The funny thing about mysteries is sometime the answer is starin’ you right in the face so intently you can’t see it. A year ago, Tea Pain saw a signal in the noise that got him lookin’ into the mystery of the Trump Tower/Alfa Bank server scandal. If you haven’t read about it yet, stop and read it before you continue. Trump Tower’s “Stealth Russian Data Machine”
When Tea Pain first looked at the publicly available raw data logs he thought he was lookin’ at a buncha gibberish. It was just scads and scads of DNS lookups, so many they made his eyeballs spin. There was a bunch of what Tea Pain thought was duplicate entries that made finding a pattern all that much harder. Tea Pain decided to look at the DNS lookup summaries instead.
Something jumped outta the data and bit him right on his digital hindquarters. There was never more than 24 DNS lookups, or “connections” in one day. The connections, on their busiest days averaged just a little over an hour apart. Tea Pain, no stranger to databases, data transmittin’ and such, immediately recognized a pattern consistent with “Database Replication.” Tea wrote an article that ended up gettin’ over 250,000 views and caught the attention of media outlets and even a U.S. Senator’s office.
This theory, if true, revealed a data transmission network constantly movin’ data between Russia’s Alfa Bank, Trump Tower and, believe it or not, Spectrum Health in Michigan. Based on the feasibility and sensibility of this real world explanation, Tea Pain was asked to prepare a list of questions to be used in the Senate Intelligence committee’s investigation. Tea Pain was mighty honored to oblige!
In the past few months, rumors have emerged that Bob Mueller’s team is lookin’ into the Alfa Bank mystery hot and heavy, promptin’ media outlets to start puttin’ fresh eyes on this year-old scandal. Four news outlets contacted Tea Pain for explanation of the Database Replication theory that had been favored by many investigatin’ the case.
Newspaper folks ask a lotta questions and Tea Pain quickly realized that his theory needed a little beefin’ up so he decided to go back to square one and revisit the facts. The reporters admitted that replication made the most sense, but they needed more to feel comfortable about what was goin’ on here. So Tea pulled up the original logs (available here) and went back to square one. That’s when he saw it! It wasn’t duplicates like he first thought. It was pairs! Right there in the logs lay the answer.
Above is a snippet of the raw logs. Now look at it with just a little bit of help.
All the connections were made in sets of two, four, six, eight, etc. This is the KEY to unlockin’ the whole shootin’ match!
Early database replication was fairly straight forward. A process on one computer would “wake up” and see if there was any new data that needed to be sent to his digital step-brother. The process would establish two connections with another computer, one outgoin’ and one incomin’ to broadcast data changes back and forth to the other database until both databases looked exactly alike. Then it would go back to sleep, usually for an hour, then wake up and check again.
That was cool until databases got really big and the demand to replicate larger amounts of data increased. Smart folks figured out they could create multiple sets of connections, known also as “threads” to replicate more data in less time. Most databases spawn these threads in pairs of 2, 4, 6, 8 and so on.
So there it was, starin’ Tea Pain in the face the whole time. He was clearly witnessin’ “Multi-threaded Database Replication” followin’ it’s predictable and programmed algorithm to a “T”. Check out this snippet of activity and it’ll get even clearer.
Here’s a few sessions from July 28, durin’ the Stealth Data Machine’s busiest transmission period. These reflect each time Alfa Bank contacted the Trump Tower server durin’ the wee mornin’ hours. Notice each time a session starts, multiple threads are spawned in pairs of 2. The real key thing to notice is the interval. Just a little over an hour apart!
Typically, Alfa would contact Trump Tower, and exchange data for 4-5 minutes, plenty of time to exchange gigabytes of data on high-speed 1 gigabit commercial lines. Then Alfa Bank sets a timer for an hour and goes to sleep. Day in, day out, this stealth data machine labored away, sendin’ its treasonous cargo round the world disguised as everyday business data.
There are 3 tell-tale signs of hourly database replication
- Never more than 24 sessions a day
- Never less than an hour apart ( typically an hour and a few minutes apart)
- Connections made in multi-threaded pairs of 2
There you have it folks. We can’t see the money the crooks stole, but we can plainly see what kind of getaway car they was drivin’! Tea Pain has faith that Bob Mueller’s crew has access to way more information than this and that all the naughty boys and girls involved will be brought to justice.
Tea Pain 
Tea, I am so impressed! I also trust Mueller and I am hanging on, awaiting the day the Trump family indictments arrive. Again, I am grateful to you for your unending search for the truth.
