Spitfire List Web site and blog of anti-fascist researcher and radio personality Dave Emory.

For The Record  

FTR #573 Alfa Males—One Helluva Conspiracy Theory, Part II

Recorded October 15, 2006

Listen: MP3 Side 1   Side 2

Introduction: Continuing analysis of what British Prime Minister Tony Blair described as a “global network” behind the 9/11 attacks, this program details evidentiary tributaries between the powerful, well-connected and criminal Alfa consortium and people and institutions connected to the events of 9/11. A Russian company with what Mr. Emory describes as “more connections than a switchboard,” Alfa has links to Viktor Kozeny, the Carl Duisberg Gesellschaft and to powerful people and institutions connected to the Bush administration. Kozeny is alleged to have participated in an Alfa scheme to defraud numerous U.S. investors and companies and is also the man who employed Wolfgang Bohringer, one of 9/11 hijacker Mohamed Atta’s German associates in Florida. The Carl Duisberg Gesellschaft sponsored Mohamed Atta’s entrance into Germany and, perhaps, Florida. That same Carl Duisberg Gesellschaft also maintains a fellowship on behalf of Alfa Group. Alfa’s activities in the United States are aided and abetted by the powerful lobbying firm of Barbour, Griffith and Rogers, intimately connected to the administration of George W. Bush. Hans Bodmer and Pyotr Aven (two of Kozeny’s associates in a scheme to gain control of the state oil company of Azerbaijan) are also alleged to have worked with Kozeny and Alfa in the defrauding of IPOC. The global network to which Blair referred and that supported the 9/11 hijackers embodies a fusion of the underworld and the overworld. Engaged in drug trafficking on several continents, this network also operates in conjunction with powerful corporate entities in Europe, the Middle East, Latin America and the United States. FTR#’s 433, 530, 536, 570 supplement the information presented here and should be examined in order to gain a firmer understanding of this complex network. As Mr. Emory noted in the broadcast, “If this seems confusing, it is meant to be!”

Program Highlights Include: Links between the Alfa group and the royal family of Liechtenstein; links between the royal family of Liechtenstein and the milieu of 9/11; Haley Barbour (of Barbour, Griffith and Rogers) and his business connections with companies belonging to the business empire of former Nazi spy and apparent Al Qaeda financier Youssef Nada; the apparently illegal operations performed by GOP bigwig Ed Rogers’ Diligence Inc. security firm on behalf of Alfa; the wall of secrecy surrounding the identity of the Germans sponsors of Atta’s activities under the auspices of the Carl Duisberg Gesellschaft.

1. Beginning with background information essential for understanding the present discussion of Alfa Group, the program recapitulates critical information from FTR#530. Beginning with review of the Carl Duisberg Gesellschaft’s sponsorship of 9/11 hijacker Mohamed Atta, the program reviews the relationship between the CDS and the Alfa Fellowship, an area of overlap between the milieux of Alfa and 9/11. In addition, the program notes that a key Alfa lawyer (Norbert Seeger) also fronts for the royal family of Liechtenstein, themselves linked to the milieu of 9/11 through the bank Al Taqwa. After reviewing the CDS/Alfa/9/11 link, the program presents information about a lawsuit brought against Alfa in the United States. In the expose of this area of Alfa’s operations, we will see yet another area of overlap between the milieu of Alfa and that of 9/11. One of the players in the Alfa gambit discussed in this program is Viktor Kozeny. Mohamed Atta’s German “brother” Wolfgang Bohringer was a pilot for Kozeny. (For more about the Kozeny/Bohringer relationship, see FTR#570. Note that paragraph 5 of that discussion, highlights links between Kozeny, Hans Bodmer and Pyotr Aven. Both Bodmer and Aven are defendants, along with Kozeny, in the suit against Alfa.) “Russian corporation Alfa Group Consortium and its U.S. entity, Alfa Capital Markets, Inc., are a criminal enterprise that has used U.S. banks and stock exchanges as an integral part of their theft schemes, costing American taxpayers and stockholders hundreds of millions of dollars, IPOC International Growth Fund, Ltd., alleges in a federal racketeering lawsuit filed late Thursday. The suit alleges that Alfa, one of the largest business conglomerates in the Russian Federation — along with Russian oligarch Mikhail Fridman and U.S. citizen Leonid Rozhetskin — engaged in a vast international money laundering and fraud scheme in an attempt to take control of the Russian cellular industry. ‘By doing so, defendants’ conduct has had a substantial effect on the United States and its citizens, and much of the criminal conduct occurred in the United States,’ the suit, filed in U.S. District Court for the Southern District of New York, said.”
(“ ‘Defendants’ Tentacles Reach Into and Injure Numerous Americans’” [PRNewswire]; Forbes; 6/9/2006.)

