CNN report says alfabank now says it got hacked

Status
Not open for further replies.
J

jellies_two

Member
http://cnn.it/2mYL5c4

Edit: my bad this story is a nothing . Alfabank are whining about new traffic trying to frame it. They evidently are not saying anything about old traffic.

I need reading comprehension leasons clearly

-------

Old hysterical post below

If you've no idea what alfabank is, it's a trump conspiracy theory that there was trump Russia computer contact prior to the election, google dailykos dsko alfabank and check over several articles on it, they are the most in depth.

This is pretty big development. The original innocent explanatiion swallowed too quickly by many techies in press reports is shown to be a covering lie or at least unsupported by evidence. Alfabank is now saying that the traffic noticed from a server in PA associated with trump empire is because it "got hacked".

All along the idea that these dns lookups were some function of marketing spam never made much sense. Especially as nobody came up with any example spam that would explain it.

Alfabank also never reported at the time it was hacked, leaving the covering stories to sit despite allegedly hiring an outside group to look at the evidence.

It seems strange that someone would run a constant effort to fake dns queries in various ways for six months hoping they would be picked up by a dns provider, and dumped to the net. It would be easier to just dump fake dns records in the first place. This story just gets stranger.

(A lot of discussion has associated with the amount of dns lookups being correlated with news and so on but since in the data is an *exact* periodicity of 61 minutes and the trump email dns record had a dns TTL of 3600 seconds it is obvious that the dns traffic is just the top of an iceberg of much more intensive contact of some kind. The OS would cache dns resolution for an hour so nobody can say anything about what happened in between each dns request.)
 
In a statement, Alfa Bank said "the cyberattacks are an attempt by unknown parties to manufacture the illusion of contact" between Alfa Bank and the Trump Organization.
Click to expand...
LOL
What kind of a hacker would sit and do this. I'm curious.
 
It's the old "I didn't do it I was hacked excuse".

The investigation must be getting closer for the Russian BS squad to have to resort to that one.

RustyNails said:
LOL
What kind of a hacker would sit and do this. I'm curious.
Click to expand...

The kind that's trying to frame American IC, which makes no sense but Trumpsters will buy it.
 
RustyNails said:
LOL
What kind of a hacker would sit and do this. I'm curious.
Click to expand...

Surely if a hacker could do this there would be something much more worthwhile to hack to hurt Trump?

I know nothing about hacking and stuff but wasn't Trump's server specifically set up to only communicate with Alfa bank and someone else?
 
Seriously? Can't come up with anything other than Alfa Bank said "the cyberattacks are an attempt by unknown parties to manufacture the illusion of contact" between Alfa Bank and the Trump Organization.???
 
KernelPanic said:
The kind that's trying to frame American IC, which makes no sense but Trumpsters will buy it.
Click to expand...
GameAddict411 said:
Probably had some banking connections, and they want to seem innocent when the next Trump scandal hits.
Click to expand...
Just seems far fetched AND dumb for a hacker. "hmm, I'll hack into Trump organization, and then send packets from their ip to Alfabank in the off chance it gets reported. But I'm just sending pings, no super secret communication so in the case it gets uncovered, my whole dastardly ploy will simply get brushed aside"
 
jellies_two said:
A lot of discussion has associated with the amount of dns lookups being correlated with news and so on but since in the data is an *exact* periodicity of 61 minutes and the trump email dns record had a dns TTL of 3600 seconds it is obvious that the dns traffic is just the top of an iceberg of much more intensive contact of some kind.
Click to expand...

DNS tunneling is the best theory I read. I haven't read anything on the payload of those DNS packets though
 
RustyNails said:
Just seems far fetched AND dumb for a hacker. "hmm, I'll hack into Trump organization, and then send packets from their ip to Alfabank in the off chance it gets reported. But I'm just sending pings, no super secret communication so in the case it gets uncovered, my whole dastardly ploy will simply get brushed aside"
Click to expand...

Yeah this is what I don't get
Setup this spoof and leave it running all year hoping that someone in charge of a dns server notices and dumps it? What the hell?

Or if you work at the dns server - why spoof. Just make up the data and dump it.

The data dump was done by someone who has remained anonymous. Nobody knows - perhaps the FBI does now - where it originated.
 
I always thought the original Alfabank story was brushed aside too quickly back in October when it was first reported.

Oh, there's a server in Trump Tower and registered to the Trump Organization that keeps suspiciously pinging a Russian bank? Nothing to see here folks!

