FBI agents, just weeks before the 2016 election, opened an investigation into allegations of a secret communication channel between Donald Trump and Russia. The bureau closed the probe after several months but did not make public that it had dismissed the claims, which came from Hillary Clinton’s campaign and a group of researchers.
Details of the FBI’s analyses, and CIA treatment of the claims, emerged during the trial of ex-Clinton lawyer Michael Sussmann.
‘Jumped to Conclusions’
The white paper and data handed over to the FBI by Sussmann on Sept. 19, 2016, asserted there was a “secret email server” used by the Trump Organization that was communicating with Alfa Bank in Moscow through “another unusually-configured server” at Spectrum Health in Michigan.
“These servers are configured for direct communications between the Trump organization and Alfa Bank to the exclusion of all other systems,” researchers wrote. “The only plausible reason,” they claimed, “is to hide the considerably recent email traffic occurring between the Trump organization and Alfa Bank.”
Scott Hellman, an agent who specializes in investigating cyber crimes, took the first crack at the allegations with Nathan Batty, a colleague. The pair spent inside of a day examining the data, and quickly concluded that whoever penned the white paper “had jumped to some conclusions that were not supported by the technical data,” Hellman testified.
The allegations were based on purported “look-ups,” or Domain Name System requests, between mail1.trump-email.com, the server allegedly controlled by Trump’s business, and servers belonging to the Russian bank. DNS lookups are a way for a computer to find another computer’s Internet Protocol address (IP address), a unique number needed for communication between computers.
The researchers said they tried to connect with the Trump server and that the server would not accept mail from their IP address, or returned what was essentially an error message, Hellman said. The researchers used that, among other data, to suggest the Trump server would only communicate with certain devices, such as those linked to Alfa Bank.
“That didn’t make sense to me. It was sort of like if I knocked on your door, and you told me to go away—I don’t want to talk to you—I’m then going to assume that you’re only willing to talk to other people. I can’t make that assumption. I don’t know if you’re willing to talk to anybody. But that’s what they had done,” he said. “When they received an error message, they assumed that that computer wasn’t willing to talk to them, but it was willing to talk to others, and there was no evidence to suggest that. So assumptions like that is what I was referring to.”
Hellman and Batty wrote in their assessment that they found it suspicious that the activity the researchers highlighted began just three weeks before the researchers began their investigation. They called it “abnormal” that Trump would name the supposed secret server a name that included his name, use a domain registered to his own business, and communicate directly to Alfa Bank’s IP address as opposed to masking the communications.
They also said that Russia’s state-sponsored technical abilities “exceed the [operations] of that suggested in the report.”
Hellman, who is still with the FBI, said in a chat message at the time that the paper “feels a little 5150ish.” He said he meant that “perhaps the person who had drafted this document was suffering from some mental disability.”
Batty wrote that the data was “intended to overwhelm and confuse the reader.” “We think it’s a setup,” he later told Dan Wierzbicki, an FBI supervisor.