2. Note that Alfa’s activities in the U.S. received assistance from American governmental institutions. “The criminal enterprise affected Americans, U.S.-based investors and U.S. interests in numerous ways, the complaint alleges, involving the evasion of U.S. taxes, insider trading of shares on U.S. stock markets, and wiring payments through New York banks. The Alfa Group Consortium received support from the Overseas Private Investment Corporation, a U.S. government development agency, to provide a significant portion of funding for one of Alfa’s related businesses.’ The complaint alleges that the racketeering and other wrongs cited in this case hurt U.S. investors, U.S. taxpayers and U.S. financial markets,’ said W. Gordon Dobie, an attorney with Winston & Strawn LLP, which filed the case for IPOC International Growth Fund, Ltd. ‘It’s my opinion that the defendants should be called to account in court for their conduct.’” (Idem.)

3. Note that two of the defendants in the Alfa suit are Hans Bodmer and Pyotr Aven, two of Viktor Kozeny’s co-conspirators in a scheme to gain control of the Azeri state oil company. Again, for more about this connection, see FTR#570. “The complaint also alleges that Rozhetskin and Fridman were assisted by Hans Bodmer, who served as escrow agent and sent instructions to IPOC to wire money through banks in New York for the benefit of the defendants. Bodmer recently plead guilty to criminal conspiracy to launder money and conspiracy to violate the U.S. Foreign Corrupt Practices Act in connection with an unrelated scheme to bribe foreign leaders. …Notes to Editors: IPOC International Growth Fund, Ltd. is an open-ended mutual fund company based in Bermuda. The suit, based on claims under the Racketeer Influenced and Corrupt Organizations (RICO) Act, charges that Fridman conspired with Rozhetskin to steal IPOC’s interest through money laundering, bribery, wire fraud and other criminal wrongdoings. Other defendants are Alfa Capital Markets, Inc., a U.S. corporation; Alfa Telecom (n/k/a) Altimo; and Hans Bodmer. Alfa Group Consortium is an association of various companies controlled by Fridman. It controls major international corporations traded in the United States, including VimpelCom (NYSE) Russia’s second largest mobile telecoms company, Golden Telecom (NASDAQ) and Turkcell (NYSE). For more information about IPOC, go to ipocfund.com. A copy of the lawsuit is being posted on this Web site June 9. ‘The Many Ties to the United States.’ As the lawsuit states, ‘… defendants’ tentacles reach into and injure numerous Americans….’ The investors, taxpayers and financial markets of the United States have been harmed.” (Idem.)

4. Note the presence in this alleged scheme of Viktor Kozeny (as well as Kozeny’s co-conspirators in the Azeri oil conspiracy Hans Bodmer and Pyotr Aven), for whom Atta associate Wolfgang Bohringer worked. Again, check out FTR#570. Note also that the Russian edition of Forbes was investigating Leonard Rozhetskin, one of the defendants in the suit and a major “Alfa Male.” The Russian editor of Forbes was recently murdered, allegedly by Russian organized crime elements. Was that murder part of the conspiratorial process set forth here? “The below sets out the individuals and firms referred to in the lawsuit, and provides some further information: The Defendants: Leonard Rozhetskin: ‘Defendant Leonard Rozhetskin is a former director and principal shareholder of LV Finance Group Limited (‘LVFG’). He is a United States taxpayer and citizen, owns property in the District, and lived in the District for more than a decade … featured on the cover of the Russian edition of Forbes with the title: ‘The Most Dangerous Shark in Our Waters.’… Rozhetskin resides in the United States….’[pg.6]’ Hans Bodmer: ‘Defendant Hans Bodmer … assisted Rozhetskin and Fridman with the Sonic Duo/MegaFon theft scheme … worked with his co-conspirators to send instructions to IPOC to wire money through banks in New York for the benefit of the Defendants. Bodmer is no stranger to criminal prosecution in the United States, having recently pled guilty to the criminal conspiracy to launder money and conspiracy to violate the United States Foreign Corrupt Practices Act in connection with the scheme to bribe foreign leaders (along with Victor Kozeny, who is currently being extradited to New York from the Bahamas) [Italics are Mr. Emory’s]. Case No: 01: 05-CR-00518-RCC-ALL (S.D.N.Y.).’ [pg. 9]” (Idem.)

