Trump Tower’s “Stealth Russian Data Machine”

We pull back the curtain on Jared Kushner’s “Stealth Data Machine.”

Stealth Data Machine

Jared Kushner is currently taking a victory lap, crowin’ about his “Stealth Data Machine” that put Donald Trump over the top in the 2016 race.  Let’s pry off the lid and peer into the inner-workings of this “Data Machine.”

The Signal in the Noise

Building on the data analysis by @Conspirator0 on Twitter, Tea Pain has stumbled onto a possible “signal in the noise” that opens a window into the data-swappin’ shenanigans going on between Trump Tower, Spectrum Health and Russia’s Alfa Bank during the election.

Spectrum Health, owned by Michigan’s powerful Devos family, attempted to explain the IP activity as “Voice over IP traffic”, whereas Alfa Bank offered an even more exotic explanation that “hackers attempted to make it look like we contacted Trump Tower.”

The data traffic, when analyzed, tells a very different story, a story of automated, orchestrated data sharing among multiple sites for a strategic end.

Tea Pain originally dismissed this story as a possible red-herring.  With the Russia craze at a fever pitch, this activity could be explained by what Tea’s daddy used to say, “When you got a new hammer, everything looks like a nail.”  But when Tea Pain saw the data patterns analyzed by Conspiritor0, he knew he’d spotted something mighty familiar: Database Replication.  Put a pin in that, more on that later.

Ping Duration

At first, data analysts were puzzled by what appeared to be random activity with no apparent pattern.  Perhaps it was email activity?  Maybe money transfers?  But there were literally thousands of these IP “pings.”

Once the activity was charted, a pattern emerged.  For example, a connection is made from Alfa Bank to Trump Tower, which may last anywhere from 1 minute to 15 minutes or more, followed by a longer “sleep” period.  When averaged over months, these events charted an average time between connections to be 3660 seconds, or 1 hour and 1 minute.  Whatever was running, it would hook up, transfer data for a few minutes, then go to sleep for an hour.

This was the clue that led Tea Pain to formulate a much clearer working model to explain what we were all seeing:  SQL Server Database Replication between multiple sites.

Database Replication

What Is Database Replication?

Database Replication is a rather simple concept.  When you have a database with millions of records representing hundreds of gigabytes of data, and you would like to keep a copy of that database housed in 2 or more locations, it makes no sense to continually copy the entire database from point A to point B every time a change is made, so you “replicate” it.

This allows only the changes made to be sent from one database to another.  This is accomplished by a process that runs on timely intervals, usually an hour, that wakes up and checks the changes made since the last hour and broadcasts those changes to the other database.  The other database, in turn, check for its changes and broadcasts them in the other direction.  Voila!  Both databases are identical!

So what does the data traffic patterns suggest?  Check out the chart below.  Behold, Kushner’s “Stealth Data Machine.”

Russia Data Traffic

The white box illustrates the scope of data we can now observe.  The bulk of the replication took place between Trump Tower and Alfa Bank, while smaller amounts of data were transferred between Trump Tower and Spectrum Health.  If, for example, Trump Tower talked to Alfa Bank for 10 minutes, the next Spectrum-Trump Tower connection might last only one minute, indicating data replicated from Trump Tower to the Devos health care empire was being filtered, perhaps by “WHERE StateCode=’MI'” for example.  But when changes were made at Spectrum, things looked very different.

IP Packetts

Conspiritor0 noted that when Spectrum connected to Trump Tower, Trump Tower’s next connect time was significantly longer, indicating Spectrum had modified a large chunk of records that had to be synced to Trump Tower, then pushed on to Alfa Bank. This detail was important in identifying that replication was in use.  In this scenario, Trump Tower was functioning as a center-point, a data distribution center if you will.

We don’t know what was in these data packets; that info is beyond our purview at this time, but ask yourself a simple question and you find your answer: “What do Trump Tower, the Devos Family and the Russians all have in common?  A desire for Donald Trump to be President of the United States.