LikeLiked by 2 people
I am not a techie but have been following the Alfa Bank/Trump Tower connection from day 1. Read Franklin Foer’s work on the subject. Your revelation about Multi Database Replication makes sense! Would be helpful to explain how this data exchange helped Trump.
LikeLiked by 2 people
If you read The Guardian series on the downfall of Cambridge Analytica, which detailed the types of services they provided to their clients, you can figure out how Trump benefited from his $500 million Russian-provided purchase of those services.
LikeLike
Here’s an example: http://www.businessinsider.com/donald-trump-voter-suppression-2016-10
LikeLike
You should probably also know that it was Fusion GPS/Glenn Simpson who put this scandal out into the media. The same Glenn Simpson who refuses to testify in front of Congress now and was responsible for the bogus Russian dossier.
LikeLike
Today, is timely, yet ANOTHER example of corruption of the Left against Trump.
Bogus Trump-Russia Alfa Bank Connections Were Created By Hillary Supporter, Working with Fusion.
In May of this year [2017], the bank tapped Kirkland & Ellis LLP, a white-shoe American law firm, to write a letter to L. Jean Camp, an esteemed Indiana University computer scientist and researcher — and a vocal supporter of the claims made by Tea Leaves. This initial letter, first reported by CNN, claimed that the Camp investigation into the covert server chatter had “encouraged inquiries into supposed links to the Trump organization” and that her “activities continue to this day to promote an unwarranted investigation into Alfa Bank’s ‘communication’ with the Trump Organization.” The letter added that “Alfa Bank is exploring all available options to protect itself … [including] litigation and causes of action under the Computer Fraud and Abuse Act,” further demanding that Camp “preserve all records” pertaining to the Tea Leaves research. Such a preservation request is often the precursor to a lawsuit. There would be more letters.
Alfa Bank contacted Professor Camp and demanded she hand over her emails related to the Trump – Alfa bank connection, but she would not. The bank’s position is that the professor is an employee of a public entity (Indiana University) but still Camp’s attorney’s have refused to comply. Alfa would like to know who all was involved in her sending requests to the bank’s and Trump’s servers and with reporting the incident as a fact that Trump and Alfa bank had a secret back channel to each other.
In March of 2017, FBI Head Comey confirmed there was no connection between Trump and Alfa Bank. Now it appears that the same far left Hillary-lover created the entire mess and that the FBI and Christopher Steele used this faulty information to attack candidate and then President Trump.
BOOM, yet another accusation against Trump blows away like dried bullshit in the wind.
LikeLike
Your comment is complete bunk. Alfa Bank can’t just demand Camp’s emails, and they have not filed any type of legal action against her. This should tell you that the demand was a bluff and the data was valid. She wasn’t in the basement of Indiana University doing some hacking. There were many involved. ‘The Left’, as you call them, are not the perpetrators of the insidious activities of power grabbing. Trump is a corrupt, incompetent, lying menace.
The actions and statements by Mitch McConnell make it clear that the GOP have no interest in a democratic process or a Constitutional republic. They are all traitors to the USoA and should be in prison.
LikeLike
Well now now we know why DT chose the illiterate, dumb belle Betsy DeVos as the secretary of education, she was selling our our health care data to DT and Russian Alpha Bank and back to Russian intel???? Now Betsy can be sued for fraud, and stolen health care data converted to voters data and sold to Russians and DT. Traitorous. treacherous, venomous, vile woman. She should be lynched not hanged since she is a racist , the best punishment for her crime is to reverse her psychology for her to see what she hated being used against her.
LikeLiked by 1 person
I don’t think he means healthcare data, I think it’s US voter data “laundered” through Spectrum, sent to Russians to help them precisely target their ads, trolls, and bots.
LikeLiked by 3 people
Exactly! Voter info.
LikeLike
I agree. Remember the photo op on the White House steps when kris kobach from Kansas was seen with donald trump? The Voter Fraud Commission dissolved shortly after that with a whimper and a simple statement that no voter fraud was found. This was very unlike these folks, trump included, that were rabid about ending voter fraud. I knew something was up, but of course didn’t know what. Based on what Tea has found, our voter information which includes our personal information and our voting history, has been transmitted to russia. There are 33 republican governors who I am convinced turned over voter registration rolls to the White House. Once our voter registration information was in donald trump’s hands, there was no need to continue with the voter fraud story, or the commission. They had gotten what they needed, voter registration data on millions of Americans.