5. More about the defendants, including Kozeny associate Pyotr Aven: “Mikhail Fridman: ‘Defendant Mikhail Fridman currently serves as Chairman of the Board of Directors of co-conspirator Alfa Bank and as Chairman of the Board of Directors of Defendant Consortium Alfa Group. Fridman further served on the Board of VimpelCom, a NYSE company, and has control over Golden Telecom, a NASDAQ company … purchased the United States trading firm owned by American, Mark Rich, the one time commodities baron pardoned by President Clinton with much controversy. Fridman purports to have become a philanthropist in the United States’ and is a member of the Board of the Council on Foreign Relations based in New York. [pgs. 6-7] Pyotr Aven: ‘Defendant Pyotr Aven also has been a major participant in the scheme and worked directly with Rozhetskin and Fridman in the misappropriation and theft of IPOC monies. Aven is a director of Golden Telecom, a NASDAQ company, which regularly files with the United States Securities Exchange Commission. He is a controversial figure: As observed by the United States District Court for the District of Columbia, a Russian ‘corruption task force informed [the government] that Aven was engaged in various misdeeds, including drug trafficking. See OAO Alfa Bank v. Center for Public Integrity, Civ. Action No. 00-2208 (JDB), Mem. Op., Sept. 22, 2005 at 11 n.26.’ [pg. 8]” (Idem.)

6. Next, the discussion turns to Barbour, Griffith Rogers, the PR firm headed by Haley Barbour, the G.O.P. Governor of Mississippi. In addition to Barbour (linked to the milieu of 9/11 in other ways, set forth below), Lanny Griffith and Ed Rogers (also major Republican power brokers) head the lobbying firm. More about the background of Lanny Griffith and Ed Rogers: “After managing the first President Bush’s 1988 campaign in the Southern states, Bush appointed him [Lanny Griffith] as special assistant to the president for intergovernmental affairs. Griffith then served as Bush’s assistant secretary of education from 1991 to 1993, when he joined Barbour’s lobby shop. Onetime deputy assistant to President George H.W. Bush. He [Ed Rogers] is married to Edwina Rogers, former associate director of the White House’s National Economic Council. [1]” (Idem.)

7. Note that Barbour Griffith and Rogers lobbied on behalf of the Alfa Group in the United States! As if that wasn’t unappetizing enough, we should not fail to take stock of the fact that Rogers’ security outfit Diligence, Inc. allegedly illegally appropriated information from the IPOC. “Barbour Griffith and Rogers: ‘The Alfa Group conducts such significant and varied business in the United States that it has actually found it to be in its interest to spend millions of dollars courting the American political elite through Washington D.C. based lobbying firm of Barbour Griffith and Rogers, LLC which lobbies Congress and others in Washington on its behalf.’ [pgs. 7-8] ‘In addition to using his lobbying firm, Alfa Group has retained Edward Rogers’ Washington D.C. based ‘investigative’ firm, Diligence, Inc. — which has criminally misappropriated IPOC information as described further below….[pg. 8] Diligence, Inc.: ‘Defendants have also paid U.S.-based Diligence, Inc. to steal IPOC property in Bermuda. Indeed, at the Fridman M.C. Enterprise’s direction Diligence bribed officials of an accounting firm and/or otherwise misappropriated IPOC property. More specifically, Diligence, Inc. describes itself on its web site and in its press releases as a company comprised of former Central Intelligence Agency (‘CIA’) and British MI5 operatives that ‘specialize in obtaining non-public or hard-to-get information on corporations.’ See http://www.diligencecorp.com. Diligence, Inc. is owned in part by Edward Rogers who has also been paid millions by defendants to lobby Congress and consult for Alfa.’ [pg. 24]” (Idem.)

