In a rather long winded article the Slate spoke to a security expert who stumbled across a bank in Moscow that kept irregularly pinging a server registered to the Trump Organisation on Fifth Avenue.
The expert kept logs of the Trump server’s DNS activity and circulatated to his mates in the cybersecurity world to see if they yielded any clues.
Initially they thought it was a malware attack on Trump, but the pattern seemed to fitted human conversation better. The chats seem to begin during office hours in New York and continued during office hours in Moscow.
The researchers worked out that this wasn’t an attack, but a sustained relationship between a server registered to the Trump Organization and two servers registered to an entity called Alfa Bank.
Trump’s server had been somewhat strangely configured and, although it was high powered, handled a tiny load of traffic.
When the researchers pinged the server, they received error messages. They concluded that the server was set to accept only incoming communication from a small handful of IP addresses. Some of the logs showed communication with a server belonging to Michigan-based Spectrum Health, but the company said that they had not conducted any communications with either Trump or Alfa Bank.
The security experts noticed that conversation between the Trump and Alfa servers appeared to follow the contours of political happenings in the United States. “At election-related moments, the traffic peaked,” according to Camp. There were considerably more DNS lookups, for instance, during the two conventions.
They passed their notes to DNS expert Paul Vixie, who concluded that the parties were communicating in a secretive fashion using a method like criminal syndicates do if they are putting together a project. In other words, this was a digital hotline connecting the two entities, shutting out the rest of the world, and designed to obscure its own existence.
Alfa Bank is run by a Ukrainian called Mikhail Fridman who is Russia’s second richest bloke and a friend of Putin. He has never been associated with dirty deeds and has a history as being philanthropist.
When the team contacted the bank in Russia, the New York server was suddenly shut down. The bank denied any connection to Trump.
Four days later, on 27 September, the Trump Organisation created a new host name, trump1.contact-client.com, which enabled communication to the very same server via a different route.
Yet the official statement from Trump was that the email server had been set up for marketing purposes and operated by a third-party, has not been used since 2010.
“The current traffic on the server from Alphabank’s [sic] IP address is regular DNS server traffic—not email traffic. To be clear, The Trump Organization is not sending or receiving any communications from this email server. The Trump Organization has no communication or relationship with this entity or any Russian entity.”