Some Network Data



The first round of letters
Alfa Bank Threat Letter
Jean Response

The second round of letters
Alfa Bank Second Letter
Second Legal Response

After these letters Alfa Bank sent a third letter, which asked, ..we should be most grateful if you would provide specific answers to the following questions:. The only answer would have been an unequivocal refusal. As we did not answer privately, I did not post publicly until now. I thought this might be the end of the matter. In case there is confusion, my answer is, No.

Some more letters
EFF Opposes Alfa Bank
Court Agrees with EFF
Next Court Disagrees with first court and with EFF

And here is where, thirteen days short of five years after the first letter, Alfa Bank surrenders
Alfa Bank finally gives up

However, at the same time Alfa Bank was sending the letter above, they also were pursuing a public records request with Indiana University. Please note that Indiana University does not have access to all the email accounts they request. The other parties in this letter come not from any investigations or factual requests, but rather from unsubstantiated assertions by people with zero knowledge of matter. As far as I can tell, Alfa Bank selected these names from random stangers on Twitter and Reddit. Here is the Alfa FOIA request

This was an ongoing investigation within Alfa Bank according to Alfa Bank. They are requested data and assistance. It is true that there was inconsistent self-contradictory documentation of a facile investigation. The letters above clearly state that the Alfa Bank investigation is continuing.

Here for a special engagement is data that consists of DNS look-ups and public information about Trump email server and Alfa bank. I believe it indicates a nexus of communication worthy of further investigation. It also appears to be human interaction, based on timing.

Initial Text Files

Text Files
Here are data files for you to examine. DNS Lookups For mail1.trump
Log Of DNS Lookups For mail1.trump email
PTR Contains Trump
Trump And Mail MTA Relay Etc
Trump Domains Registered
Trump Owned And Mail System
Trump Owned And Mail Systems WHOIS


Five Months of Text Files



Secret Connection?

Here is an explanation of the use of the word secret.
Here is an explanation of the use of the word connection.
I hope these prove clarifying.
This sentence is my warrant canary.


Here is a partial graph of the data.

Ethical Considerations

It is almost always reasonable to demand that someone who has made a decision that affects another explain their underlying decision process. Since an article by Sam Biddle, and comments by Chris on twitter, I decided that being closed about the data but disclosing opinions is the worst possible outcome. So I posted the data after the first discussions in October. There has since then been no reason to remove it.
In this case, the first task was to look for anomalies. Given the reports of Russian engagement in the election looking at the interaction between campaign sites and Russia is unquestionably ethical. (The decision by the majority of journalists to refuse to report on this connection until after the election should also be evaluated and explained by those journalists.)
However, once these data are found, what then? I am generally a fan of risk-based disclosure. What is the potential harm of the data? What is the value of transparency? If the servers were infected in any way, then the disclosure (one that inherently includes the vendor) resolved the issue. If not, and this was purposeful communication, then the ethical challenge becomes difficult. In general, researchers are responsible NOT to identify criminal activity unless a person is at risk (e.g., child abuse must be reported, substance abuse cannot). In contrast, network operators are responsible specifically TO identify criminal and malicious activity. In security, disclosure is the default. In medicine, disclosure is the anomaly. The law is clear. Decisions are primarily driven by contractual considerations. Individual responsibility is less clear.
The release by Trump of either server data or financial/tax data could mitigate any concerns and be very much in line with democratic processes. When I initially saw this, it was September, and there was not the October surprise issue there was at initial publication. Since the election there has been a consistent concern.
In summary, this release is ethical based on these standards: 1) The data were collected during normal network operations, this was not a targeted hostile search nor research. 2) Any people I brought in this discussion were given full context and all the data in my possession. 3) Any harm by the release could be easily mitigated by the party at potential risk. 4) None of the data were in any way classified nor secret. And, finally, 5) there is a value to openness and to the disclosure. In this case, not disclosing would be to self-censor.
Since that time I have been under non-trivial pressure to self-censor. Thus, it is critical that these data remain available.