0% found this document useful (0 votes)
26K views3 pagesAlfa Bank Opening Electronic Communication - 052122
Alfa Bank Opening Electronic Communication
Uploaded by
Washington ExaminerCopyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
0% found this document useful (0 votes)
26K views3 pagesAlfa Bank Opening Electronic Communication - 052122
Alfa Bank Opening Electronic Communication
Uploaded by
Washington ExaminerCopyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
No, 1:21-¢r.00582-0RC (0.0.6)
Details
mE on or about Septerber 19, 2016, FSI received a referzal of
informatres from the US DEPARTMENT OF JUSTICE, detailing an unusually
configured exail server in Pennsylvania belonging to the TRUMP
ORGANIZATION. In that referral, the DEPARIMENT OF JUSTICE provided the
FAI with a whitepaper that was produced by an anonymous third party.
According to the whitepaper, a U.S.-based server that is ouned by the
TRUMP ORGANIZATION has been communicating with the Russian-based ALFA
BANK organization in Moscow, Ruseia. The third party identified that
some of the communications were utilizing a TOR node, which is a means
of obfuscating a user's true network location on the Internet. The TOR
node was identified at an organization called SPSCTRM HEALTA, Located
in the State of Michigan. Additionally, the servers are reportedly
configured for direct and exclusive comminication between the TU
ORGANIZATION and the ALFA BANK entity. Additional details from the
predicating report are listed as follows:
= on approximately culy 28, 2016, a lockup in global ONS
recNPNMMES nique hoataanes containing "mail," "antp," "relay," oF
cmta™ that were registered to the TRUMP ORGANIZATION. A compaterized
land manual scan revealed anonaloys data on one the the domains:
alll .[Link] [TP address [Link]]. hn open source WHO:
Lookup confismed that the parent domain for
registered to the TRUMP ORGANIZATION,
= In the 90 day perlod May 4, 2016 to September 4 2016, only
1g Gntermal IP addzesses conducted an A Record search for
[Link], a much sraller
expected in normal traffic. Of the 19 IP addresses, the vast majority
of the lookups cane from the sane three IP addresses: [Link]
(ALFA BANK), [Link] [ALFA BANK], [Link] [SPECTRUM HEALTH)
‘The SPECTRUM HEALTH IP addeese has been identified as a TOR exit node
that is used exclusively by the Russian ALFA BANK entity. Notably, the
majority of the lockups for this mail server by ALFA BANK were not for
ill .[Link] is
number of IP addresses than
the HX [mail record], indicating that the server was set up to
