Spectrum Health’s Role in the Trump-Russia Server Scandal

Much speculation and rumor has surrounded the mysterious data connections that bounced back and forth between Russia’s Alfa Bank, Trump Tower and the DeVos family’s Spectrum Health in Michigan prior to the 2016 election.  Rather than concentratin’ on whether it was top-secret spyware, database replication or some other whiz-bang data transmittin’ software, let’s step back and look at the role each site played and what value each player might have added to this little Trump-spiracy.

Now that some of the smoke has cleared, we know two basic facts.

  1.  Russian hackers were able to acquire voter rolls from a number of key battleground states.
  2. Russian bot-farms were able to inundate social media with fake news, propaganda and Trump-friendly talkin’ points in the run-up to the election.

The question we must ask is a simple, but important one, because the plausibility of this whole data-sharin’ shindig rests on it…

How did the Russians convert generic voter roll information into a specific list of targeted social media contacts?

In simpler terms…

From This To This

Voter rolls have basic information: name, address, maybe a phone number, but that’s it.  Unless you plan a massive door-knockin’ campaign, it’s pretty useless.  So, to repeat the question, how do you get from generic voter rolls to micro-targeted social media lists?  What’s the one thing that ties all these things together?  An email address!

From This To This

All Russian intelligence needed was to associate an email address with a name and address of a voter and bingo! Every social media account you own is tied to your email address, right?  Once they had an email, they could data-mine everything about you from your social media feeds.  They immediately knew if you were a Trumper, a Hill-bot, a Bernie Bro or a Stein fanatic, and could tailor a bot-campaign custom-made for you!

So where did they get the email addresses?  This is where Spectrum Health comes in.  Located in Grand Rapids, Michigan, Spectrum is smack dab in the middle of one of the states the Trump campaign had to tip to win.  They are a huge health-care provider with subsidiaries that include hospitals treatment facilities, urgent-care clinics, as well as physician practices that serve the western Michigan area.  But the big enchilada for this caper is their access to insurance provider databases from all over the United States.  And what do those insurance database all have?  Email addresses tied to a name and address!

Bam!  This is the key to tied the whole operation together.

EmailSpectrumChart

So what did the DeVos family get in return for Spectrum’s role in this little ping-ping wing-ding?  You’ll have to ask the new Secretary of Education, Betsy DeVos!

 

Casual Racism

You’ve heard of casual dress, casual dinin’, even casual sex.  Now add: “Casual Racism.”  Sadly it’s all around us to the point where we barely even notice it.  Let Tea Pain tell you about his brush with casual racism today.

Tea Pain was eatin’ lunch at the Golden Chopstick Chinese Buffet, easily the swankiest place in Harrison, Arkansas.   Tea Pain was mindin’ his own business, enjoyin’ his chop suey and cashew chicken when he overheard two ol’ boys in the next booth talkin’ about “that Obama.”

Here’s a snippet of the convo…

Bubba: “I know Trump had to say it to get elected, but you know Obama ain’t no citizen.”

Burford: “You got that right.  He wasn’t born in Hawaii.  Everybody knows that. He claims he’s a Christian, but he ain’t.”

Bubba: “He said he went to Harvard but I don’t believe that.  He wouldn’t even disclose his transcripts.  If he won’t show his transcripts, you know he’s hidin’ something!”

At this point, Tea Pain couldn’t resist, so he leaned over and dropped a clod in them boys’ churn.

“Do you fellers think Trump should release his tax returns?

Bubba cast a jaundiced look Tea Pain’s way and chimed in, “Nope.  A man’s entitled to his privacy.”

Tea Pain let Bubba’s words lay there for a minute hopin’ he’d smell the hefty irony over his chicken with garlic sauce, but all Tea Pain got in return was a dead-eyed mackerel stare.

Nobody called anybody the “N-word.”  There was no white-pride stickers on their trucks.  They’ve never even darkened the door of a KKK meetin’,  but them two fellers just stripped a man of his dignity and equality based on his skin color.  Sadly, it makes perfect sense to them that Trump is entitled to privacy just because he’s white (well, orange).  They genuinely believe Trump is a good Christian, but not Obama, even though both have made the same confession of faith.

Seein’ no victory to be won here, Tea Pain quietly finished his meal and opened his fortune cookie.  It said, “Never approach a bull from the front, a horse from the rear or a fool from any direction.”