Tea Pain’s working theory is that Russia created a voter targeting database with information gleaned from hacked DNC data rolls and other data rolls “acquired” from other states to feed this growing contact database.  That database originated at Russian Intelligence which was in turn replicated to Russia’s Alfa Bank.  This is where the “data laundering” takes place,  Alfa Bank is the pivot point where the FSB’s data fingerprints are wiped clean.  Ironically Russia launders its data at the same place it launders its money.

At Trump Tower, more data could merged into this system using various legal sources as well.  Spectrum Health could also add value to the data by matching names and addresses in their extensive healthcare databases to harvest email addresses and phone numbers to flesh out this list.  All these changes would be promptly replicated back to Russia in a matter of hours.

Once back in the hands of Russian Intelligence, this massaged data could be programmatically matched up with social media handles to create a micro-targeted “hit list” for the thousand Russian trolls employed by Putin.

The Payoff

How is this a breakthrough? Now that we have identified the likely means of how this data was transferred, data analysts now have more precise points to search for to arrive at a complete reveal of the massive data collusion between Team Trump and America’s foremost adversary.

The “beauty” of this system is its simplicity.  Here’s some bullet-points to sum up.

  1. No special software needed. SQL Server is used in most every major enterprise.  Replication is a built-in tool.  No mysterious hidden processes, viruses, malware, etc.
  2. Virtually undetectable. No one would blink an eye at data replication, a standard business practice.
  3. Could all be set up remotely with only VPN credentials and remote desktop access, information that is often shared via routine third-party data audits. No one inside Trump Tower or Spectrum’s IT department need be involved. One Russian Intelligence data operative could set this up in less than an hour at each location.  No low-level “conspirators” needed.
  4. Value could be added to the data anywhere in the chain and it would promote back to Russian Intelligence within 2-3 hours.
  5. All data-transmission would be out in the open, mixed in with the daily flow of business.
  6. Even if found, the data would look benign, just names, addresses, phone numbers, email addresses, social media handles, etc. No financial information. It would look just like a contact lead database purchased from any data-mining merchant.
  7. Trump/Spectrum operatives and employees in the United States could interact with this list and have no clue the origins of the data were nefarious.  This plain-sight approach was the key to its success.

305 thoughts on “Trump Tower’s “Stealth Russian Data Machine””

  1. Very sophisticated and interesting in it’s simplicity. Great work by your friends with great minds. Glad I found you teapainusa and will continue to follow. Don’t stop !

    Liked by 1 person

  2. I am so grateful for your work and ability to explain it all. #resist! But…as smarmy and disgusting as this all is… is there anything illegal in what you are describing (honest question). What would be the charges for doing something like this?

    Liked by 1 person

  3. TeaPain- Spectrum’s Director is suddenly stepping down, the announcement made last week. He was sued for fraud before (crooks don’t change) and investigated by the SEC. Reading the filings am finding a few interesting red flags. Still digging but he’s a DeVos Spectrum link worth looking at.

    From official SEC announcement:

    March 22, 2017
    Mr. Omar Asali, a director of Spectrum Brands Holdings, Inc. (the Company), notified the Company that he has decided that he will
    resign from the board of directors of the Company and its subsidiaries and all committees thereof effective as of 5:00 p.m. Eastern Time on April 14, 2017 (the Effective Time).

    Liked by 1 person

  4. I think there is a mixture of periodic financial transfers mixed in with mostly data syncing These might be Russian health insurance investments in devos health care companies. Great way to launder illegal campaign contributions to GOP. Gee I wonder if there is a connection? See my next article in ami magazine. John loftus

    Ps great work Tea. Check for traffic peaks followed by big air time buys.

    Liked by 1 person

  5. I have yet to understand why any of this surprises anyone the man repeatedly said Republicans stupid what’s the problem here


  6. Is it possible the information for voters was stolen this way, then their votes changed via Bot communications. We already know voter data was stolen from several states and the one brand of tabulating computer (the one most states use) was hacked.