8. Former operatives for the CIA and MI5 (British domestic intelligence), the Diligence employees allegedly used their former (“former”?) espionage connections and credentials to misappropriate key documents from the IPOC. “ ‘In violation of 18 U.S.C. section 912 and at Defendant Alfa’s instructions, Diligence, Inc. posed as United States Agents acting under the authority of the United States to misappropriate IPOC information from an accounting firm. Defendants further violated 18 U.S.C. section 913 by searching IPOC property while falsely representing, through Diligence, Inc., to be agents of the United States. By doing so, Defendants have had an effect on the United States.’ [pg. 24]” (Idem.)

9. The broadcast concludes with review of information presented in paragraphs 15-17 of FTR#433. Recapping the links between Haley Barbour’s New Bridge Strategies (a major contractor in Iraq) and subsidiary companies of the Nasreddin/Nada financial and business empire, the program sets forth another evidentiary tributary between the milieu of the 9/11 attacks and the highest echelons of the GOP. (Nada and Nasreddin are the principles in the Al Taqwa network. For more about Al Taqwa, the GOP leadership and 9/11 see—among other programs—FTR#’s 454, 455, 456.)


2 comments for “FTR #573 Alfa Males—One Helluva Conspiracy Theory, Part II”

  1. Leonid Rozhetskin vanished

    Posted by adam | October 9, 2013, 3:47 pm
  2. Oh, look at that: In a report that’s bound to be a bombshell with a week left to go in the campaign, a group of cybersecurity researchers has what appears to be strong digital circumstantial evidence that the Trump organization set up a server specifically to communicate secretly with a prominent Russian bank with ties to the Kremlin. Not only that but the communication pattern the researchers were observing appear to up tick with the campaign season and significant political events. And the Trump campaign doesn’t appear to have any meaningful explanation for the server, claiming was used for marketing emails until 2010, and all the communication the researchers observed (which was almost exclusively communicate with this one Russian bank) was just regular server activity and had nothing to do with emails. So this is a very suspicious set digital activity between Trump’s organization and a Russian bank, and it’s one helluva bank:


    Was a Trump Server Communicating With Russia?

    This spring, a group of computer scientists set out to determine whether hackers were interfering with the Trump campaign. They found something they weren’t expecting.

    By Franklin Foer
    Oct. 31 2016 5:36 PM

    The greatest miracle of the internet is that it exists—the second greatest is that it persists. Every so often we’re reminded that bad actors wield great skill and have little conscience about the harm they inflict on the world’s digital nervous system. They invent viruses, botnets, and sundry species of malware. There’s good money to be made deflecting these incursions. But a small, tightly knit community of computer scientists who pursue such work—some at cybersecurity firms, some in academia, some with close ties to three-letter federal agencies—is also spurred by a sense of shared idealism and considers itself the benevolent posse that chases off the rogues and rogue states that try to purloin sensitive data and infect the internet with their bugs. “We’re the Union of Concerned Nerds,” in the wry formulation of the Indiana University computer scientist L. Jean Camp.

    In late spring, this community of malware hunters placed itself in a high state of alarm. Word arrived that Russian hackers had infiltrated the servers of the Democratic National Committee, an attack persuasively detailed by the respected cybersecurity firm CrowdStrike. The computer scientists posited a logical hypothesis, which they set out to rigorously test: If the Russians were worming their way into the DNC, they might very well be attacking other entities central to the presidential campaign, including Donald Trump’s many servers. “We wanted to help defend both campaigns, because we wanted to preserve the integrity of the election,” says one of the academics, who works at a university that asked him not to speak with reporters because of the sensitive nature of his work.

