Alfa Bank and Trump Org Server Link remain a mystery after Durham indictment
- In 2016, researchers discovered unexplained connections between a Trump organization server and Russian bank Alfa.
- Special advocate John Durham told a lawyer last month, accusing him of lying about the origins of the story.
- Several investigations have produced different explanations for server connections, but they remain unresolved.
- See more stories on the Insider business page.
In September, the Justice Department filed an indictment against a cybersecurity attorney with ties to the Democratic Party, accusing him of lying to the FBI in 2016 when he peddled a story about the how the Trump Organization had hidden ties to a Russian bank.
The charges stemmed from an investigation led by John Durham, who former Attorney General Bill Barr had appointed to investigate the origins of the FBI investigation into former President Donald Trump’s ties to Russia.
As president, Trump hoped Durham would “take on” former FBI Director James Comey, Deputy Director Andrew McCabe and others he blamed for the Mueller investigation. For vague reasons, he also wanted Durham to investigate former President Barack Obama and current President Joe Biden, his opponent in the 2020 presidential election. Barr appointed Durham as special counsel, ensuring that the investigation would continue after Biden takes office.
The recent indictment has breathed new life into Trump supporters who viewed the Mueller investigation as a “witch hunt,” but legal experts are skeptical of the charges.
The indictment also fails to resolve one of the lingering mysteries of the 2016 election, first spelled out in a Slate article: Why was there a digital connection between a Trump Organization server and a Russian bank in the first place?
Mysterious connections between ‘mail1.trump-email.com’ and a Russian bank
In 2016, cybersecurity researchers from Georgia Tech and information security companies Neustar and Zetalytics made an unusual discovery.
They found that between May and July 2016, a server owned by the Trump Organization communicated almost exclusively with a server owned by medical company Spectrum Health, as well as with two servers owned by Alfa Bank, the largest financial institution in Russia.
The researchers – whom the New York Times identified as April Lorenzen, chief data scientist at Zetalytic and Manos Antonakakis and David Dagon, computer scientists at Georgia Tech – made their discoveries by studying Domain Name System (DNS) logs, which record device connections on the Internet. The logs included a server with the name “mail1.trump-email.com”, which had been registered with the Trump organization.
Researchers also found that a Russian-made smartphone rarely seen in the United States had been used on networks that had also been used by people in the White House and the Trump Tower, according to the Times.
The group shared their findings with Rodney Joffe, who was an executive at Neustar, an information security firm that provided the DNS logs used by researchers. Joffe is a full-fledged cybersecurity expert, having worked for the Justice Department for 12 years and received an FBI award in 2013 for helping eliminate cybercrime.
None of the data allowed researchers to see the actual content of communications between the alleged Trump Organization server and the server owned by Alfa Bank. Joffe therefore gave the information about the mysterious connections to his lawyer, Michael A. Sussman, who shared it with the FBI.
Three possible explanations for the mysterious connections
Durham’s indictment claims Sussman misled the FBI about his clients, claiming he represented not only Joffe but Hillary Clinton’s 2016 presidential campaign as well.
Sussman had represented the Democratic National Committee in 2016 on issues related to Russia’s hacking of its servers. Durham’s indictment says Sussman billed the Clinton campaign, not Joffe, for his discussions about the mysterious server connections.
But the indictment does not deny the existence of these links. And while the Mueller report found many connections between Trump associates and Russian officials, no definitive explanation of the server’s communications remains.
Over the past four years, cybersecurity researchers and government investigations have dwelled on several theories for the links:
- The Trump Organization and Alfa Bank had secret communications and took steps to jam them. The group of researchers who discovered the connections in the first place put forward this hypothesis.
- The communications were initiated by Hospitality Marketing, a third-party email marketing company used by the Trump Organization to send mass marketing emails for its hotels. According to a report by the Senate Intelligence Committee, Jae Cho, IT director of the Trump organization, as well as Alfa Bank gave this explanation. But there are a few wrinkles:
- The Senate report partially writes the section discussing its findings regarding server links, so we do not have a full understanding of its conclusion.
- The FBI opted for a similar explanation, according to a 2016 New York Times article, but subsequent Justice Department investigations failed to support the conclusion.
- A 500-page 2019 Justice Department Inspector General report that the FBI could not find any computer link between the Trump Organization and Alfa Bank, but failed to provide an explanation via email marketing.
- The Mueller investigation found that Alfa Bank officials with ties to the Russian government had sought ties to Trump, but the investigation report did not address the server issue.
- There was “probably human interaction and coordination” between people working for the Trump Organization and Alfa Bank. This is the conclusion of a separate Senate analysis commissioned by the Armed Services Commission.
- According to the analysis, the server registered by the Trump Organization was not configured to send bulk emails. It had in fact been configured to to receive emails, unlike most marketing servers, and had Internet activity that was not as expected from marketing emails, the analysis found.
- Although the report found that Choe’s explanation did not fully hold, it did not offer a full alternative explanation.
Joffe also provided the researchers’ findings on the Russian-made smartphone to the CIA, according to the New York Times. It is not clear whether the agency has ever investigated these findings.
Durham may be using the indictment to tell a story
The indictment filed by Durham in September goes through pages and pages alleging an alternate story to how the story of the Trump organization and Alfa Bank came about.
It’s what Lawfare’s Benjamin Wittes calls a “talking indictment” used by prosecutors to tell a larger story to the public. And according to the story set out in Durham’s indictment, the mess over the Trump Organization’s server connections to Alfa Bank was brought forward by the Clinton campaign, not independent researchers.
Will this “speaking indictment” really lead to a conviction against Sussman? Legal experts told Insider’s C. Ryan Barber that Durham would have a hard time. The indictment names only one witness, who has given different characterizations of Sussman’s role over time. Sussman has pleaded not guilty to the charges against him.
“The cynic in me says they don’t care if they lose, they just want this whole thing out. They don’t care about Sussmann,” Barbara McQuade, a former US lawyer, told Insider. “What they really want is to have this whole story to find out how these tech experts were trying to poison public opinion about Donald Trump and his ties to a Russian bank.”
Researchers who first observed connections between servers apparently still believe in their hypothesis that Alfa Bank and the Trump Organization may have concealed communications between them.
“The researchers’ findings were true then and remain true today; reports that these findings were harmless or a hoax are simply false,” Dagon’s attorneys told The Times.