Some Network Data



The first round of letters
Alfa Bank Threat Letter
Jean Response

The second round of letters
Alfa Bank Second Letter
Second Legal Response

Here for a special engagement is data that consists of DNS look-ups and public information about Trump email server and Alfa bank. I believe it indicates a nexus of communication worthy of further investigation. It also appears to be human interaction, based on timing.

Initial Text Files

Text Files
Here are data files for you to examine. DNS Lookups For mail1.trump
Log Of DNS Lookups For mail1.trump email
PTR Contains Trump
Trump And Mail MTA Relay Etc
Trump Domains Registered
Trump Owned And Mail System
Trump Owned And Mail Systems WHOIS


Five Months of Text Files



Secret Connection?

Here is an explanation of the use of the word secret.
Here is an explanation of the use of the word connection.
I hope these prove clarifying.


Here is a partial graph of the data.

Ethical Considerations

It is almost always reasonable to demand that someone explain their underlying decision process when making a decision that effects another.
In this case, the first task was to look for anomalies. Given the reports of Russian engagement in the election looking at the interaction between campaign sites and Russia seems unquestionably ethical.
However, once these data are found what then? I am generally a fan of risk-based disclosure. What is the potential harm of the data? What is the value of transparency? If the servers were infected in any way, then the disclosure to the vendor resolved the issue. If not, and this was purposeful communication, then the ethical challenge becomes difficult. In general, researchers are responsible NOT to identify criminal activity unless a person is at risk (e.g., child abuse must be reported, substance abuse cannot). In contrast, network operators are responsible specifically TO identify criminal and malicious activity. In security, disclosure is the default. In medicine, disclosure is the anomaly. The law is clear. Decisions are primarily driven by contractual considerations. Individual responsibility is less clear.
The malware members decided that the release by Trump of either server data or financial/tax data could mitigate any concerns and be very much in line with democratic processes. When I initially saw this, it was September, and there was not the October surprise issue there is now.
In summary, this release is ethical based on these standards: 1) The data were collected during normal networks operations, this was not a targeted hostile search nor research. 2) Any people I brought in this discussion were given full context and all the relevant data. 3) Any harm by the release could be easily mitigated by the party at potential risk through their own disclosure. 4) None of the data were in any way classified nor secret. And, finally, 5) there is a value to openness and to the disclosure. In this case, not disclosing would be to self-censor.
Since the article by Sam Biddle, and comments by Chris on twitter, I decided that being closed about the data but disclosing opinions is the worst possible outcome. So I posted the data to ensure that 2) remains true and am putting this together to produce all I have. So here it is.