 

Comey’s Last Cast

Fishing at sunset on the Donegal coast (© John Rafferty Photography)

If you ever spent any time fishin’, you can appreciate the psychology behind the FBI’s bombshell leak today that it used Christoper Steele’s now-famous dossier to obtain a FISA warrant against Trump adviser Carter Page last year.  This means the dossier was corroborated against other available evidence and met the threshold of “probable cause” to obtain the warrant.

That’s all well and good, but what does it mean in context of the current #TrumpRussia scandal?  That’s where the fishin’ comes in!

Tea Pain Carter Page Worm

Last week James Comey trickled out a teasin’ little morsel that Carter Page was the target of a FISA warrant.  This was ol’ Jimmy baitin’ his hook and danglin’ it in the water to see what mid-level minnow was interested in takin’ a nibble. Once Jimmy snagged him a nice juicy bait-fish or two, he’d be ready to go after the illusive tiny-finned King Fish.

If Page is the worm, then who is the little fish?  Why any one of a dozen of the usually scaly suspects will do: Mike Finn, Roger Stonefish, or Paul Manatee, maybe even a few more exotic species such as mayor-mackerel Giuliani or Boris “Blowfish” Epshteyn.

So what does this leak really mean?  First of all, it was leaked intentionally and had a loud and clear message: Comey has plenty of little fish and now he’s just cullin’.  What is “cullin'”, you ask?  That’s when you done caught your limit, but you keep on fishin’, keepin’ the bigger fish while throwin’ the little ones back.  Today’s leak is also a signal, a clarion-call that Comey is about to make his final cast and head to the house.

The dossier is for real and if you’re in it, then God help ya!  The little fish with the best fish-story escapes the fryer!

Impeachment Impatience

TrumpyTea Pain understands your Trump troubles better than anybody.  That feeling we all get when Trump cranks out another evidence-free tweet yammerin’ about 5 million illegal voters for Hillary or the latest saga about how the Tax Marcher’s were all paid for by mysterious “Deep State” deep pockets.  After bearin’ up under countless Benghazi hearings which yielded nothin’, you’re beyond frustrated how Congress is draggin’ its heels investigatin’ the greatest crime in American History: Trump’s collusion with Russia to steal the 2016 election.

When you feel like you’re gonna flip your lid, console yourself with these thoughts…

  1.  It took 26 months to bring down Richard Nixon after the DNC break-in at the Watergate Hotel.  This was a small, cut-and-dried burglary where the conspirators were caught red-handed, and they were all Americans.  With #TrumpRussia, we are dealin’ with a virtual DNC break-in at the hands of slippery Russian hackers and the machinations of a foreign power’s massive intelligence apparatus.
  2. The case against Trump must be air-tight and self-evident.  Even though Trump’s popularity has fallen and it can’t get up, there’s still millions of droolin’, knuckle-draggin’, Trump-lovin’ Neanderthals that would gladly take to the streets with their shootin’-irons to defend their plump Messiah.  The case against Trump has to be so persuasive that Trumpers will hang their heads in shame and keep the blood outta the streets.
  3. There must be no doubt of Trump’s guilt.  You are talkin’ about accusin’ the most powerful leader of the free world of bein’ a traitor and a crook.  The evidence must be conclusive, pursuasive and complete, not only to all Americans, but to the nations around the world so as not to further damage America’s standing and respect.
  4. The process must have a plan for national healing.  The investigations and pursuant trials must be bipartisan and not appear like one party is usin’ it to overthrow the other.  Otherwise our nation will be more divided than ever.  The Republicans need to be convinced their candidate is guilty as well.
  5. Truth always wins.  You can take this to the bank, fellow patriots.  As a whole, America is still a great moral country and the truth still fetches a premium in our hearts.  Evil will not prevail, but we must do this right, by the numbers and accordin’ to Hoyle.  And when it’s over, we will be a better nation and a stronger people.

 

 

 

Debunking Trump Tower’s Alfa Bank Server Scandal “Explanation”

From May 4 until September 23, 2016, a Trump Tower server mysteriously transmitted data to Russia’s Alfa Bank.  As soon as the story broke, Trump’s team pulled the process down and offered an “interesting” explanation:  “A thorough network analysis conducted by Cendyn at the request of the Trump Organization determined an existing banking customer of Cendyn, completely unrelated to Trump, recently used Cendyn’s ‘Metron’ Meeting Management Application to send communication to AlfaBank.com.”

Metron is a “cloud based” computing solution, meaning the software is not installed at either bank, and that all communication is performed via browser to the Metron Cloud servers housed at Cendyn.