And yet Alfabank keeps popping up.
 
Sure Jan.

So the real explanation is a bizarre hack that just looks like a weird link to Trump.


Mmmhmm.


FBI already knows what happened so if this is a cover story, it'll actually just confirm shenanigans. And if it's real well then it's literally insane.
 
KernelPanic said:
DNS tunneling is the best theory I read. I haven't read anything on the payload of those DNS packets though
Click to expand...

You can pass data over dns but why bother
The servers could be exchanging data constantly nobody is tapping them nobody was watching them.

The period between lookups had a heart beat of 61 minutes exactly. This is exactly what you'd expect if the OS dns cache expired it's entry at 3600 seconds and there is something that was lookup up the address up every minute.

I hope the FBI has a lot more information that has been made public in which case they can make a lot more progress on what this was. Everyone else is only seeing a distant echo of strange inexplicable things.
 
Syncytia said:
Surely if a hacker could do this there would be something much more worthwhile to hack to hurt Trump?

I know nothing about hacking and stuff but wasn't Trump's server specifically set up to only communicate with Alfa bank and someone else?
Click to expand...

Exactly. A hacker who can break into Trump Org network wouldn't do silly bullshit like this.

Slate uncovered this story late in the election, and they quoted a cybersecurity expert too. But their report got brushed aside because people don't understand tech stuff.
In late spring, this community of malware hunters placed itself in a high state of alarm. Word arrived that Russian hackers had infiltrated the servers of the Democratic National Committee, an attack persuasively detailed by the respected cybersecurity firm CrowdStrike. The computer scientists posited a logical hypothesis, which they set out to rigorously test: If the Russians were worming their way into the DNC, they might very well be attacking other entities central to the presidential campaign, including Donald Trump's many servers. "We wanted to help defend both campaigns, because we wanted to preserve the integrity of the election," says one of the academics, who works at a university that asked him not to speak with reporters because of the sensitive nature of his work.
Click to expand...
In late July, one of these scientists—who asked to be referred to as Tea Leaves, a pseudonym that would protect his relationship with the networks and banks that employ him to sift their data—found what looked like malware emanating from Russia. The destination domain had Trump in its name, which of course attracted Tea Leaves' attention. But his discovery of the data was pure happenstance—a surprising needle in a large haystack of DNS lookups on his screen. "I have an outlier here that connects to Russia in a strange way," he wrote in his notes. He couldn't quite figure it out at first. But what he saw was a bank in Moscow that kept irregularly pinging a server registered to the Trump Organization on Fifth Avenue.

More data was needed, so he began carefully keeping logs of the Trump server's DNS activity. As he collected the logs, he would circulate them in periodic batches to colleagues in the cybersecurity world. Six of them began scrutinizing them for clues.
Click to expand...
Skipping ahead
The researchers quickly dismissed their initial fear that the logs represented a malware attack. The communication wasn't the work of bots. The irregular pattern of server lookups actually resembled the pattern of human conversation—conversations that began during office hours in New York and continued during office hours in Moscow. It dawned on the researchers that this wasn't an attack, but a sustained relationship between a server registered to the Trump Organization and two servers registered to an entity called Alfa Bank.
Click to expand...
Earlier this month, the group of computer scientists passed the logs to Paul Vixie. In the world of DNS experts, there's no higher authority. Vixie wrote central strands of the DNS code that makes the internet work. After studying the logs, he concluded, "The parties were communicating in a secretive fashion. The operative word is secretive. This is more akin to what criminal syndicates do if they are putting together a project." Put differently, the logs suggested that Trump and Alfa had configured something like a digital hotline connecting the two entities, shutting out the rest of the world, and designed to obscure its own existence. Over the summer, the scientists observed the communications trail from a distance.
Click to expand...
Unbelievable.
 
royalan said:
I always thought the original Alfabank story was brushed aside too quickly back in October when it was first reported.

Oh, there's a server in Trump Tower and registered to the Trump Organization that keeps suspiciously pinging a Russian bank? Nothing to see here folks!

And yet Alfabank keeps popping up.
Click to expand...

It wasn't in trump tower it was a box in PA physically owned by cendyn and supposedly used for marketing purposes. To some extent the spam email explanations had some traction as well as the plausible distance from trump inc, but the spam email explanations fall to pieces under closer inspection. The quantity of contact and the speciic nature of trump -- Alfabank (when nobody else with dns records could find similar lookups from other companies) put a lie to them, to say nothing of the total lack of any supporting evidence like : "here is our marketing email log you can see it got blasted to everyone alfabank included".

