- In 2016, researchers found unexplained connections between a Trump Organization server and the Russian Alfa Bank.
- Special Counsel John Durham indicated a lawyer last month, accusing him of lying about the story’s origins.
- Several investigations have produced different explanations for the server connections, but they remain unresolved.
- See more stories on Insider’s business page.
In September, the Justice Department brought an indictment against a cybersecurity lawyer with connections to the Democratic Party, accusing him of lying to the FBI in 2016 when he peddled a story about how the Trump Organization had hidden connections with a Russian bank.
The charges came from an investigation led by John Durham, who former Attorney General Bill Barr had appointed to investigate the origins of the FBI investigation into former President Donald Trump’s ties to Russia.
As president, Trump hoped that Durham would “go after” former FBI Director James Comey, Deputy Director Andrew McCabe, and others he blamed for the Mueller probe. For vague reasons, he also wanted Durham to investigate former President Barack Obama and now-President Joe Biden, his opponent in the 2020 presidential election. Barr appointed Durham as special counsel, ensuring that the investigation would continue after Biden took office.
The recent indictment gave oxygen to Trump supporters who saw the Mueller investigation as a “witch hunt,” but legal experts are skeptical about the charges.
The indictment also fails to resolve one of the lingering mysteries from the 2016 election, first laid out in a Slate article: Why was there a digital connection between a Trump Organization server and a Russian bank in the first place?
Mysterious connections between ‘mail1.trump-email.com’ and a Russian bank
In 2016, cybersecurity researchers at Georgia Tech and the information security firms Neustar and Zetalytics made an unusual finding.
They found that between May and July 2016, a server belonging to the Trump Organization had been communicating almost exclusively with a server belonging to the medical company Spectrum Health, as well as two servers belonging to Alfa Bank, the largest financial institution in Russia.
The researchers – who The New York Times has identified as Zetalytic chief data scientist April Lorenzen and Georgia Tech computer scientists Manos Antonakakis and David Dagon – made their findings by studying DNS (Domain Name System) logs, which records device connections over the internet. The logs included a server with the name “mail1.trump-email.com,” which had been registered to the Trump Organization.
The researchers also found that a Russian-made smartphone seldom seen in the US had been used on networks that had also been used by people at the White House and Trump Tower, according to the Times.
The group shared their findings with Rodney Joffe, who was an executive at Neustar, an information security firm that provided the DNS logs the researchers used. Joffe is a cybersecurity expert in his own right, having worked for the Justice Department for 12 years and received an award from the FBI in 2013 for helping crack cybercrimes.
None of the data allowed for researchers to see the actual contents of the communications between the purported Trump Organization server and the server belonging to Alfa Bank. So Joffe gave the information about the mysterious connections to his lawyer, Michael A. Sussman, who shared them with the FBI.
Three possible explanations for the mysterious connections
Durham’s indictment claims Sussman misled the FBI about his clients, saying he represented not just Joffe but also Hillary Clinton’s 2016 presidential campaign.
Sussman had represented the Democratic National Committee in 2016 for issues related to Russia’s hacking of its servers. The Durham indictment says Sussman billed the Clinton campaign, not Joffe, for his discussions regarding the mysterious server connections.
But the indictment does not deny that those connections existed. And while the Mueller report found numerous links between Trump associates and Russian officials, there remains no definitive explanation of the server communications.
Over the past four years, cybersecurity researchers and government investigations have settled on several theories for the links:
- The Trump Organization and Alfa Bank had secret communications and took steps to obfuscate them. The group of researchers who uncovered the connections in the first place put forward this hypothesis.
- The communications were initiated by Hospitality Marketing, a third-party email marketing firm used by the Trump Organization to send mass marketing emails for its hotels. According to a Senate Intelligence Committee report, Jae Cho, the Trump Organization’s corporate IT director, as well as Alfa Bank gave this explanation. But there are a few wrinkles:
- The Senate report partially redacts the section discussing its findings regarding the server links, so we don’t have a full understanding of its conclusion.
- The FBI settled on a similar explanation, according to a 2016 New York Times article, but later Justice Department investigations didn’t embrace the finding.
- A 500-page 2019 Justice Department Inspector General report that said the FBI found no cyber links between the Trump Organization and Alfa Bank but did not put forth the marketing email explanation.
- The Mueller investigation found that Alfa Bank officials with links to the Russian government had sought connections with Trump, but the investigation’s report did not address the server issue.
- There “was likely human interaction and coordination” between people working for the Trump Organization and Alfa Bank. This was the finding of a separate Senate analysis, commissioned by the Armed Services Committee.
- According to the analysis, the Trump Organization-registered server wasn’t configured to send mass emails. It had actually been configured to receive emails, unlike most marketing servers, and had internet activity that wasn’t consistent with what would be expected from marketing emails, the analysis found.
- While the report found that Choe’s explanation didn’t entirely stand up, it didn’t put forth a comprehensive alternative explanation.
Joffe also provided the researchers’ findings about the Russian-made smartphone to the CIA, according to the New York Times. It’s not clear whether the agency ever investigated those findings.
Durham may be using the indictment to tell a story
The indictment Durham filed in September spends pages and pages alleging an alternative history for how the Trump Organization-Alfa Bank story came to be.
It’s what Lawfare’s Benjamin Wittes refers to as a “speaking indictment” used by prosecutors to tell a larger story to the public. And according to the story set forth in Durham’s indictment, the kerfuffle about Trump Organization’s server’s connections with Alfa Bank were advanced by the Clinton campaign, not independent researchers.
Will this “speaking indictment” actually result in a conviction against Sussman? Legal experts told Insider’s C. Ryan Barber that Durham will have a tough time. The indictment names only one witness, who has given different characterizations of Sussman’s role over time. Sussman has pleaded not guilty to the charges against him.
“The cynic in me says they don’t care if they lose, they just want all this backstory to get out there. They don’t care about Sussmann,” Barbara McQuade, a former US attorney, told Insider. “What they really want is to get this whole backstory to get out about how these tech experts were trying to poison public opinion about Donald Trump and his ties to a Russian bank.”
The researchers who first observed the connections between the servers still apparently believe in their hypothesis that Alfa Bank and the Trump Organization may had covered up communications between them.
“The findings of the researchers were true then and remain true today; reports that these findings were innocuous or a hoax are simply wrong,” lawyers for Dagon told the Times.
Powered by WPeMatico