Metron Cloud
This is their “explanation?”  The data traffic was NOT between Trump Tower and Alfa, but between an “unknown bank” and Alfa?  To anyone with a basic understanding of internet architecture, this is at best laughable.   The actual data traffic observed over 120 days were thousands of DNS Lookups directly from Alfa Bank to Trump Tower.  Oddly, during the same time frame, identical DNS traffic was ongoing between Trump Tower and Spectrum Health in Grand Rapids, Michigan, affiliated with the powerful DeVos family.  The traffic observed is illustrated in the model shown below.

DNS Diagram

Later, Trump Tower offered these “connections” were most likely email traffic.  Data analysts scoffed at this, noting that some of these connections lasted as much as 10-15 minutes.  An email would take only a fraction of a second.

Not only does the data traffic between Trump Tower and Alfa Bank totally contradict Trump’s “explanation”, but the traffic continued around-the-clock and is not consistent with the normal business hours of a bank.

Round The Clock

Want to know what was really going on?  Read Tea Pain’s “Jared Kushner’s Stealth Russian Data Machine.”

 

New Analysis Supports Database Replication Theory Between Trump Tower and Alfa Bank

On April 3rd, Tea Pain released an article, “The Trump-Russia Data Machine” that got the internet buzzin’ about the possibility that the unexplained computer traffic between Trump Tower, Russia’s Alfa Bank and Spectrum Health had been deciphered.  In just 3 days, over 80,000 viewers read how these 3 unrelated businesses were possibly sharing a growing database of targeted voter rolls through a process known as Database Replication.

Database Replication is a simple concept where 2 or more large databases in different locations stay in sync with one another by broadcasting hourly changes to each other. Building on the analysis of data scientists, Tea Pain was able to theorize that this common business practice is how the data was being stored and passed back and forth to Russian intelligence without raising undue suspicion.

But the article raised additional questions.  The new hourly replication theory could be easily debunked if there were more than 24 connections made between Trump Tower and Alfa Bank in one day.  Tea Pain contacted key sources on Twitter and soon got his hands on the leaked raw data.  Tea loaded the IP transactions into SQL Server and proceeded to see if his theory would stand up against the raw data.  What he found caused him to erupt into a cautious “end zone dance” of patriotic optimism.

The data was totaled by connections per day and reflected precisely what Tea Pain’s theory had predicted.  Since data is only copied when changes were made, there would scarcely be a day where changes were being made every hour of the day.  Tea Pain also discovered that there were few connections during the early days of the database, but those connections grew as the databases grew in size. These connections ceased entirely when the suspicious traffic was discovered and Trump IT pulled the process offline.

UPDATE: Trump Tower uses a Contact Management System from Cendyn that uses SQL Server. The tools needed to achieve this replication were already installed.   Tea Pain has been in touch with one Ivy League college and a number of media outlets.  This new explanation is causing data analysts to look in new places to reconstruct what appears to be massive data collusion between the Trump Campaign and Russian Intelligence.

Data Patterns Reveal Trump Tower/Spectrum Health Ran a “Stealth Data Machine” With Russia

We pull back the curtain on Jared Kushner’s “Stealth Data Machine.”

Stealth Data Machine

Jared Kushner is currently taking a victory lap, crowin’ about his “Stealth Data Machine” that put Donald Trump over the top in the 2016 race.  Let’s pry off the lid and peer into the inner-workings of this “Data Machine.”

The Signal in the Noise

Building on the data analysis by @Conspirator0 on Twitter, Tea Pain has stumbled onto a possible “signal in the noise” that opens a window into the data-swappin’ shenanigans going on between Trump Tower, Spectrum Health and Russia’s Alfa Bank during the election.

Spectrum Health, owned by Michigan’s powerful Devos family, attempted to explain the IP activity as “Voice over IP traffic”, whereas Alfa Bank offered an even more exotic explanation that “hackers attempted to make it look like we contacted Trump Tower.”

The data traffic, when analyzed, tells a very different story, a story of automated, orchestrated data sharing among multiple sites for a strategic end.

Tea Pain originally dismissed this story as a possible red-herring.  With the Russia craze at a fever pitch, this activity could be explained by what Tea’s daddy used to say, “When you got a new hammer, everything looks like a nail.”  But when Tea Pain saw the data patterns analyzed by Conspiritor0, he knew he’d spotted something mighty familiar: Database Replication.  Put a pin in that, more on that later.

Ping Duration

At first, data analysts were puzzled by what appeared to be random activity with no apparent pattern.  Perhaps it was email activity?  Maybe money transfers?  But there were literally thousands of these IP “pings.”

