You may not be familiar with unhackthevote.com, but they’ve been on the front lines of the cyber war against hacking of our voting machines. Today they are breaking a major story on yet another close tie between Trump and Russia. It’s beyond belief that our intelligence community — the NSA and the CIA — are unaware of this. Which would certainly explain why those folks have been convinced of the Trump-Russia connection from the start of the 2016 campaign, if not earlier.
Here’s the thread from Mike Farb:
BOOM!
More than 250 Trump Organization Subdomains are in Communication with Computers in Russia!!Thread.
— MikeFarb (@mikefarb1) October 31, 2017
Many of these domains have subdomains – like https://t.co/tdDBbDunou. This is a normal practice. But we found something HIGHLY unusual.
— MikeFarb (@mikefarb1) October 31, 2017
These subdomains are not open for normal web traffic. When you browse to them there is nothing there.
— MikeFarb (@mikefarb1) October 31, 2017
Our team did a traceroute on these subdomains. Checking where traffic on these networks goes.
— MikeFarb (@mikefarb1) October 31, 2017
All of these subdomains follow the same route to Moscow, then take a trip to Siberia, then finally arrive at a server in St. Petersburg. pic.twitter.com/8pR7Zxkmew
— MikeFarb (@mikefarb1) October 31, 2017
The coordinates point to the place where the earth was flattened by a meteor explosion in 1908. https://t.co/2UaA6Z1y4v pic.twitter.com/LYzx99fh0s
— MikeFarb (@mikefarb1) October 31, 2017
WTF. Why are there STILL Trump-Owned Subdomains That Can Communicate with Computers in Russia? It Gets More Interesting.
— MikeFarb (@mikefarb1) October 31, 2017
WTF!! This IP Address Goes to the Same ISP and Purported Physical Location as Two IP Addresses Used by https://t.co/bjs6ziqcbD!! pic.twitter.com/WpwCTagcuW
— MikeFarb (@mikefarb1) October 31, 2017
Here are the Details about the IP Address that the Trump subdomains pass through. pic.twitter.com/mhY7C1n5Dt
— MikeFarb (@mikefarb1) October 31, 2017
Trump network traffic includes filenames in âÂÂleetspeakâÂÂ, like https://t.co/V3iALiGSte
Nice girls at this weekend 988?
WTF?
— MikeFarb (@mikefarb1) October 31, 2017
For a detailed walkthrough, Please Read Our First Self Published Article at https://t.co/ZmyvaNiVh6
— MikeFarb (@mikefarb1) October 31, 2017
Well, I suppose this could be a big nothingburger. But I wouldn’t bet on it.
UPDATE: I’m promoting one of my own comments to the diary, because it may be pertinent.
I’m a software engineer, and you don’t create a subdomain without a good reason. One thing you can do is to use it as a blind drop that bypasses normal internet mail protocols. For example, you could set up a directory on the secret server and dump a file there (via ftp) for another party to find and read. This totally bypasses all email addresses and conventions such as POP3 or IMAP. You wouldn’t know there was communication going on unless you hacked the username/password combo of one of the server’s superusers.
And let me add that if the server is physically located next to you, you don’t even need ftp to dump data there: you just create the file on the drive itself, or plug in a thumb drive, and boom, there it is, ready to be picked up and read by the intended party. Which is why having a server in Russia looks very, very suspicious.
UPDATE 2:
And of course I should have realized this before.
When you want to set up a botnet, in order to flood Facebook or Twitter or any other social media with a bunch of comments or links to Fake News, you need thousands of accounts, and each one of those accounts will need to be hosted on server. And if you want all those thousands of bot accounts to flood the zone at the same time, you need a lot of servers. Hmmmm …