    Liked by 1 person

    1. Sara Carter: “Two! Yes! Two instances so this is completely new evidence and remember we all thought and everybody had reported that the server was inside Trump Tower. The server was not located in Trump Tower according to our sources. gateway pundit 8 march


      1. vening. The FBI’s counterintelligence unit is still investigating the server, their sources claim — but the server was never the subject of a FISA order. And … it’s not located in Trump Tower. It’s apparently located in Pennsylvania. Weirder and weirder: hot air 9 march


  7. You are an idiot. The original article upon which you base your info was crap and you are just pulling this out of your ass and making it up. Your technical analysis is rudimentary at best, even comical. I am no Trump fan. He’s a moron, a national embarrassment, and there likely is something going on that shouldn’t be. But, don’t create this kind of bullshit. It distracts from the real story and delegitimizes what may really be there.


  8. Publicly available internet records show that address, which was registered to the Trump Organization, points to an IP address that lives on an otherwise dull machine operated by a company in the tiny rural town of Lititz, Pennsylvania. CNN march 10

    Liked by 1 person

  9. FBI gets Lititz firm’s help in probe of Russian bank’s ‘odd’ interest in Trump Hotels marketing emails
    Lancaster online march 10

    Liked by 1 person

  10. Say, are you getting many hits on your article?
    I never believed the FBI when they said they investigated this and, oh it was nothing, probably was just spam going back & forth. Do you remember that? I never believed the FBI, I always felt they were just trying to throw everyone off the track.
    This server was inside Trumps business at Trump Tower, right? That’s what I remember, and where this server was physically located is critical to assigning guilt. Yours is the BEST theory I have read, and I bet you are right. I bet you are right.

    Liked by 1 person

  11. Have been waiting nearly 3 months for connections between Prince,DeVos,Trump,and Russia to be identified. My questions intensified after reading an fb posting about the Russian bank giving Spectrum Health several million dollars. I ( computer illerate) lost the posting before I finished reading.
    Thank you, thank you for your work!

    Liked by 1 person

  12. Hi guys, I think this is a huge deal. I have been looking over the Finance Disclosure Reports (OGE Form 278e) that were just made public by the White House and available by ProPublica. Steve Bannon’s report sent a chill up my spine.

    Steve Bannon reported that he was the Vice President and Secretary for Cambridge Analytica, LLC from June 2014 (06/2014) to August 20, 2016 (08/20/2016). [In Section 1. Filer’s Positions Held Outside United Government.]

    On the same date (Aug 20, 2016), Bannon also resigned from four other positions; 1) Executive Chairman of Breitbart News Network, LLC; 2) Chairman of Glittering Steel, LLC; 3) Vice-Chairman of Reclaim New York, LLC; and 4) Chairman of Government Accountability Institute, INC.

    In Section 2. Filer’s Employment Assets, Income and Retirement Accounts he lists (among others)

    Bannon Strategic Advisors, Inc (Consultancy Corporation), income $493,836 (my note: This is just shy of $500K. Is there some kind of reporting cutoff for income less than $500K, or is this a coincidence?)


    Cambridge Analytica, LLC for $125,333 for “Consulting Fees Received by Mr. Bannon’s Consultancy Corporation

    and Cambridge Analytica, LLC Membership Units, with a value between $1million and $5million but with an income of less than $201. (my note: So he owns this, but it isn’t bringing in income. Yet.)

    Something big happened in Steve Bannon’s career EXACTLY on August 20, 2016. There was a lot going on that week. I would look for other events in this unfolding story to see what was going on with the other players on THAT WEEK. Did people meet with the Russians at the RNC in Cleveland in July 2016 and follow through in the next month? Were new relationships established? Accounts closed?


  13. All I can say is there is no way this was an on the fly, oh I’ve got an idea, let try this. This took a high level of conspiratorial planning, colussion, spying with people who have developed relationship with all the players. Carter Page on steroids!


  14. Very plausible; great work! Assuming the Spectrum Health data and DNC voter roll hack data were also being folded into the Cambridge Analytica Trump campaign data, it makes a few points in the Feb. WaPo article on SCL Group really stand out:

    “The company first garnered attention in 2015 when it was tapped by the presidential campaign of Sen. Ted Cruz (R-Tex.). In the end, Cambridge’s work proved uneven, according to campaign officials, who said that while its data scientists were impressive, its psychographic analysis did not bear fruit.”

    I guess adding all that illegal info made their analysis much more “fruitful.” Also this quote from the SCL CEO:

    “This is not medical data or health data or financial data,” he said of the U.S. data that Cambridge collects. “It’s what cereal you eat for breakfast and what car you drive.”

