by raising his alleged connection with President Vladimir Putin of Russia. But her latest attack has little basis in fact.
On Oct. 31, Slate published a story by Franklin Foer, suggesting that the Trump Organization maintained a server whose purpose was to communicate with two servers at Alfa Bank, a financial institution in Moscow. The story described Alfa as a possible Kremlin front and cited a “Union of Concerned Nerds” -- anonymous techies who obtained the Trump-registered server’s logs -- along with one of the biggest names in tech, Paul Vixie, a founder of the internet, who looked at the logs and concluded something “secretive” was going on. It made much of the Trump Organization allegedly renaming the server after a New York Times reporter started asking questions (like Foer, he had been tipped off by the Concerned Nerds’ Reddit posts) and said Alfa was the first to communicate with it after the renaming.
Clinton tweeted the article and suggested Trump was a Russian stooge. She also implicitly criticized FBI Director James Comey, who broke with tradition by mentioning new findings regarding her e-mails a little more than a week before the presidential election. Shouldn’t he be asking questions about Trump’s Moscow connection, as Senate Minority Leader Harry Reid, a Clinton ally, recently suggested?
Clinton followed up with two more tweets about Trump’s “ties and connections to Russia.”
What the Foer story lacked, however, was the most obvious explanation of the “suspicious” communication between the Trump and Alfa servers. It also failed to ask some important questions about the data upon which it was based.
Foer’s piece links to the registration record for the trump-email.com domain, which the server hosted. It names the Trump Organization as the registrant, but a different company -- Cendyn, of Boca Raton, Florida -- as the domain’s administrator. This means Trump owned, but didn’t run, trump-email.com; Cendyn did. Cendyn is a company that promotes hotels. As Rob Graham, a well-known hacker specializing in "offensive security," noted on the blog of his company, Errata Security, Cendyn had a number of similar domains for other clients in the same internet address range. The Cendyn servers send promotional e-mails, otherwise known as spam. Foer’s story mentioned that another organization that interacted with trump-email.com, Michigan-based Spectrum Health, investigated the matter and found "a small number of incoming spam marketing e-mails" about Trump hotels that had originated from Cendyn.
So if the Trump server was sending out bulk e-mails, why were Alfa Bank and Spectrum Health sending something in response? Naadir Jeewa, a London-based IT consultant, has a credible explanation: Alfa Bank’s corporate e-mail servers were set up to check if the servers that sent mail were what they pretended to be. Such measures are meant to cut off spammers masquerading as legitimate organizations. To determine legitimacy, the domain name in the sender’s address needs to match the server address -- a set of numbers separated by periods -- recorded for that domain. Otherwise the system will reject the message. Jeewa tried to impersonate trump-email.com, but the Alfa Bank system refused his message.
Because of the way this validation procedure was set up at Alfa --suboptimally, in Jeewa’s opinion -- its servers showed up in the trump-email.com logs.
If this is what happened, it’s clear why Alfa was on the logs again after the server’s name changed (in line with other Cendyn client servers’ names). After it was renamed, it kept sending the bulk e-mails.
Another troubling aspect of the Foer article is that it’s doubtful the server logs could be legally obtained. Alexey Gubarev, chief executive officer of Luxembourg-registered XBT Holding, which owns the infrastructure-as-a-service provider Servers.com, told me there was no legitimate way to get access to the full logs of a server that you do not control. That raises the question of whether the records obtained by Foer’s "Concerned Nerds" were complete.
I asked Dyn, the New Hampshire-based infrastructure company that has access to such logs, if it could confirm that the Trump server only communicated with Alfa Bank and, less frequently, with Spectrum Health. Adam Coughlin, the company’s spokesman, declined to comment “given the political nature of the story.” Graham wrote on his blog, though, that other security researchers had told him they’d seen domain name lookups for the trump-email.com domain from other parts of the world.
It’s hard to imagine Trump would use a spam server run by a third-party company that provides the same service to competing hotel chains for secret communications with Putin’s agents. No matter how suspicious that traffic could look on the surface -- if you didn’t know what Cendyn was doing -- it’s probably just junk passing back and forth across the internet.
There is no evidence of a conspiracy. According to an article that appeared in The New York Times on Tuesday, FBI agents looked at the logs and didn’t see anything they could latch on to: An innocuous explanation involving marketing e-mails was entirely plausible.
Clinton is straining to link Trump to Putin when no solid link has been found after months of digging by reporters and federal agents.
Perhaps it’s time for her to desist. Unsubstantiated accusations detract from Clinton’s credibility and demonstrate bad judgment.
It may be convenient to put all villains in one basket of deplorables, but Putin and Trump belong in different ones.
This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.
To contact the author of this story:
Leonid Bershidsky at firstname.lastname@example.org
To contact the editor responsible for this story:
Max Berley at email@example.com