LikeLike
Healthcare data is voter data. It’s called PHI. It contains just as much info, if not more as voter data. DOB, patient address, various health care info, provider info. Enough information to sell to anyone.
LikeLiked by 1 person
No, he meant health data. They tried to get it from other sources, but were told they couldn’t legally get that info due to HIPPA, so they went the DeVos route and got it illegally. Why they wanted the health records to go with the Facebook profiles, I don’t know, but they did.
LikeLike
The Alfa server scandal is a hoax spread by Fusion GPS and Glenn Simpson, this is publicly available information now. It’s why he won’t show up in front of Congress to testify. You anti-Trump rubes will believe anything as long as it satisfies your bias won’t you?
LikeLike
Sorry, just read Tea’s original—I may have it backasswards. Russian hacked voter rolls data laundered through Alfa.
LikeLiked by 1 person
Threre are 140 duplicate queries. The sub-second timing is nonexistent (all second fragments are .000). What are the odds that anyone with half a brain would claim that’s a legit packet capture?
You’re the one who refers to yourself in the third person. This packet capture is virtually useless. All seconds end with .000? Really? And you draw conclusions from this that explain database replication? OMG. Next you’ll even tell us what parameters were passed to rsync to get this to happen.
/snarfle chocolate milk
E
LikeLike
If you were trying to target key swing states with an ad campaign targeted at specific voters mental vulnerabilities, based on psychometric data obtained from Facebook, you would want a list of individuals who lived in those states.
Usually you go to the doctor in your state. So match up location with Facebook data, and bam, you know exactly who to target. Using psychometric analysis of the data, you know exactly how to target them. Send the info to Russia and they target those individuals.
I can’t say this is what they did, but it is one of the key elements they needed:
> Location of voters (health records via Spectrum Health)
> Party Affiliation (Voter Roll Hacking of Michigan)
> Psychometric Data informing you of voter vulnerabilities (Facebook Data Converted)
> Portal to Attack (Facebook Account)
https://www.washingtonpost.com/news/the-fix/wp/2016/12/01/donald-trump-will-be-president-thanks-to-80000-people-in-three-states/
LikeLiked by 1 person
“I can’t say this is what they did, but it is one of the key elements they needed:”
Yeah, you can’t say anything is what “they” did because there’s no data at all to support it, none to be a “one of the key elements” “they” (who is they?) “needed” (needed for what?)???
There’s no usable data here. The logs show false and duplicate timestamps for nothing but DNS requests. The only conclusion one could reach from this is “insufficient data to reach a conclusion.” Anything else is just irresponsible grandstanding.
E
LikeLike
But why was Spectrum Health even in contact with a Trump Tower? I am currently living in West Michigan and if any patient info was sent it is breaking HIPAA laws. I want that investigated.
LikeLike
Ehud Gavron. Actually, you need to take a look at the facts. The Russians did hack the election systems in 21 states and they did have uncanny knowledge to enable them to run a targeted social media campaign that tricked many Americans into thinking it was of American origin, not Russian propaganda.The Russian targeted social media campaign was often closely reflecting Trump’s campaign targeting aimed at winning the electoral college. Also fomenting racial and cultural division and more. Lisanne’s proposed explanation for what the data shared in the database replication could have been is speculation but very much a real world possibility that could explain what happened.
FYI: Your Question 1: (who is they?) = Answer: It is the GRU (Russian Military Intelligence) and their hackers (unit 2516, Cozy Bear) and the Trump Campaign/Cambridge Analytica/Brad Parscale/Jared Kushner
Question 2: (needed for what?) = Answer: For cheating the 2016 election via manipulating the electoral college system with the assistance of Russian resources. Geddit.
If Ehud is your real name you are not very smart for an Israeli/Jew who tend to be highly intelligent. Maybe you are being sarcastic or you are just a Russian Troll. You ain’t da mensch.
LikeLike
Really? You want to inject race in it?
BTW, was Obama once from Africa?
LikeLike
I do something similar. Ping google to make sure my network connection is alive. Log the result and schedule it to happen again in an hour.
LikeLike
But, you don’t ping a Russian bank, right?
LikeLike
Not very similar really is it, numb nut. Sorry to be rude but be serious.
LikeLike
DNS query results are typically cached by the operating system for some amount of time, so there could be multiple connections made in between DNS queries. If the DNS records included a 1 hour DNS TTL, you’d only ever see queries every hour, no matter how frequently the servers were communicating.
It would also be possible, hypothetically, to cause DNS queries even if there were no connections. This seems very unlikely, but it’s not impossible.