The new we got spoofed explanation is so weird. I am still trying to see it from the angle of someone trying to discredit trump. It's such a long game. Alfabank wasn't even widely known to be putin linked until more recently. Why pick alfabank 9 months ago? Why run the spoof for a year? Why make the data match the DNS TTL? How does the scammer " in Starbucks" know the dns provider would notice? Why did Alfabank sign onto the original innocent explanations if there was no marketing emails?
 
Alfabank has Carlos Danger on staff as a consultant, apparently. GOAT king of "I was hacked."
Ac30 said:
Well shit, is that gonna stand up to legal scrutiny?
Click to expand...
States can set some of their own eligibility requirements for ballots, so it's at least possible.
 
jellies_two said:
You can pass data over dns but why bother
The servers could be exchanging data constantly nobody is tapping them nobody was watching them.

The period between lookups had a heart beat of 61 minutes exactly. This is exactly what you'd expect if the OS dns cache expired it's entry at 3600 seconds and there is something that was lookup up the address up every minute.
Click to expand...

Well they picked up this traffic so someone was watching. Who knows if they got a packet capture of some of it.

Given the BS excuse someone is hiding something.
 
aspiegamer said:
Alfabank has Carlos Danger on staff as a consultant, apparently. GOAT king of "I was hacked."States can set some of their own eligibility requirements for ballots, so it's at least possible.
Click to expand...

WEINER>??!?!?! AGAIN?!?!??!!

He can't keep getting away with this!!!

Seriously - Russia probably has dirt on him and will eventually plant evidence on him to make him the scapegoat.
 
RustyNails said:
Exactly. A hacker who can break into Trump Org network wouldn't do silly bullshit like this.

Slate uncovered this story late in the election, and they quoted a cybersecurity expert too. But their report got brushed aside because people don't understand tech stuff.


Skipping ahead


Unbelievable.
Click to expand...

I swear if this ends up bearing fruit, one movie wouldn't be enough.
 
Wait, isn't the article saying that AlfaBank is only blaming hacking/spoofing for recent appearences of contact, not the original contact before the election? That at least seems plausible. I know Trump and his associates keep proving more incompetent by the minute, but it seems hard to believe that they would keep using a covert communications channel after it was reported by the NY Times.
 
PantherLotus said:
This is a good sign that we're getting close to something major breaking.
Click to expand...

Am I misunderstanding, or is this Alfa panicking/covering tracks? And if so, why now? They expecting an announcement? because if they are, then it was leaked to them. By whom?

I feel like I went one step too far here.
 
Funkyhamster said:
Wait, isn't the article saying that AlfaBank is only blaming hacking/spoofing for recent appearences of contact, not the original contact before the election? That at least seems plausible. I know Trump and his associates keep proving more incompetent by the minute, but it seems hard to believe that they would keep using a covert communications channel after it was reported by the NY Times.
Click to expand...

If that's the case i feel silly for making the topic. Who cares what is happening now it's all about the old contact.

Going back to reread the article , shit.
 
Yes you guys are right the story is a NOTHING

They are complaining about new spoofed traffic... the CNN Breaking and headline got me.

Old traffic remains just as weird to me at least.

This doesn't really add anything to it though.
 
jellies_two said:
If that's the case i feel silly for making the topic. Who cares what is happening now it's all about the old contact.

Going back to reread the article , shit.
Click to expand...

If it makes you feel any better, the article does mention that AlfaBank is claiming that the original contact was the result of an elaborate hoax, and it sounds like that explanation is much less convincing.

It is sort of a confusing article in general. It tries to separate its commentary about the old and new contact, but doesn't do a great job.
 
jellies_two said:
Yes you guys are right the story is a NOTHING

They are complaining about new spoofed traffic... the CNN Breaking and headline got me.

Old traffic remains just as weird to me at least.

This doesn't really add anything to it though.
Click to expand...

But what was the communication before the election. Here they are claiming the hackers essentially got the Trump server to send packets to Alfa bank. Do we know whether or not Alfa Bank was sending anything back to Trumps server last year?
 
Funkyhamster said:
Wait, isn't the article saying that AlfaBank is only blaming hacking/spoofing for recent appearences of contact, not the original contact before the election? That at least seems plausible. I know Trump and his associates keep proving more incompetent by the minute, but it seems hard to believe that they would keep using a covert communications channel after it was reported by the NY Times.
Click to expand...

