Today, a story that was popular a few months ago got new life: According to several sources, a hacker named 'Tea Leaves' found that there was a computer server (TRUMP-EMAIL.COM) in Trump Tower connecting to a Russian bank called Alfabank.
Now, CNN and others are reporting that the FBI is actively investigating this issue. There are several major players that they might look into -- who are they?
Who is 'Tea Leaves'? What is this mysterious server TRUMP-EMAIL.COM? And who is Cedyn, the company that the domain name is registered to? Let's take a look.
Who is 'Tea Leaves'?
According to Slate, there was a computer hacker who was part of a hacker collective named 'Tea Leaves' who discovered this scheme. The article says that 'Tea Leaves' is one of a group of the "most trusted DNS specialists -- an elite group of malware hunters who work for private contractors [and] have access to nearly comprehensive logs of communication between servers."
The latter statement is almost certainly false -- there is no such thing is a comprehensive log of communication between servers on the Internet. 'Tea Leaves' appears to be a DNS (domain name system) specialist, who somehow has access to historical DNS queries. What does this mean? Essentially, when you enter a URL in your browser (like cnn.com) your computer performs a DNS query from a DNS server which tells your computer where cnn.com is (its IP).
Because DNS is a distributed system, there's really nobody who has a comprehensive log. Servers at all levels in the system cache (store temporarily) DNS queries. It appears that the claim then is that 'Tea Leaves' has access to an authoritative DNS server is queried for TRUMP-EMAIL.COM. This would be really hard to get access to, but whoever controls those servers does have it. Every time someone queries that particular DNS server, a log entry is written, which Slate claims 'Tea Leaves' has access to.
What is TRUMP-EMAIL.COM? Connection to Alfabank and Spectrum Health?
TRUMP-EMAIL.COM is the name of the server that is allegedly connecting to Russia. According to a hacker named Krypt3ia, TRUMP-EMAIL.COM is a server that is supposed to be a mail server but hardly receives any mail volume at all. It is IP restricted to only listed to specific servers -- one of which appears to be the Alphabank server in Russia. Here is the record for TRUMP-EMAIL.COM:
Domain Name: TRUMP-EMAIL.COM Registry Domain ID: 1565681481_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.godaddy.com Registrar URL: http://www.godaddy.com Update Date: 2016-06-29T14:27:44Z Creation Date: 2009-08-14T20:06:37Z Registrar Registration Expiration Date: 2017-07-01T03:59:59Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: email@example.com Registrar Abuse Contact Phone: +1.4806242505 Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited http://www.icann.org/epp#clientUpdateProhibited Domain Status: clientRenewProhibited http://www.icann.org/epp#clientRenewProhibited Domain Status: clientDeleteProhibited http://www.icann.org/epp#clientDeleteProhibited Registry Registrant ID: Not Available From Registry Registrant Name: Trump Orgainzation Registrant Organization: Trump Orgainzation Registrant Street: 725 Fifth Avenue Registrant City: New York Registrant State/Province: New York Registrant Postal Code: 10022 Registrant Country: US Registrant Phone: +1.2128322000 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: [removed]@cendyn.com Registry Admin ID: Not Available From Registry Admin Name: [Removed] Admin Organization: Cendyn Admin Street: [Removed] Admin Street: Suite 419 Admin City: Boca Raton Admin State/Province: Florida Admin Postal Code: 33432 Admin Country: US Admin Phone: [Removed] Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: firstname.lastname@example.org Registry Tech ID: Not Available From Registry Tech Name: [Removed] Tech Organization: Cendyn Tech Street: [Removed] Tech Street: Suite 419 Tech City: Boca Raton Tech State/Province: Florida Tech Postal Code: 33432 Tech Country: US Tech Phone: [Removed] Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: email@example.com Name Server: NS1.CDCSERVICES.COM Name Server: NS2.CDCSERVICES.COM Name Server: NS3.CDCSERVICES.COM DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2016-11-01T01:00:00Z
The record shows that TRUMP-EMAIL.COM was registered by a company called Cedyn, and they are responsible for it. It is owned by the Trump Organization. The Name Servers (NS1.CDCERVICES.COM, etc) are what 'Tea Leaves' would need to have had access to (their logs) in order to get any information about who was connecting to TRUMP-EMAIL.COM.
Then Who is Cedyn?
Cedyn is the company that appears to have set up/manage the computer. According to Krypt3ia, Cedyn does customer relationship management IT for hotels. Krypt3ia claims that 'Tea Leaves' posted the logs from the Name Servers (above), and those are what show the connections to Alphabank. However, these logs could potentially have been doctored, so it's hard to prove that they are correct.
Krypt3ia says he did research on Cedyn and said this: "Cedyn is the name of the company and in their business history you can see how maybe a connection can be made to Russia." However, we could not find such a connection separately.
What is Interpacket Gap?
So how do we know if the logs 'Tea Leaves' had were authentic? According to the Slate article, they could not be faked by even the most skilled analyst due to "interpacket gap". What is that? It is the time between Internet packets (small pieces of information) are sent. But how does this relate to DNS? It's unclear.
Wanna read more on this? Check these out: MSNBC Guest: DHS Asking Travelers If They Like Trump Before Letting Them Enter (Watch) (more); Can We All Finally Agree That 'Do No Evil' Is BS? Tech CEOs Buddy Up To Trump (Opinion) (more); New White House Staffer Omarosa Takes Nasty Personal Shot At Joy Behar On 'The View' (Watch) (more); Opinion: Why Should Barron Trump Be Off-Limits When Donald Thinks Nothing Is Off-Limits? (more).
And here are some more related articles: Watch Trump Flunkie Kellyanne Conway's Creepy Comedy Bit (more); Could Trump Pass A Fourth Grade English Class? Let's Find Out... (more); Why Does It Take Trump 17 Minutes To Write One Sentence? (more).