This isn’t a cut-and-dry situation. Foer sets the scene in the following manner: The first server was registered to the Trump Organization in 2009 to send out mass emails and other marketing materials for Trump-branded products. Cybersecurity experts investigating the hack of the Democratic National Committee earlier this year started tracking the server when one researcher spotted what appeared to be malware traveling from Russia to a domain with Trump in its name. At this point, the server was no longer used for marketing campaigns. In fact, it handled an oddly tiny amount of traffic.
What’s more, the researchers received error messages when they attempted to ping the Trump-Email.com server. They concluded that it was established to accept messages from a small number of IP addresses, and 87 percent of the DNS lookups involved the Alfa Bank servers, Slate reports.
When researchers plotted the log data on a timeline, they found that it spiked during hot moments of the US presidential election. DNS lookups jumped during the Democratic and Republican national conventions, for example.
Nine experts who reviewed the server logs for Slate said that the data would be nearly impossible to fake, since it included thousands of records with nuances too advanced for even skilled programmers to reproduce.
Foer’s report continues as follows: The Trump-Email.com domain stopped functioning on September 23rd, shortly after The New York Times reached out to Alfa Bank about the situation. On September 27th, the Trump Organization established a new host name, trump1.contact-client.com, which communicated with that very same server through a new route. The first attempt to look up the new host name came from Alfa Bank. The only way Alfa Bank could have learned the new host name would be through direct contact with whoever changed it, experts said.
“That party had to have some kind of outbound message through SMS, phone, or some non-internet channel they used to communicate [the new configuration],” Vixie told Slate.
In a statement sent to Slate, Alfa Bank denied that it had ever been in contact with the Trump campaign, via these servers or otherwise. The Trump campaign provided Slate the following response:
“The email server, set up for marketing purposes and operated by a third-party, has not been used since 2010. The current traffic on the server from Alphabank’s [sic] IP address is regular DNS server traffic—not email traffic. To be clear, The Trump Organization is not sending or receiving any communications from this email server. The Trump Organization has no communication or relationship with this entity or any Russian entity.”
The Trump spokesperson did not respond to Slate‘s follow-up questions about the new host name or its finding that the server handled only “regular” DNS traffic (which is usually email traffic), rather than email traffic specifically. Foer emphasizes that his report does not equate a smoking gun, but rather “a suggestive body of evidence that doesn’t absolutely preclude alternative explanations.”
In early October, the US intelligence community concluded that top Russian officials directed the hacks of the DNC and other US political organizations, and other evidence points to Russia’s involvement in the cyberattacks on Gen. Colin Powell and Hillary Clinton campaign manager John Podesta.
Update: The New York Times‘ sources say that “none” of the investigations thus far have turned up any evidence of a link between Trump and the Russian government.