With the (justifiable) outrage swirling around FBI director (and Mitt Romney backer) James Comey’s public discussion of the discovery of more of Hillary Clinton’s e‑mails having been discovered, another election-related investigation has gone largely unexamined. Indeed, the importance of the investigation has been downplayed.
Computer experts discovered a link between a server registered to the Trump organization and two servers registered to the Alfa Bank in Moscow, a bank that is part of the Alfa conglomerate discussed in FTR #‘s 530 and 573.
In the Foer piece, and in attempted discrediting articles of same, it is apparent that the investigators do not understand the nature of the entity they are investigating. The journalistic “spin” put on Alfa in the coverage is “Russia/Putin/Kremlin” new Cold War context. Alfa is very, very different.
In FTR #‘s 530, 573 we examnined the nature of Alfa’s history, operations and institutional and economic foundations. It is anything BUT “Kremlin/Putin/Russia.”
It appears to be Underground Reich, all the way, with evidentiary tributaries running in the direction of: the Iran-Contra scandal; the Iraqgate scandal; the oil-for-food scam vis a vis Iraq; malfeasanace by a coterie of GOP bigwigs including Dick Cheney and others close to George W. Bush, and Haley Barbour; money-laundering by powerful international drug syndicates; Chechen warlords and drug-trafficking syndicates; the Royal family of Liechtenstein; the Bank al-Taqwa (which helped finance al-Qaeda); the Marc Rich operations; Eastern European and Russian associates of Wolfgang Bohringer, one of Mohamed Atta’s close associates in South Florida; and the Carl Duisberg Fellowship, which brought Mohamed Atta to Germany from Egypt and may have helped him into the U.S.
The program highlights major aspects of the investigation into the Alfa/Trump link:
The Trump/Alfa link was not a malware attack, as some of the computer scientists initially thought: ” . . . . The researchers quickly dismissed their initial fear that the logs represented a malware attack. The communication wasn’t the work of bots. The irregular pattern of server lookups actually resembled the pattern of human conversation—conversations that began during office hours in New York and continued during office hours in Moscow. It dawned on the researchers that this wasn’t an attack, but a sustained relationship between a server registered to the Trump Organization and two servers registered to an entity called Alfa Bank. . . .”
The set-up was highly unusual: ” . . . . The researchers had initially stumbled in their diagnosis because of the odd configuration of Trump’s server. ‘I’ve never seen a server set up like that,’ says Christopher Davis, who runs the cybersecurity firm HYAS InfoSec Inc. and won a FBI Director Award for Excellence for his work tracking down the authors of one of the world’s nastiest botnet attacks. ‘It looked weird, and it didn’t pass the sniff test.’ The server was first registered to Trump’s business in 2009 and was set up to run consumer marketing campaigns. It had a history of sending mass emails on behalf of Trump-branded properties and products. Researchers were ultimately convinced that the server indeed belonged to Trump. (Click here to see the server’s registration record.) But now this capacious server handled a strangely small load of traffic, such a small load that it would be hard for a company to justify the expense and trouble it would take to maintain it. ‘I get more mail in a day than the server handled,’ Davis says. . . .”
The article details more unusual aspects of the link: ” . . . . That wasn’t the only oddity. When the researchers pinged the server, they received error messages. They concluded that the server was set to accept only incoming communication from a very small handful of IP addresses. . . . Eighty-seven percent of the DNS lookups involved the two Alfa Bank servers. ‘It’s pretty clear that it’s not an open mail server,’ Camp told me. ‘These organizations are communicating in a way designed to block other people out.’ . . . .”
Paul Vixie–one of the premier experts in the field–felt the connection was highly unusual: ” . . . . Earlier this month, the group of computer scientists passed the logs to Paul Vixie. In the world of DNS experts, there’s no higher authority. Vixie wrote central strands of the DNS code that makes the internet work. After studying the logs, he concluded, ‘The parties were communicating in a secretive fashion. The operative word is secretive. This is more akin to what criminal syndicates do if they are putting together a project.’ Put differently, the logs suggested that Trump and Alfa had configured something like a digital hotline connecting the two entities, shutting out the rest of the world, and designed to obscure its own existence. . . .”
The available evidence indicates that the hookup indicated “human-level communication”: ” . . . I put the question of what kind of activity the logs recorded to the University of California’s Nicholas Weaver, another computer scientist not involved in compiling the logs. ‘I can’t attest to the logs themselves,’ he told me, ‘but assuming they are legitimate they do indicate effectively human-level communication.’ . . . ”
More about the nature of the communication, from the scientist using the code-name “Tea Leaves”: ” . . . . Tea Leaves and his colleagues plotted the data from the logs on a timeline. What it illustrated was suggestive: The conversation between the Trump and Alfa servers appeared to follow the contours of political happenings in the United States. ‘At election-related moments, the traffic peaked,’ according to Camp. There were considerably more DNS lookups, for instance, during the two conventions. . . .”
The scientists attempted to get the public to pay attention to their investigation and New York Times writers turned their attention to the case: ” . . . In September, the scientists tried to get the public to pay attention to their data. One of them posted a link to the logs in a Reddit thread. Around the same time, the New York Times’ Eric Lichtblau and Steven Lee Myers began chasing the story.* (They are still pursuing it.) Lichtblau met with a Washington representative of Alfa Bank on Sept. 21, and the bank denied having any connection to Trump. . . .”