    Interesting choice of examples for the data they definitely DON’T collect!


  15. Nice work tea pain. I can’t wait until the FBI brings down the house. The problem is if Gorsuch is on SCOTUS I’m afraid they will all walk. I believe he was put up for the nomination for this reason alone, sort of a just in case we get caught plan B. I hope I’m wrong about that but I wouldn’t be shocked if that happens.


  16. OMG!!! Great work! Hurry and get this info to the FBI and Intel committee. Trump needs to be stopped before anyone else dies. Especially us! Thank you so much! You are BRILLIANT!


  17. Fantastic analysis. When the movie, TV series, or HBO special, comes out, who do you want to pay you?


  18. This is amazing! Would love to be that smart. I was able to follow your explanation enough to get an idea about the ramifications of this info. Bring it on; everyone needs to know this.


  19. Wow, this is amazing!
    Clear, concise and succinct for someone like me who’s not at all computer literate.
    How creepy clever of someone to set this up, and wander away with the feeling no one would ever catch on.
    Thank gawd for you, Louise and company for diving into this whole disgusting, treasonous mess.


  20. This information gives me hope that we could very well get a fairy tale ending to the apprehension and dismay of the last five months. Wouldn’t it be wonderful if we could say goodbye to the orange one and take back Congress!


  21. I’m not a computer expert so I’ll just have to hope you know your “ish”and that you’re not just another pretty face. I know you’re persistant and a patriot and from Arkansas, you’ve got that goin’ on. signed Proud ex Arkansan.


  22. Good work TeaPain! And you’re right, the rabbits are definitely speaking Russian. Damn I’ll be glad when they round everyone of the people up. Thanks!


  23. Intriguing theory.

    Can you go in to why you think specifically this is Sql Server replication and not any other database, or a cron job, or any other scheduled traffic?

    Liked by 1 person

  24. Sorry, but I don’t see the illegality of this. In what way is using a Russian big data utility breaking any laws? Simply because they’re Russian? Certainly lying about it to the FBI is illegal. Was there something more that was being done to the data? Was using the data illegal in the first place? Excuse my naivety.


  25. Great Job, TeaPain! Following Louise, you and John & even Jester, has helped me to believe this will end and the criminals go to jail, the way Good always conquers Evil. This will go down as the largest, racketeering & corruption case in history before it’s done. You all make a brilliant team of Heros. Thank You!


  26. Tea Pain Truly a great piece! Would you send this article to Representative Adam Schiff at the US Congress. He is leading the House Investigation. On Twitter he is at @RepAdamSchiff


  27. Tea Pain – It’s great that people are still looking at the server data! I think there will be obvious links from the Listrak hosting company in PA back to Jared. Someone had to tell Listrak how to set up the server and they probably still have system backups.

    I like your database idea, but I don’t think DB replication would generate this type of DNS traffic. More likely a DB server only does a single DNS lookup at startup and keeps an open connection to the other server for days or weeks.

    The 61 minute DNS frequency is more easily explained by a simple e-mail client set to check for mail every 1 minute and a DNS TTL (time-to-live) of 60 minutes.

    Email client checks for mail every minute, but central DNS requests only happen after the previous lookup expires so you see a central DNS lookup every 61 minutes.


    1. Any way to verify the TTL of the domain being looked up (at that time?) I don’t see the actual domain names mentioned here, but would there be historical DNS records from that time indicating the TTL at the time if the domains were known?


  28. Interesting theory, but leaves some questions unanswered:

    1. You wrote: ‘Trump/Spectrum operatives and employees in the United States…’ would be able to use this data, but tRump effectively had no campaign staff, certainly no cadre of political operatives working in the shadows… well, except Roger Stone, LOL. And it’s hard to believe that a mid-size, not-for-profit health-care organization in western Michigan is going to be a secret hot-bed of voter demographic research and/or political dirty tricks.

    2. Why bother? After Cruz dropped out, the Mercers hopped on the tRump train, bringing Cambridge Analytica along. Whatever the Russians might have done in voter demographic research or analysis, CA was miles ahead of them, as well as anyone else (much to Hillary’s chagrin and our loss).