    Hunting for malware requires highly specialized knowledge of the intricacies of the domain name system—the protocol that allows us to type email addresses and website names to initiate communication. DNS enables our words to set in motion a chain of connections between servers, which in turn delivers the results we desire. Before a mail server can deliver a message to another mail server, it has to look up its IP address using the DNS. Computer scientists have built a set of massive DNS databases, which provide fragmentary histories of communications flows, in part to create an archive of malware: a kind of catalog of the tricks bad actors have tried to pull, which often involve masquerading as legitimate actors. These databases can give a useful, though far from comprehensive, snapshot of traffic across the internet. Some of the most trusted DNS specialists—an elite group of malware hunters, who work for private contractors—have access to nearly comprehensive logs of communication between servers. They work in close concert with internet service providers, the networks through which most of us connect to the internet, and the ones that are most vulnerable to massive attacks. To extend the traffic metaphor, these scientists have cameras posted on the internet’s stoplights and overpasses. They are entrusted with something close to a complete record of all the servers of the world connecting with one another.

    In late July, one of these scientists—who asked to be referred to as Tea Leaves, a pseudonym that would protect his relationship with the networks and banks that employ him to sift their data—found what looked like malware emanating from Russia. The destination domain had Trump in its name, which of course attracted Tea Leaves’ attention. But his discovery of the data was pure happenstance—a surprising needle in a large haystack of DNS lookups on his screen. “I have an outlier here that connects to Russia in a strange way,” he wrote in his notes. He couldn’t quite figure it out at first. But what he saw was a bank in Moscow that kept irregularly pinging a server registered to the Trump Organization on Fifth Avenue.

    More data was needed, so he began carefully keeping logs of the Trump server’s DNS activity. As he collected the logs, he would circulate them in periodic batches to colleagues in the cybersecurity world. Six of them began scrutinizing them for clues.

    (I communicated extensively with Tea Leaves and two of his closest collaborators, who also spoke with me on the condition of anonymity, since they work for firms trusted by corporations and law enforcement to analyze sensitive data. They persuasively demonstrated some of their analytical methods to me—and showed me two white papers, which they had circulated so that colleagues could check their analysis. I also spoke with academics who vouched for Tea Leaves’ integrity and his unusual access to information. “This is someone I know well and is very well-known in the networking community,” said Camp. “When they say something about DNS, you believe them. This person has technical authority and access to data.”)

    The researchers quickly dismissed their initial fear that the logs represented a malware attack. The communication wasn’t the work of bots. The irregular pattern of server lookups actually resembled the pattern of human conversation—conversations that began during office hours in New York and continued during office hours in Moscow. It dawned on the researchers that this wasn’t an attack, but a sustained relationship between a server registered to the Trump Organization and two servers registered to an entity called Alfa Bank.

    The researchers had initially stumbled in their diagnosis because of the odd configuration of Trump’s server. “I’ve never seen a server set up like that,” says Christopher Davis, who runs the cybersecurity firm HYAS InfoSec Inc. and won a FBI Director Award for Excellence for his work tracking down the authors of one of the world’s nastiest botnet attacks. “It looked weird, and it didn’t pass the sniff test.” The server was first registered to Trump’s business in 2009 and was set up to run consumer marketing campaigns. It had a history of sending mass emails on behalf of Trump-branded properties and products. Researchers were ultimately convinced that the server indeed belonged to Trump. (Click here to see the server’s registration record.) But now this capacious server handled a strangely small load of traffic, such a small load that it would be hard for a company to justify the expense and trouble it would take to maintain it. “I get more mail in a day than the server handled,” Davis says.

    That wasn’t the only oddity. When the researchers pinged the server, they received error messages. They concluded that the server was set to accept only incoming communication from a very small handful of IP addresses. A small portion of the logs showed communication with a server belonging to Michigan-based Spectrum Health. (The company said in a statement: “Spectrum Health does not have a relationship with Alfa Bank or any of the Trump organizations. We have concluded a rigorous investigation with both our internal IT security specialists and expert cyber security firms. Our experts have conducted a detailed analysis of the alleged internet traffic and did not find any evidence that it included any actual communications (no emails, chat, text, etc.) between Spectrum Health and Alfa Bank or any of the Trump organizations. While we did find a small number of incoming spam marketing emails, they originated from a digital marketing company, Cendyn, advertising Trump Hotels.”)

