Russian Bank Says Hackers Are Trying to Make It Look Like Its Servers Are Contacting Trump

Photo: Getty
Photo: Getty

The saga of Russian cyber-ties to Trump just gets more complicated. Reports of contact between an Alfa Bank server and one belonging to the Trump organization have been circulating for months. Now, the bank says that US-based hackers have been attempting to make it appear that its servers are communicating with Trump since mid-February.


First reported back in October by the New York Times, FBI agents allegedly looked into an odd pattern of DNS requests coming from an Alfa Bank server trying to communicate with one belonging to Donald Trump. Reportedly, 2,820 requests occurred, accounting for 80 percent of the lookups on the Trump system. At the time, it was said that the FBI had concluded that it could easily be part of a spam campaign.

But last week, new reports emerged that claim the FBI was still investigating the activity. This caused some to speculate that the investigation prompted Trump’s tweets about having his “wires tapped” by President Obama during the course of the election.

Alfa Bank has denied any attempted communication with Trump but yesterday, it released a statement saying that it had been targeted by hackers who had made DNS requests to the Trump Organization that were designed to appear as if they came from Alfa Bank’s servers. “The cyberattacks are an attempt by unknown parties to manufacture the illusion of contact between Alfa Bank’s DNS servers and ‘Trump servers,’” the statements reads. “We have gone to the U.S. Justice Department and offered our complete cooperation to get to the bottom of this sham and fraud.”

To be clear, Alfa Bank is not saying that hackers were involved in the case that was reported in October. At least, not at the moment.

The bank has also enlisted a private cyber forensics firm, Stroz Friedberg, to look into the matter. In November, a separate firm, Mandiant, was hired to investigate the allegations against Alfa Bank. They told Bloomberg, “The list presented does not contain enough information to show there has been any actual activity opposed to simple DNS look-ups, which can come from a variety of sources, including anti-spam and other security software.”


The DNS requests don’t mean that any sort of communication actually occurred. Experts compare the activity to looking up a phone number. It shows intent to make contact but provides no evidence that a connection was established. Computer researcher, Richard Clayton of Cambridge University looked has looked over the data and told CNN, “It’s not so much a smoking gun as a faint whiff of smoke a long way away. Maybe there’s something else going on. It’s hard to tell.”

It’s hard to tell much of anything in this never-ending, absurdly weird chapter of U.S. politics.


[Bloomberg, CNN, New York Times]


Goger Roodell

Can someone clarify on the technical side of what happened here? I’m a sysadmin but they dumb it down in the articles? Would creating the perception of something like this be as simple as writing a script that queried Trumps DNS repeatly and spoofing the source address? Or am I missing something.