I work in software, but I’m not a database replication expert. I’d recommend getting someone you trust (a computer science professor, maybe?) to go over the data with you.
LikeLike
Wow incredible, but like all else so true.
LikeLike
What’s incredible is that a few DNS lookups get more attention than the Podesta and DNC emails.
LikeLike
Podesta and the DNC weren’t working with the Russian government/mob and its intelligence services to attack the US 2016 election. Besides, it was more than “a few” DNS lookups.
LikeLike
Actually they were doing exactly that, with the help of Ukraine, UK intelligence, Russian intelligence agents close to Putin, the dirty “dossier” they were paying for, while Crooked let Russia control a significant part of US uranium supply.
You kind of prove what the Trump people said all along.
LikeLike
Here comes Mr but, but, but the Clintons. Ha ha ha ha. Now, focus that depth of a puddle of a brain of yours and try and understand: The DNS look ups are more important because Russian interference in the 2016 US election happened on a wide scale (even Betrayin’ Donald has reluctantly admitted it on occasion). Covfefe boy George Papadopoulos bragging about the Russians having DNC emails then lying to the FBI about the timeline. Flynn discussing sanctions with Russian Ambassador then lying to FBI about it. Manafort firmly stuck to the Russian oligarchs like glue. Carter Page going to Moscow and meeting Russian officials from Gazprom (despite previously denying it to the house committee). Roger Stone meeting a Russian about buying the hacked DNC emails (despite previous denials). Erik Prince’s prearranged meeting with Putin’s banker in the Seychelles (despite previous denials). Trump Tower meeting – served with a millefeuile of lies, denials and ever changing stories and an eldest son betrayal. 17 Russians implicated in the Trump/Russia intrigue have now been assassinated (sorry, I mean “died in mysterious circumstances”). Including Smith the republican trying to buy Clinton’s hacked emails from a Russian and his most peculiar Donald Trumpesque suicide note NO FOUL PLAY WHATSOEVER. I’m getting bored now but there was much more.
LikeLike
“because Russian interference in the 2016 US election”
1) What is “interference”?
2) Is that immoral?
3) Is that illegal?
“Flynn discussing sanctions with Russian Ambassador”
Is that immoral? Illegal?
“then lying to FBI about it.”
The FBI had the right to question him? Since when?
“Trump Tower meeting”
100% legal and moral
So again, you don’t care about Hillary’s illegal email server? At all?
LikeLike
Sounds like an email subdomain setup, no?
LikeLike
Reblogged this on New American Patriot.
LikeLike
The DNC servers suffered two attacks in April 2016. These lookups started in early May 2016.
https://www.washingtonpost.com/politics/democratic-party-files-lawsuit-alleging-russia-the-trump-campaign-and-wikileaks-conspired-to-disrupt-the-2016-campaign/2018/04/20/befe8364-4418-11e8-8569-26fda6b404c7_story.html?utm_term=.77bfeb97a837
LikeLike
If this is voter history, then the recent primary elections should have been followed shortly thereafter with increased communications duration.
LikeLiked by 1 person
That seems to have been the sequence that happened.
LikeLike
Finally! I’ve been looking and looking for any kind of follow up on this story. What really engaged my curiosity, is the exchange’s with Spectrum Health (coincidentally, is connected closely with the DeVos’). See, where I live, the DeVos’ are a huge deal. Like, as in owning the city, literally. So thanks for enlightening me on the updates!!
LikeLike
“recognized a pattern consistent with “Database Replication.””
Can you define those “patterns”?
LikeLike
As the article describes, the pattern is the hourly communications schedule, which is a not untypical scheduling for one database to be compared to another, and if differences are found, the more recent updates are added to the database that doesn’t yet contain the new data.
LikeLike
So the pattern is “regular communications”. But we know nothing about the content of the communication, so anything that communicates at fixed time interval fit the pattern.
LikeLike
Tea, you forgot to mention the database in question appears to be the email server for Trump. The Russians got EVERY single email sent from the Trump Org
LikeLike
Do these emails have any strategic significance?
LikeLike
Yes, such excellent work. T.Pain has a very rare combination of talents and skills; technical knowledge and perception, creative thought and communication. A debt is owed by the world to this great individual. Thank you. Hoping helps get Donald NO FOUL PLAY WHATSOEVER banged to rights in not too long.
LikeLike
Connection are NOT called threads.
You suck at this.
You are an ignorant buffoon.
Just give up already.
LikeLike