    Spectrum accounted for a relatively trivial portion of the traffic. Eighty-seven percent of the DNS lookups involved the two Alfa Bank servers. “It’s pretty clear that it’s not an open mail server,” Camp told me. “These organizations are communicating in a way designed to block other people out.”

    Earlier this month, the group of computer scientists passed the logs to Paul Vixie. In the world of DNS experts, there’s no higher authority. Vixie wrote central strands of the DNS code that makes the internet work. After studying the logs, he concluded, “The parties were communicating in a secretive fashion. The operative word is secretive. This is more akin to what criminal syndicates do if they are putting together a project.” Put differently, the logs suggested that Trump and Alfa had configured something like a digital hotline connecting the two entities, shutting out the rest of the world, and designed to obscure its own existence. Over the summer, the scientists observed the communications trail from a distance.

    * * *

    While the researchers went about their work, the conventional wisdom about Russian interference in the campaign began to shift. There were reports that the Trump campaign had ordered the Republican Party to rewrite its platform position on Ukraine, maneuvering the GOP toward a policy preferred by Russia, though the Trump campaign denied having a hand in the change. Then Trump announced in an interview with the New York Times his unwillingness to spring to the defense of NATO allies in the face of a Russian invasion. Trump even invited Russian hackers to go hunting for Clinton’s emails, then passed the comment off as a joke. (I wrote about Trump’s relationship with Russia in early July.)

    In the face of accusations that he is somehow backed by Putin or in business with Russian investors, Trump has issued categorical statements. “I mean I have nothing to do with Russia,” he told one reporter, a flat denial that he repeated over and over. Of course, it’s possible that these statements are sincere and even correct. The sweeping nature of Trump’s claim, however, prodded the scientists to dig deeper. They were increasingly confident that they were observing data that contradicted Trump’s claims.

    In the parlance that has become familiar since the Edward Snowden revelations, the DNS logs reside in the realm of metadata. We can see a trail of transmissions, but we can’t see the actual substance of the communications. And we can’t even say with complete certitude that the servers exchanged email. One scientist, who wasn’t involved in the effort to compile and analyze the logs, ticked off a list of other possibilities: an errant piece of spam caroming between servers, a misdirected email that kept trying to reach its destination, which created the impression of sustained communication. “I’m seeing a preponderance of the evidence, but not a smoking gun,” he said. Richard Clayton, a cybersecurity researcher at Cambridge University who was sent one of the white papers laying out the evidence, acknowledges those objections and the alternative theories but considers them improbable. “I think mail is more likely, because it’s going to a machine running a mail server and [the host] is called mail. Dr. Occam says you should rule out mail before pulling out the more exotic explanations.” After Tea Leaves posted his analysis on Reddit, a security blogger who goes by Krypt3ia expressed initial doubts—but his analysis was tarnished by several incorrect assumptions, and as he examined the matter, his skepticism of Tea Leaves softened somewhat.

    I put the question of what kind of activity the logs recorded to the University of California’s Nicholas Weaver, another computer scientist not involved in compiling the logs. “I can’t attest to the logs themselves,” he told me, “but assuming they are legitimate they do indicate effectively human-level communication.”

    Weaver’s statement raises another uncertainty: Are the logs authentic? Computer scientists are careful about vouching for evidence that emerges from unknown sources—especially since the logs were pasted in a text file, where they could conceivably have been edited. I asked nine computer scientists—some who agreed to speak on the record, some who asked for anonymity—if the DNS logs that Tea Leaves and his collaborators discovered could be forged or manipulated. They considered it nearly impossible. It would be easy enough to fake one or maybe even a dozen records of DNS lookups. But in the aggregate, the logs contained thousands of records, with nuances and patterns that not even the most skilled programmers would be able to recreate on this scale. “The data has got the right kind of fuzz growing on it,” Vixie told me. “It’s the interpacket gap, the spacing between the conversations, the total volume. If you look at those time stamps, they are not simulated. This bears every indication that it was collected from a live link.” I asked him if there was a chance that he was wrong about their authenticity. “This passes the reasonable person test,” he told me. “No reasonable person would come to the conclusion other than the one I’ve come to.” Others were equally emphatic. “It would be really, really hard to fake these,” Davis said. According to Camp, “When the technical community examined the data, the conclusion was pretty obvious.”

