Experts: Trump Organization may have used private server to communicate with Russian bank

On the hunt for malware, a group of computer scientists say they stumbled upon a server registered to the Trump Organization in Manhattan that they believe secretly communicated almost exclusively with a bank in Moscow.

After it was reported that Russian hackers had gained access to the Democratic National Committee's servers, the computer scientists decided to look into whether other servers were also hit. "We wanted to preserve the integrity of the election," one participant, who asked to remain anonymous because of his line of work, told Slate. In July, a computer scientist with specialized knowledge of the domain name system (DNS) found what appeared to be malware coming from Russia, with "Trump" in its destination domain. After keeping track of the Trump server's DNS activity, he realized the server was communicating during office hours in New York with two servers registered to Alfa Bank in Moscow.

The computer scientists shared what they learned with Christopher Davis, a cybersecurity expert, who said the Trump server "looked weird, and it didn't pass the sniff test." After digging through logs, they found that the server was first registered in 2009 and set up to run consumer marketing campaigns, but now was only able to accept incoming communication from just a few IP addresses, with 87 percent of the DNS lookups involving the Alfa Bank servers. After looking at the logs, DNS code expert Paul Vixie concluded that "the parties were communicating in a secretive fashion," he told Slate. "The operative word is secretive. This is more akin to what criminal syndicates do if they are putting together a project."

The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE

Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

The New York Times soon learned about this, and started working on a story; after contacting Alfa Bank, but before notifying the Trump campaign, the Trump domain name stopped working. Four days later, the Trump Organization created a new host name, and the only lookups came from Alfa Bank, Slate reports; once the Times asked the Trump campaign for comment, traffic between the servers stopped. Alfa Bank's Washington representative told Slate the bank and its principles "have never had any contact with Mr. Trump or his organizations" and there is no "special or exclusive internet connection with Mr. Trump or his entities." The Trump campaign also told Slate the Trump Organization "has no communication or relationship with this entity or any Russian entity." Read Franklin Foer's entire exploration into the mysterious servers at Slate.