Debunking Trump Tower’s Alfa Bank Server Scandal “Explanation”

From May 4 until September 23, 2016, a Trump Tower server mysteriously transmitted data to Russia’s Alfa Bank.  As soon as the story broke, Trump’s team pulled the process down and offered an “interesting” explanation:  “A thorough network analysis conducted by Cendyn at the request of the Trump Organization determined an existing banking customer of Cendyn, completely unrelated to Trump, recently used Cendyn’s ‘Metron’ Meeting Management Application to send communication to AlfaBank.com.”

Metron is a “cloud based” computing solution, meaning the software is not installed at either bank, and that all communication is performed via browser to the Metron Cloud servers housed at Cendyn.

This is their “explanation?”  The data traffic was NOT between Trump Tower and Alfa, but between an “unknown bank” and Alfa?  To anyone with a basic understanding of internet architecture, this is at best laughable.   The actual data traffic observed over 120 days were thousands of DNS Lookups directly from Alfa Bank to Trump Tower.  Oddly, during the same time frame, identical DNS traffic was ongoing between Trump Tower and Spectrum Health in Grand Rapids, Michigan, affiliated with the powerful DeVos family.  The traffic observed is illustrated in the model shown below.

Later, Trump Tower offered these “connections” were most likely email traffic.  Data analysts scoffed at this, noting that some of these connections lasted as much as 10-15 minutes.  An email would take only a fraction of a second.

Not only does the data traffic between Trump Tower and Alfa Bank totally contradict Trump’s “explanation”, but the traffic continued around-the-clock and is not consistent with the normal business hours of a bank.

Want to know what was really going on?  Read Tea Pain’s “Jared Kushner’s Stealth Russian Data Machine.”