    It’s possible to impute political motives to the computer scientists, some of whom have criticized Trump on social media. But many of the scientists who talked to me for this story are Republicans. And almost all have strong incentives for steering clear of controversy. Some work at public institutions, where they are vulnerable to political pressure. Others work for firms that rely on government contracts—a relationship that tends to squash positions that could be misinterpreted as outspoken.

    * * *

    Alfa’s oligarchs occupied an unusual position in Putin’s firmament. They were insiders but not in the closest ring of power. “It’s like they were his judo pals,” one former U.S. government official who knows Fridman told me. “They were always worried about where they stood in the pecking order and always feared expropriation.” Fridman and Aven, however, are adept at staying close to power. As the U.S. District Court for the District of Columbia once ruled, in the course of dismissing a libel suit the bankers filed, “Aven and Fridman have assumed an unforeseen level of prominence and influence in the economic and political affairs of their nation.”

    Unlike other Russian firms, Alfa has operated smoothly and effortlessly in the West. It has never been slapped with sanctions. Fridman and Aven have cultivated a reputation as beneficent philanthropists. They endowed a prestigious fellowship. The Woodrow Wilson International Center for Scholars, the American-government funded think tank, gave Aven its award for “Corporate Citizenship” in 2015. To protect its interests in Washington, Alfa hired as its lobbyist former Reagan administration official Ed Rogers. Richard Burt, who helped Trump write the speech in which he first laid out his foreign policy, serves on Alfa’s senior advisory board. The branding campaign has worked well. During the first Obama term, Fridman and Aven met with officials in the White House on two occasions, according to visitor logs.

    Fridman and Aven have significant business interests to promote in the West. One of their holding companies, LetterOne, has vowed to invest as much as $3 billion in U.S. health care. This year, it sank $200 million into Uber. This is, of course, money that might otherwise be invested in Russia. According to a former U.S. official, Putin tolerates this condition because Alfa advances Russian interests. It promotes itself as an avatar of Russian prowess. “It’s our moral duty to become a global player, to prove a Russian can transform into an international businessman,” Fridman told the Financial Times.

    * * *

    Tea Leaves and his colleagues plotted the data from the logs on a timeline. What it illustrated was suggestive: The conversation between the Trump and Alfa servers appeared to follow the contours of political happenings in the United States. “At election-related moments, the traffic peaked,” according to Camp. There were considerably more DNS lookups, for instance, during the two conventions.

    In September, the scientists tried to get the public to pay attention to their data. One of them posted a link to the logs in a Reddit thread. Around the same time, the New York Times’ Eric Lichtblau and Steven Lee Myers began chasing the story.* (They are still pursuing it.) Lichtblau met with a Washington representative of Alfa Bank on Sept. 21, and the bank denied having any connection to Trump. (Lichtblau told me that Times policy prevents him from commenting on his reporting.)

    The Times hadn’t yet been in touch with the Trump campaign—Lichtblau spoke with the campaign a week later—but shortly after it reached out to Alfa, the Trump domain name in question seemed to suddenly stop working. When the scientists looked up the host, the DNS server returned a fail message, evidence that it no longer functioned. Or as it is technically diagnosed, it had “SERVFAILed.” (On the timeline above, this is the moment at the end of the chronology when the traffic abruptly spikes, as servers frantically attempt to resend rejected messages.) The computer scientists believe there was one logical conclusion to be drawn: The Trump Organization shut down the server after Alfa was told that the Times might expose the connection. Weaver told me the Trump domain was “very sloppily removed.” Or as another of the researchers put it, it looked like “the knee was hit in Moscow, the leg kicked in New York.”