    3. Not even Putin could possibly have believed tRump was actually going to win the election, so Russia’s meddling had a different purpose, IMHO: destabilization of our democracy. To achieve this goal, you need to be messy enough to get caught, but you don’t have to actually build an organization large and good enough to truly change the outcome, you just need to look like you do. Dummy data transfers fit this scenario.

    I agree that there’s plenty of smoke here, and possibly a bonfire that may get uncovered at any moment. I applaud your work in ferreting out what is going on, and your efforts to give this issue visibility.

    Keep up the great work!



    1. I believe the answer to that is possibly that Russians stole Facebook data, which was fed back into that same system. This is what Louise Mensch’s theory seems to be (that she claims has been corroborated by IC connections). The entire thing was set up so that they could pinpoint targets of interest – and having done facebook advertising before, I can see that it’s quite… how shall we say… ‘granular’. But if you know more about the FB customers than even FB does, you can probably game the system so that literally only specific users with a specific kind of profile will see the ads or promoted posts that you’re running, rather than a somewhat larger swath of people if you were only using FB’s filtering tools. And honestly, the kind of people who’d flip their vote cause of stuff like this (like, say, my mom or in-laws) don’t even realize what they’re seeing is targeted fake news or some fabricated crap like, say, Pizzagate. In some ways, it’s quite brilliant. But I think the key here is the social media data and the voter rolls combining to produce this ‘stealth data profile’, Kushner Death Star thing.


    2. Bob, you make good points, and I don’t have the answers, only suggestions and hypothesis/theories. Let me try:

      1. One of the arguments of the above article is how “personnel friendly” this whole thing would be. You wouldn’t need a dozen people monitoring this thing 24/7, just a few select persons, who would then disseminate the intel to the appropriate marketing/PR individuals. Also, this intel would be headed in the Alfa/Russian hacker direction as well, giving them the databases to use for the purported dissemination campaign.

      2. Cambridge Analytica didn’t have the stolen DNC databases of voters, nor the voter rolls allegedly stolen from the states. The argument is that they were made available to them through this scheme, that they may weaponize the data – returning it to the “hacker troll army” that was so prevalent during the campaign. With the targeted data, the trolls could attack facebook/twitter with fake news and selected true news that would hurt Clinton the most. If you know any Bernie people, they were the target for this campaign, an effort to depress votes that would default back to Hillary. That’s the theory, at least.

      3. Agreed. This whole campaign was an even greater success than anything Putin could have hoped. Add the whole Exxon – Rosfnet deal to the mix with the soon to come reduction of sanctions and you’ve got the most successful PR campaign in history, making the richest man in the world doubly rich.

      Again, this is what’s alleged. It’s probably what happened, but that’s a long way from being something prosecutable in a court of law. I’d hate to be in Comey’s shoes.


  29. Thank you to you, Louise, Malcolm Nance, Jester, and the so many others that I have been following. As others have said you give comfort that this will be solved and justice will be served. Your theory & evidence explains how the Trump supporters (some of them) were conned.

    Trump & team repeatedly stated there were lots of “dead” people on the voter rolls. I guess this would explain how they knew that. They also seemed to think they voted too. Makes you wonder what sinister action they took knowing that info. Almost like more projection.

    Thank you again for your hard work. Amazing!

    Liked by 1 person

  30. Except Mensch’s sources there’s no evidence that they were transferring voting databases, is there?

    If the FBI knows this sort of thing why are they letting that deranged freak stay in office?


    1. The thing is, we can’t say they don’t know anything. Between the FISA’s, Comey’s testimony, what people on both committees have said they’ve seen, and the leaks coming out of IC, there’s SOMETHING there – that’s a fact at this point. But why are they letting an obviously illegitimate administration bomb people and possibly get us into world war 3? THAT’S the real question at this point. I understand wanting to build an airtight case but what good is an airtight case if the country is a smoking, radiation soaked, husk of a fall-out zone?


  31. It’s a set up. Someone on the opposing side set up a something with Trump’s name. OK then they proceeded to communicate with a Russian bank. Then let’s go to fisa court, look what we found yada yada ….


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s