Things got “interesting” after that. According to the computer scientists, the Trump Organization shut down the server! As the brilliant Berkeley researcher Peter Dale Scott noted, in a different context, “The cover-up obviates the conspiracy. ” . . . . In September, the scientists tried to get the public to pay attention to their data. One of them posted a link to the logs in a Reddit thread. Around the same time, the New York Times’ Eric Lichtblau and Steven Lee Myers began chasing the story.* (They are still pursuing it.) Lichtblau met with a Washington representative of Alfa Bank on Sept. 21, and the bank denied having any connection to Trump. . . . The computer scientists believe there was one logical conclusion to be drawn: The Trump Organization shut down the server after Alfa was told that the Times might expose the connection. Weaver told me the Trump domain was ‘very sloppily removed.’ Or as another of the researchers put it, it looked like ‘the knee was hit in Moscow, the leg kicked in New York.’. . . . Four days later, on Sept. 27, the Trump Organization created a new host name, trump1.contact-client.com, which enabled communication to the very same server via a different route. When a new host name is created, the first communication with it is never random. To reach the server after the resetting of the host name, the sender of the first inbound mail has to first learn of the name somehow. It’s simply impossible to randomly reach a renamed server. ‘That party had to have some kind of outbound message through SMS, phone, or some noninternet channel they used to communicate [the new configuration],’ Paul Vixie told me. The first attempt to look up the revised host name came from Alfa Bank. ‘If this was a public server, we would have seen other traces,’ Vixie says. ‘The only look-ups came from this particular source.‘According to Vixie and others, the new host name may have represented an attempt to establish a new channel of communication. But media inquiries into the nature of Trump’s relationship with Alfa Bank, which suggested that their communications were being monitored, may have deterred the parties from using it. Soon after the New York Times began to ask questions, the traffic between the servers stopped cold. . . .”
Not surprisingly, the FBI has dismissed the relevance of the computer link.
This dismissal comes against the background of several late-breaking developments:
The unsuccessful attempt by Alfa subsidiary Crown Resources to buy Marc Rich’s commodities firm: ” . . . A deal to sell the Swiss-based commodities operation of former U.S. fugitive financier Marc Rich to Russia-owned energy trading group Crown Resources is off. . . . Crown is owned by the Alfa Group conglomerate. . . . .”
The subsequent successful attempt by Alfa player Mikhail Fridman to purchase the Marc Rich firm: ” . . . Mikhail Fridman: ‘Defendant Mikhail Fridman currently serves as Chairman of the Board of Directors of co-conspirator Alfa Bank and as Chairman of the Board of Directors of Defendant Consortium Alfa Group. Fridman further served on the Board of VimpelCom, a NYSE company, and has control over Golden Telecom, a NASDAQ company ... purchased the United States trading firm owned by American, Mark Rich, the one time commodities baron pardoned by President Clinton with much controversy. . . .”
The FBI’s long-dormant Twitter account began tweeting files about Bill Clinton’s pardon of Marc Rich, shortly after the official dismissal of investigations into the Alfa/Trump link: ” . . . . Now, a new interagency mystery is raising questions about whether the F.B.I. has become politicized, just days before the presidential election. On Sunday, a long-dormant F.B.I. Twitter account suddenly sprung to life, blasting out a series of links to case files that cast the Clintons in a decidedly negative light. . . . Then, on Tuesday, the “FBI Records Vault” account—which had not tweeted at all between October 2015 and Sunday—published a link to records related to the 15-year-old, long-closed investigation into former President Bill Clinton’s pardoning of onetime commodities trader turned fugitive Marc Rich. The post, which was quickly retweeted thousands of times, links to a heavily redacted document that repeatedly references the agency’s “Public Corruption” unit—less-than-ideal optics for Hillary Clinton, who has spent her entire campaign fighting her image as a corrupt politician. . . .”
FBI Director James Comey was in charge of the original Marc Rich investigation and the pardon of Rich by Bill Clinton. Is there a connection between the official dismissal of the investigation into the Alfa/Trump link by the FBI, the tweeting by the FBI of the files on the Clinton pardon of Marc Rich and the fact that it was Comey who presided over the Marc Rich investigations? ” . . . . In 2002, Comey, then a federal prosecutor, took over an investigation into President Bill Clinton’s 2001 pardon of financier Marc Rich, who had been indicted on a laundry list of charges before fleeing the country. The decision set off a political firestorm focused on accusations that Rich’s ex-wife Denise made donations to the Democratic Party, the Clinton Library and Hillary Clinton’s 2000 Senate campaign as part of a plan to get Rich off the hook. Comey ultimately decided not to pursue the case. The kicker: Comey himself had overseen Rich’s prosecution between 1987 and 1993. . . .”
Program Highlights Include: details of the Carl Duisberg Society’s links to Atta and to major German corporations; discussion of the Alfa Fellowhip against the background of German Ostpolitik discussed in FTR #‘s 918 and 919; detailed analysis of Viktor Kozeny associates Fridman and (Pyotr) Aven (Kozeny employed Bohringer as a pilot); a summary analysis of the major points in FTR #‘s 530 and 573.
Examining the “headscarf incident” and Muslim Brotherhood elements in the United States.
Recent Comments