Lets say I'm a Russian bank that is being used as a smokescreen to hide illegal communications between the Russian government and the Trump campaign.

And months after all the shit goes down it looks like the American IC is getting close to discovering the rouse.

What do I do? I come up with a plausible scenario now that I can retroactively use as an explanation then.

I mean, this actually could turn out to be unrelated, but I remain skeptical because IF Alfabank were to attempt to cover their ass this would be the PERFECT way to do it.
 
jellies_two said:
Yes you guys are right the story is a NOTHING

They are complaining about new spoofed traffic... the CNN Breaking and headline got me.

Old traffic remains just as weird to me at least.

This doesn't really add anything to it though.
Click to expand...

It's still important because it shows that the original traffic wasn't benign. They got a FISA warrant for it.

The "attacks" on their servers could be US IC trying to collect evidence or intelligence so they twist it around that they are being framed.

Snowden gave Russia USA capabilities so they had every motive to disguise communication between Trump and Russia.

If Putin just sent an email to Trump, NSA would get a copy instantly.
 
royalan said:
Lets say I'm a Russian bank that is being used a smokescreen to hide illegal communications between the Russian government and the Trump campaign.

And months after all the shit goes down it looks like the American IC is getting close to discovering the rouse.

What do I do? I come up with a plausible scenario now that I can retroactively use as an explanation then.

I mean, this actually could turn out to be unrelated, but I remain skeptical because IF Alfabank were to attempt to cover their ass this would be the PERFECT way to do it.
Click to expand...

Yeah, this is definitely possible. But it also could be a random tech-savvy person with too much free time. In any case, the pre-election contact still seems sketchy, and the post-election contact is probably not legitimate communication between Trump and Russia, whether it's a troll or a false flag.
 
RustyNails said:
Exactly. A hacker who can break into Trump Org network wouldn't do silly bullshit like this.

Slate uncovered this story late in the election, and they quoted a cybersecurity expert too. But their report got brushed aside because people don't understand tech stuff.


Skipping ahead


Unbelievable.
Click to expand...


I don't know a great deal about tech, but I get the gist of this. The fact that the bank is claiming this hack is an attempt to frame them is a pretty big fucking red flag if you ask me.

I wonder if any of this has to do with the Secret Service laptop being stolen. I don't really see any connection there, but it is curious timing.
 
Extollere said:
I don't know a great deal about tech, but I get the gist of this. The fact that the bank is claiming this hack is an attempt to frame them is a pretty big fucking red flag if you ask me.

I wonder if any of this has to do with the Secret Service laptop being stolen. I don't really see any connection there, but it is curious timing.
Click to expand...


How about the fact that after the Times reported the story, the traffic immediately ground to a halt and a clumsy and hurried domain change occured?

or that Alfabank has now offered three conflicting explanations, each more detailed than the last? Five if you count the two equally ludicrous explanations from Trump's folks.

Or that a Trump speechwriter was on Alfa's board?

Or that Alfa itself is considered a "clean" tool of the Russian economy and allowed unusual latitude by Putin, personally?



Comey, get this cracked open soon, before the orange bawbag distracts us with a North Korea war.
 
Stinkles said:
Am I misunderstanding, or is this Alfa panicking/covering tracks? And if so, why now? They expecting an announcement? because if they are, then it was leaked to them. By whom?

I feel like I went one step too far here.
Click to expand...

This looks to me like leadership at the bank is aware they're under investigation by the IC -- probably via contact with people there at the org -- they know they're fucked, and this is a longshot explanation before the bank goes down.

I'm just speculating but the 'why now?' is the key question. We just learned a week ago that the IC was looking closer at that server at Trump Tower that kept getting regular pings (deposits) from Alfabank. This looks like a desperate panic move.

==

edit: saw OP update too, what stinkles said vv
 
kzWtOtg.jpg


Don't forget husband of Betsy deVos also implicated in this too(his server there too).
 
Status
Not open for further replies.

Similar threads

Breaking: US Treasury says it was hacked by China
2
75
4K
Lord Panda replied
Just how popular would you say Dick Tracy got?
34
1K
MrCunningham replied
Dragon Ball will continue for decades, says producer
News  2
76
3K
NahaNago replied
Intelbroker now claims it hacked Apple
Business 
1
1K
T8SC replied
Sony CEO Insists ‘Madame Web’, "Kraven" Aren’t “Terrible” and Says the “Press Just Crucified It”
News 
39
2K
nush replied
Top Bottom