    Four days later, on Sept. 27, the Trump Organization created a new host name, trump1.contact-client.com, which enabled communication to the very same server via a different route. When a new host name is created, the first communication with it is never random. To reach the server after the resetting of the host name, the sender of the first inbound mail has to first learn of the name somehow. It’s simply impossible to randomly reach a renamed server. “That party had to have some kind of outbound message through SMS, phone, or some noninternet channel they used to communicate [the new configuration],” Paul Vixie told me. The first attempt to look up the revised host name came from Alfa Bank. “If this was a public server, we would have seen other traces,” Vixie says. “The only look-ups came from this particular source.”

    According to Vixie and others, the new host name may have represented an attempt to establish a new channel of communication. But media inquiries into the nature of Trump’s relationship with Alfa Bank, which suggested that their communications were being monitored, may have deterred the parties from using it. Soon after the New York Times began to ask questions, the traffic between the servers stopped cold.

    * * *

    Last week, I wrote to Alfa Bank asking if it could explain why its servers attempted to connect with the Trump Organization on such a regular basis. Its Washington representative, Jeffrey Birnbaum of the public relations firm BGR, provided me the following response:

    Alfa hired Mandiant, one of the world’s foremost cyber security experts, to investigate and it has found nothing to the allegations. I hope the below answers respond clearly to your questions. Neither Alfa Bank nor its principals, including Mikhail Fridman and Petr Aven, have or have had any contact with Mr. Trump or his organizations. Fridman and Aven have never met Mr. Trump nor have they or Alfa Bank had any business dealings with him. Neither Alfa nor its officers have sent Mr. Trump or his organizations any emails, information or money. Alfa Bank does not have and has never had any special or exclusive internet connection with Mr. Trump or his entities. The assertion of a special or private link is patently false.

    I asked Birnbaum if he would connect me with Mandiant to elaborate on its findings. He told me:

    Mandiant is still doing its deep dive into the Alfa Bank systems. Its leading theory is that Alfa Bank’s servers may have been responding with common DNS look ups to spam sent to it by a marketing server. But it doesn’t want to speak on the record until it’s finished its investigation.

    It’s hard to evaluate the findings of an investigation that hasn’t ended. And of course, even the most reputable firm in the world isn’t likely to loudly broadcast an opinion that bites the hand of its client.

    I posed the same basic questions to the Trump campaign. Trump spokeswoman Hope Hicks sent me this in response to my questions by email:

    The email server, set up for marketing purposes and operated by a third-party, has not been used since 2010. The current traffic on the server from Alphabank’s [sic] IP address is regular DNS server traffic—not email traffic. To be clear, The Trump Organization is not sending or receiving any communications from this email server. The Trump Organization has no communication or relationship with this entity or any Russian entity.

    I asked Hicks to explain what caused the Trump Organization to rename its host after the New York Times called Alfa. I also asked how the Trump Organization arrived at its judgment that there was no email traffic. (Furthermore, there’s no such thing as “regular” DNS server traffic, at least not according to the computer scientists I consulted. The very reason DNS exists is to enable email and other means of communication.) She never provided me with a response.

    What the scientists amassed wasn’t a smoking gun. It’s a suggestive body of evidence that doesn’t absolutely preclude alternative explanations. But this evidence arrives in the broader context of the campaign and everything else that has come to light: The efforts of Donald Trump’s former campaign manager to bring Ukraine into Vladimir Putin’s orbit; the other Trump adviser whose communications with senior Russian officials have worried intelligence officials; the Russian hacking of the DNC and John Podesta’s email.

    We don’t yet know what this server was for, but it deserves further explanation.

    “Earlier this month, the group of computer scientists passed the logs to Paul Vixie. In the world of DNS experts, there’s no higher authority. Vixie wrote central strands of the DNS code that makes the internet work. After studying the logs, he concluded, “The parties were communicating in a secretive fashion. The operative word is secretive. This is more akin to what criminal syndicates do if they are putting together a project.” Put differently, the logs suggested that Trump and Alfa had configured something like a digital hotline connecting the two entities, shutting out the rest of the world, and designed to obscure its own existence. Over the summer, the scientists observed the communications trail from a distance.”

    Well, that is quite a bombshell if it pans out. Maybe not exactly the bombshell that the emerging coverage of the story will depict, but still quite a bombshell.

    Posted by Pterrafractyl | October 31, 2016, 7:15 pm

Post a comment