Once the activity was charted, a pattern emerged.  For example, a connection is made from Alfa Bank to Trump Tower, which may last anywhere from 1 minute to 15 minutes or more, followed by a longer “sleep” period.  When averaged over months, these events charted an average time between connections to be 3660 seconds, or 1 hour and 1 minute.  Whatever was running, it would hook up, transfer data for a few minutes, then go to sleep for an hour.

This was the clue that led Tea Pain to formulate a much clearer working model to explain what we were all seeing:  SQL Server Database Replication between multiple sites.

Database Replication

What Is Database Replication?

Database Replication is a rather simple concept.  When you have a database with millions of records representing hundreds of gigabytes of data, and you would like to keep a copy of that database housed in 2 or more locations, it makes no sense to continually copy the entire database from point A to point B every time a change is made, so you “replicate” it.

This allows only the changes made to be sent from one database to another.  This is accomplished by a process that runs on timely intervals, usually an hour, that wakes up and checks the changes made since the last hour and broadcasts those changes to the other database.  The other database, in turn, check for its changes and broadcasts them in the other direction.  Voila!  Both databases are identical!

So what does the data traffic patterns suggest?  Check out the chart below.  Behold, Kushner’s “Stealth Data Machine.”

Russia Data Traffic

The white box illustrates the scope of data we can now observe.  The bulk of the replication took place between Trump Tower and Alfa Bank, while smaller amounts of data were transferred between Trump Tower and Spectrum Health.  If, for example, Trump Tower talked to Alfa Bank for 10 minutes, the next Spectrum-Trump Tower connection might last only one minute, indicating data replicated from Trump Tower to the Devos health care empire was being filtered, perhaps by “WHERE StateCode=’MI'” for example.  But when changes were made at Spectrum, things looked very different.

IP Packetts

Conspiritor0 noted that when Spectrum connected to Trump Tower, Trump Tower’s next connect time was significantly longer, indicating Spectrum had modified a large chunk of records that had to be synced to Trump Tower, then pushed on to Alfa Bank. This detail was important in identifying that replication was in use.  In this scenario, Trump Tower was functioning as a center-point, a data distribution center if you will.

We don’t know what was in these data packets; that info is beyond our purview at this time, but ask yourself a simple question and you find your answer: “What do Trump Tower, the Devos Family and the Russians all have in common?  A desire for Donald Trump to be President of the United States.

Tea Pain’s working theory is that Russia created a voter targeting database with information gleaned from hacked DNC data rolls and other data rolls “acquired” from other states to feed this growing contact database.  That database originated at Russian Intelligence which was in turn replicated to Russia’s Alfa Bank.  This is where the “data laundering” takes place,  Alfa Bank is the pivot point where the FSB’s data fingerprints are wiped clean.  Ironically Russia launders its data at the same place it launders its money.

At Trump Tower, more data could merged into this system using various legal sources as well.  Spectrum Health could also add value to the data by matching names and addresses in their extensive healthcare databases to harvest email addresses and phone numbers to flesh out this list.  All these changes would be promptly replicated back to Russia in a matter of hours.

Once back in the hands of Russian Intelligence, this massaged data could be programmatically matched up with social media handles to create a micro-targeted “hit list” for the thousand Russian trolls employed by Putin.

The Payoff

How is this a breakthrough? Now that we have identified the likely means of how this data was transferred, data analysts now have more precise points to search for to arrive at a complete reveal of the massive data collusion between Team Trump and America’s foremost adversary.

The “beauty” of this system is its simplicity.  Here’s some bullet-points to sum up.

  1. No special software needed. SQL Server is used in most every major enterprise.  Replication is a built-in tool.  No mysterious hidden processes, viruses, malware, etc.
  2. Virtually undetectable. No one would blink an eye at data replication, a standard business practice.
  3. Could all be set up remotely with only VPN credentials and remote desktop access, information that is often shared via routine third-party data audits. No one inside Trump Tower or Spectrum’s IT department need be involved. One Russian Intelligence data operative could set this up in less than an hour at each location.  No low-level “conspirators” needed.
  4. Value could be added to the data anywhere in the chain and it would promote back to Russian Intelligence within 2-3 hours.
  5. All data-transmission would be out in the open, mixed in with the daily flow of business.
  6. Even if found, the data would look benign, just names, addresses, phone numbers, email addresses, social media handles, etc. No financial information. It would look just like a contact lead database purchased from any data-mining merchant.
  7. Trump/Spectrum operatives and employees in the United States could interact with this list and have no clue the origins of the data were nefarious.  This plain-sight approach was the key to its success.