WATCH | The controversy over President Trump's servers talking to Russia may have been an elaborate digital ruse.
A Russian bank has reported to U.S. authorities that mysterious communications resumed recently between one of its computers and an email server tied to President Trump’s business empire, and it has developed evidence the new activity may be the work of a hacker trying to create a political hoax, Circa has learned.
Alfa Bank is asking the U.S. Justice Department for help solving the mystery and pledged its full cooperation.
Alfa wants U.S. authorities to help unmask a computer inside the United States that it believes has been used to launch cyberattacks spoofing the appearance of a backdoor communication channel between Moscow and America’s 45th president, according to a source directly familiar with the bank’s request.
The bank believes "these malicious attacks are designed to create the false impression that Alfa Bank has a secretive relationship with the Trump Organization,” the source said, speaking on condition of anonymity.
Alfa Bank has insisted since media stories began appearing last fall about the computer communications -- known as Domain Name Server lookups -- that it has never had a relationship to Trump or any of his companies and that any computer connections between the two parties’ computers were innocuous. The resumption of the computer pings started last month, and Alfa’s cybersecurity experts traced evidence that the activity was actually being spoofed -- or hacked --through a third party from a masked computer address inside the United States, the source said.
Like a return address
The attacks attempted to trigger verification signals between Alfa Bank and a server associated with the Trump Organization, the source said.
The source said the spoofing attempt is equivalent to someone in the U.S. sending an empty envelope to the Trump Towers but putting on the envelope a return address in Russia, causing the Trump server to falsely return the communication back to Moscow.
The source cautioned it does not yet have evidence that the same activity occurred between last May through September, causing the generation of the first server pings that computer scientists reported last fall might be evidence of secret communications between Trump and Russia.
Alfa’s working hypothesis about those earlier connections had been routine computer communications caused when an email server responds to commercial spam mail. The new evidence may lead to a re-evaluation of that conclusion, the source said.
No evidence of a nefarious relationship
The computer scientists’ allegations last fall became so widespread -- eventually appearing in media reports from Slate, CNN and The New York Times -- that the FBI briefly investigated them. Agents concluded there was no evidence from the pings of a nefarious relationship, and that they probably were the result of routine computer behavior.
Circa reported Tuesday that one of the scientists who raised media concerns about the Trump-Russia connections was L. Jean Camp, an Indiana University researcher who made 22 donations totaling more than $1,500 to Hillary Clinton last year. She told Circa that her political donations had no bearing on her concerns about the data gathered by a loose group of colleagues who legitimately believed the connections should be investigated.
Alfa cooperating with Justice
Alfa still hasn’t determined how the computer scientists gained access to the computer logs last year but hopes its cooperation with the Justice Department may identify the source of the current computer activity, as well as create a more complete picture of what may have caused the similar computer connections last year, the source said.
The source said the first cyberattack detected by Alfa this year occurred on Feb. 18 from an unidentified third party connected to a U.S. internet provider that sent out suspicious DNS queries from servers in the U.S. to a Trump Organization server. The unidentified individual or individuals made it look as though these queries originated from variants of MOSCow.ALFAintRa.nET. As a result, the DNS responses from the Trump server were returned incorrectly to Alfa Bank’s server, which triggered Alfa Bank’s automated security.
Soon after, news media reports began making new inquiries to Alfa Bank about the old allegations from last fall. Similar new spoofing attacks were detected again on March 11 and 13, the source said.