2016 Postmortem

factfinder_77

(841 posts) Mon Oct 31, 2016, 10:38 PM Oct 2016

Just to explain, why didn’t Trump use an encrypted VPN solution to communicate with Russia.

So, when you use VPN solution, the Ip packet, has an encrypted payload, protecting its content.
But the ip header address, has to be exposed to be routed trough the US internet backbone and delivered to a Russian end ip adress.

US intelligence can easily detect any vpn usage patterns by using of the shelf software.

VPN usage is like announcing to the world that you are communicating to a third party, but the content is typically hidden and secure.

Trump and Russian operatives set up their server to masquerade its communications as legit add traffic, making it difficult to trace its origins without analyzing the DNS lookup pattern over time.

Such analysis requires manpower, as the researchers has done, directing their observations towards normally legit ip traffic, and analyzing its patterns.

Telling, they took their dns record down when exposed.

But now this capacious server handled a strangely small load of traffic, such a small load that it would be hard for a company to justify the expense and trouble it would take to maintain it. “I get more mail in a day than the server handled,” Davis says.
That wasn’t the only oddity. When the researchers pinged the server, they received error messages. They concluded that the server was set to accept only incoming communication from a very small handful of IP addresses.

...

Earlier this month, the group of computer scientists passed the logs to Paul Vixie. In the world of DNS experts, there’s no higher authority. Vixie wrote central strands of the DNS code that makes the Internet work. After studying the logs, he concluded, “The parties were communicating in a secretive fashion. The operative word is secretive. This is more akin to what criminal syndicates do if they are putting together a project.” Put differently, the logs suggested that Trump and Alfa had configured something like a digital hotline connecting the two entities, shutting out the rest of the world, and designed to obscure its own existence. Over the summer, the scientists observed the communications trail from a distance.

7 replies

= new reply since forum marked as read

Highlight:

Just to explain, why didn’t Trump use an encrypted VPN solution to communicate with Russia. (Original Post) factfinder_77 Oct 2016 OP

He could have sent the vpn through tor to hide routing Foggyhill Oct 2016 #1

Tor traffic is easliy detected by automated statistical analysis using CapLoader and alike.. factfinder_77 Oct 2016 #3

+1, "Telling, they took their dns record down when exposed" but that record is saved IINM... uponit7771 Oct 2016 #2

it looked like “the knee was hit in Moscow, the leg kicked in New York.” factfinder_77 Oct 2016 #4

Perhaps they did. But that cannot mask the DNS metadata. Coyotl Oct 2016 #5

Most likely they used a scripted tool like Dig factfinder_77 Oct 2016 #6

Interesting. anamandujano Oct 2016 #7

Foggyhill

(1,060 posts)

1. He could have sent the vpn through tor to hide routing

Reply to factfinder_77 (Original post)

Mon Oct 31, 2016, 10:43 PM

Oct 2016

But even that can be compromised though it's harder

Another way is going through proxies in non us friendly nations like say Venezuela

factfinder_77

(841 posts)

3. Tor traffic is easliy detected by automated statistical analysis using CapLoader and alike..

Reply to Foggyhill (Reply #1)

Mon Oct 31, 2016, 10:55 PM

Oct 2016

and vpn proxychains are exposed.

uponit7771

(90,335 posts)

2. +1, "Telling, they took their dns record down when exposed" but that record is saved IINM...

Reply to factfinder_77 (Original post)

Mon Oct 31, 2016, 10:46 PM

Oct 2016

... they'res not a lot of hidden it now.

Fuck em, that's a lot of evidence right there

factfinder_77

(841 posts)

4. it looked like “the knee was hit in Moscow, the leg kicked in New York.”

Reply to uponit7771 (Reply #2)

Mon Oct 31, 2016, 11:00 PM

Oct 2016

The Times hadn’t yet been in touch with the Trump campaign—Lichtblau spoke with the campaign a week later—but shortly after it reached out to Alfa, the Trump domain name in question seemed to suddenly stop working. When the scientists looked up the host, the DNS server returned a fail message, evidence that it no longer functioned. Or as it is technically diagnosed, it had “SERVFAILed.” (On the timeline above, this is the moment at the end of the chronology when the traffic abruptly spikes, as servers frantically attempt to resend rejected messages.) The computer scientists believe there was one logical conclusion to be drawn: The Trump Organization shut down the server after Alfa was told that the Times might expose the connection. Weaver told me the Trump domain was “very sloppily removed.” Or as another of the researchers put it, it looked like “the knee was hit in Moscow, the leg kicked in New York.”

Coyotl

(15,262 posts)

5. Perhaps they did. But that cannot mask the DNS metadata.

Reply to factfinder_77 (Original post)

Mon Oct 31, 2016, 11:20 PM

Oct 2016

Imagine the effort required to find the Trump domain name amidst all the web traffic, quite a feat. I've had up to 2.15 million hits a month on my small domain and my log files are multiple MBs per day, hundreds of pages of simple text in MS Word. Someone has some massive computing capability to pull this off, to search out those logs. Impressive feat!

factfinder_77

(841 posts)

6. Most likely they used a scripted tool like Dig

Reply to Coyotl (Reply #5)

Mon Oct 31, 2016, 11:29 PM

Oct 2016

http://www.2daygeek.com/dig-command-examples-to-check-dns-records/#

anamandujano

(7,004 posts)

7. Interesting.

Reply to factfinder_77 (Original post)

Mon Oct 31, 2016, 11:35 PM

Oct 2016

Reply to this discussion