Russian oligarchs say they know why Democrats and Washington journalists seized on a now-debunked conspiracy theory that a secret computer server linked Donald Trump and Alfa Bank, Russia’s largest commercial lender.
The Alfa narrative was one of the most infamous of the Trump-Russia conspiracy theories.
How was it executed? In sum, Alfa Bank’s lawyers say in court, unknown hackers created thousands of fake “pings” between the bank and the Trump Organization server housed in Pennsylvania. The concocted cyber evidence then made its way to computer scientists and journalists who publicly concluded the digital trail was absolute proof of Trump-Russian election collusion.
Stories appeared online, including in Slate.com and The New Yorker. Former British intelligence officer Christopher Steele, author of the infamous anti-Trump dossier, spread the Alfa-server tale all around Washington, as did his handler, Democratic opposition research firm Fusion GPS.
The FBI began looking at the same evidence during the election as part of its Crossfire Hurricane probe into President Trump. Agents visited the Trump server operation in Pennsylvania.
The bureau’s final determination was not known until a Justice Department’s inspector general report came out in December 2019 on FBI wiretapping. Almost as an afterthought, one of the most celebrated liberal activist theories was destroyed by a footnote — No. 259.
DOCUMENT: Alfa Bank v. John Doe
“The FBI investigated whether there were cyber links between the Trump Organization and Alfa Bank, but had concluded by early February 2017 that there were no such links,” footnote No. 259 reads.
That could have ended the Alfa saga, placing it on the shelf with other unfounded conspiracies, such as Trump lawyer Michael Cohen secretly traveled to Prague to meet with Vladimir Putin operatives and Russia funded the Trump campaign through the National Rifle Association. But Alfa’s billionaire partners — Mikhail Fridman, Petr Aven and German Khan — had spent money hiring cybersecurity firms to disprove the server story and wanted to showcase the fraud.
In June, single plaintiff Alfa Bank presented evidence in a 278-page complaint against “John Doe” in the Court of Common Pleas of Lancaster County, Pennsylvania, the Trump server’s jurisdictional home.
The Alfa pings at Mr. Trump’s domain name system (DNS) address were the fabricated digital prints of hackers, says the lawsuit naming John Doe as the “defendants.” Alfa’s aim is to use discovery — depositions of possible witnesses and their data — to out John Doe.
States the complaint: “Alfa Bank in fact engaged in no communications with the Trump Organization in 2016 or 2017 beyond the falsely generated and inauthentic DNS queries. Indeed, Alfa Bank has never had any business dealings with the Trump Organization. Three prominent U.S. cybersecurity firms have reviewed all available evidence and found nothing suggesting any intentional or covert communications directed by the Trump Organization and Alfa Bank.”
The fake queries to Alfa’s DNS tricked the server to automatically respond to the Trump Organization even though the organization had never visited Alfa and had never exchanged emails, the lawsuit says.
The hackers’ motive was to publicize the fake back-and-forth and create the illusion of a Trump-Russia conspiracy that would roil the election by pitting the Republican and Democratic parties against one another, Alfa says.
“Through this scheme, Defendants caused traffic on U.S.-based computer servers and networks and created the illusion of two-way communication between Alfa Bank and the Trump Organization,” the lawsuit states.
The Common Pleas case file is spare, except for the 278-page complaint, with exhibits.
“The lawsuit effort has just gotten underway and there’s not much to report yet,” an Alfa spokesman told The Washington Times.
The lawsuit provides examples of two back-to-back hacks that occurred in 2016 during the election and then again in 2017 as the FBI was clearing Alfa of criminal wrongdoing.
In February 2017, for example, hackers sent Alfa at least 16 “suspicious” DNS queries from an external Internet Protocol computer address to the domain name “mail.trumpemail.com.moscow.AlfaintRa.net”
States the lawsuit: “Defendants intended that these DNS queries create the impression of an exchange of communications between Alfa Bank and the Trump Organization.”
These “lookups” were nearly identical to “unverified” data published by L. Jean Camp, a computer science professor at Indiana University, Alfa says. She posted them in November 2016, three months before the “suspicious” DNS queries occurred in February.
A cyber operator who goes by the name of “Tea Leaves” had acquired at some point the DNS logs.
Ms. Camp was among a group of scientists who analyzed the data. She called for a federal investigation.
CNN reported in 2017 that Alfa attorneys sent a “Notice to Preserve Evidence” to Ms. Camp, including any correspondence with “Tea Leaves.”
“Alfa Bank is exploring all available options to protect itself from malicious or tortious interference and possible fraudulent activities that wrongfully suggest that Alfa Bank had or maintains a relationship with the Trump Organization,” the Alfa letter to Ms. Camp states. “Those options include litigation.”
Ms. Camp did not respond to messages from The Washington Times.
In March 2017, the lawsuit says, hackers resumed the operation, sending more than 20,000 requests to the same domain names. The attacks coincided with a CNN report that the FBI continued to probe the “odd” links between Alfa and Mr. Trump’s land development business.
That month, the FBI met with Daniel Jones, a former staffer for Sen. Diane Feinstein, California Democrat. Mr. Jones, who heads Penn Quarter Group, had joined forces with Fusion GPS and Mr. Steele.
Mr. Jones assembled his own group of computer scientists to look at the links that Alfa asserts are fraudulent. He took up the cause of selling the Alfa-Trump narrative, which he successfully sourced for a 2018 story in The New Yorker.
The New Yorker published a followup story in October reporting that Alfa’s attorneys, the powerhouse law firm Skadden, Arps, Slate, Meagher & Flom, has subpoenaed Ms. Camp and other computer experts.
After Russia-born U.S. resident Igor Danchenko was exposed as Mr. Steele’s main dossier source, Alfa lawyers subpoenaed him too, The New Yorker reported.
As evidence to back its claims of fake Trump-Alfa links, Alfa filed in court reports by the multinational cybersecurity firms Ankura and Mandiant Solutions. The Hillary Clinton campaign made use of the conspiracy once the story appeared in Slate.com on Oct. 31, 2016. Mrs. Clinton tweeted about the new evidence of a Russia conspiracy.
And Jake Sullivan, presumptive President-elect Joseph R. Biden’s incoming national security adviser, endorsed the Slate.com findings in an official statement.
“This secret hotline may be the key to unlocking the mystery of Trump’s ties to Russia,” Mr. Sullivan said.