Unanswered Questions on #TrumpRussia

In classified sessions in August and September 2016, intelligence officials briefed congressional leaders on the possibility of financial ties between Russians and people connected to Mr. Trump. They focused particular attention on what cyber experts said appeared to be a mysterious computer back channel between the Trump Organization and the Alfa Bank, one of Russia’s biggest banks.

FBI officials spent weeks examining computer data showing an odd stream of activity to a Trump Organization server and Alfa Bank. Computer logs obtained by The New York Times showed that two servers at Alfa Bank sent more than 2,700 ‘look up’ messages – a first step for one system’s computers to talk to another – to a Trump-connected server beginning in the spring. But the FBI ultimately concluded that there could be an innocuous explanation, like a marketing email or spam, for the computer contacts.AB


I’ve been following the ongoing Trump-Russia saga like the rest of you. Who knows what’s true and what isn’t? There are plenty of unanswered questions and we have to trust that our system will find those answers. The Mooch has even been quoting an apt remark from the latest Game of Thrones:



Now, whilst that was picked up by the Twitterati fairly quickly, something that has seemingly escaped people’s attention has been this quote from the Guardian website:

Explosive allegations about Donald Trump made by online writers with large followings among Trump critics were based on bogus information from a hoaxer who falsely claimed to work in law enforcement.


 It confirms that a lot of the stuff Mensch has faithfully regurgitated simply isn’t true. That’s not to say she’s not trying to help by exposing what’s going on, just that she isn’t actually helping or finding the actual facts. Maybe the ‘Orange One’ is right when he talks about Fake News? God help us all. Mensch’s biggest scoop of was about the supposed granting of FISA warrants against Russian Alfa Bank and Silicon Valley Bank.


On her Patribotics blog exposing Putin’s War on Mensch goes further. Working with @TeaPainUSA she professes that Alfa Bank was part of a vast, Russia-led, data-laundering conspiracy – using voter information to target the elections.


“Sources with links to the intelligence community have now confirmed that this theory is accurate, and I am therefore upgrading this story from my theory to a factual report”, says Mensch. Are these the same rusted sources that we now know were hoaxers?


Mensch was previously exposed as pushing fake news which impacted an innocent Florida businessman.


New York Times Editor Dean Baquet’s team noted that the so-called Trump Tower server story was not substantiated by the evidence. Two individuals with knowledge of the matter said Baquet was initially hot on the server story, but as the national security team dug into it, they threw up red flags, advising Baquet that their reporting didn’t support a definitive link.



Even Mensch’s original ‘scoop’, about the FISA warrants, has now been pulled from Heat Street where it first appeared.



Read on to discover the truth

How the whole thing began

‘Tea Leaves’ with the help of Prof. L Jean Camp released the DNS logs leading to the Trump/Alfa Bank Story. It was covered by Slate, tweeted by Hillary, debunked by The Intercept and then covered again by Slate – backpedalling on the key elements of the story. Turns out the server isn’t even used by Trump, it belonged to a marketing agency called Cendyn. Also turns out another company – Spectrum Health – was also looking up the mysterious server. Suddenly a lot of the original story doesn’t make sense, something seemingly ignored by most of the mainstream media news.





Now it doesn’t matter what politics you follow. Pro or Anti Trump. What really matters in these spiralling conspiracies is the truth and the facts.


 “The computer scientists’ allegations last fall became so widespread — eventually appearing in media reports from Slate, CNN and The New York Times — that the FBI briefly investigated them. Agents concluded there was no evidence from the pings of a nefarious relationship, and that they probably were the result of routine computer behavior.”


Well, fellow chaner CryptonMaximus proved that Jean Camp and a guy called Tim Kelly knew how to spoof DNS traffic. They referenced a BlackHat presentation that showed that and both of them wrote a paper about spoofing traffic.



After the story had broken Mandiant, owned by FireEye one of the “world’s leading cyber experts”, also investigated the link between Alfa Bank and Trump, based on the DNS logs. They failed to find any link between Donald Trump and Alfa Bank.


FireEye? Where have I heard that name before? Oh yeh – they were the same company that ORIGINALLY REPORTED the Russian hacking of the election. They also reported to the Senate investigation about the activity.

FireEye CEO Kevin Mandia testified before the Senate Intelligence Committee regarding Russian active measures behind the U.S. elections in the fall of 2016. Mr. Mandia was requested to testify because of his decades-long experience working in cybersecurity. This includes his service in the U.S. Air Force and the Pentagon; his role as the founder of Mandiant, a leader in responding to computer intrusions and cyber threats; and most recently his work as CEO of FireEye, which has done extensive tracking of Russian cyber activity.



So, the same company that found the problem says that there’s not a connection with the Russian bank? I’m inclined to believe them. Out of anyone, they would have the most to gain from being able to prove further links! #WhoisTeaLeaves?

Rob Graham of Errata Security produced some comprehensive research completely debunking the Trump/Alfa Bank secret server. Essentially it turns out it would be trivial to have faked the whole thing.


One of the best articles I read that debunked the whole story was by a blogger called Weaponized Autism, his stuff got deleted, but you can still read it here https://archive.is/rrY44. He also flagged April Lorenzen as someone who could be Tea Leaves.


WhoisTeaLeaves? Just who is this person that apparently knows all this stuff? Who is the person who had so much influence but remains hidden??

Access to people’s DNS data is highly privileged and is usually independently examined for academic purposes and cyber security research. Therefore, the examination and sharing of DNS data by the people involved in these fraudulent activities brings into question whether this data was acquired lawfully and whether it was ethical to misuse privileged access in order to manufacture a deceit.


Putting aside how little there actually is to read in these ‘tea leaves’, the information we reviewed was filled with inconsistencies and vagaries. The Intercept (and other outlets) were presented with three documents: an academia-style white paper about the server, an analysis of that white paper, and a sprawling dossier on Alfa Bank. The author of the analysis paper refused to comment on the record or allow his name to be published. Both ‘Tea Leaves’ and the analysis author said they did not know who wrote the other documents, and would not say how they obtained them.

Tea Leaves himself told The Intercept that he had to keep his identity and methods secret because I run a cybersecurity company and I do not want DDOS and never have we been DDOS, nor do I want other attention.

Himself? So, it’s a guy. That rules Camp and April Lorenzen out.


Professor Jean Camp from the Indiana university who kicked off the whole Trump Alfa Bank saga, by publishing what she believed to be DNS logs, that were acquired via an anon source? This has quite obviously lead to some legal shenanigans raising both the questions

1) Who gave them to her


2) Legal ramifications of publishing confidential data.

I noted that Professor Camp has managed to publish every correspondence she has with big law firm Kirkland and Ellis apart from one letter dated 21 June 2017. Whilst digging around I found reference to this letter on reddit.com from early August but couldn’t find any mention of it anywhere else no one seemed to have picked up on it, the post linked to a 4chan post (now gone) which gave the link to the letter at:


Why has she not published this letter?? It asks whether Camp has had any communication with internet researcher Randy Bush? Could he be Tea Leaves? It would explain why Camp didn’t publish it!


It also asks about the format of the DNS logs she had. Does that mean they were faked by Tea Leaves?

It also mentions Timothy Kelly, an individual previously thought to be Tea Leaves. Kelly was noted to have worked on a research paper on spoofing communications between individuals, including DNS. He also used the email address t34k3ttl3@gmail.com (Tea Kettle) which is similar to Tea Leaves.

Camp said “When they say something about DNS, you believe them. This person has technical authority and access to data.” – So where can you find people who may have access to such ‘confidential data’ and be so special? The ‘internet hall of fame’ is a good starting point perhaps.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s