Yota, not Yoda (Part 2)
Joffe's Silliest Trick, Part II
Previously we discussed the background of Clinton campaign lawyer Michael Sussmann and tech executive Rodney Joffe’s attempt to smear the Trump campaign with manufactured allegations of contacts with Russia.
This time we are going into details of the YotaPhone ‘white paper’ itself. This isn’t going to be tech heavy, because I’m not an expert, this is about how little is actually here and how badly it is presented.
The paper can be found here.
Whats important to remember for our purposes is that Sussmann delivered this document (procured by Joffe along with some amount of DNS1 data) to the CIA as evidence that the sitting president was in some type of clandestine communication with Russians.
Lets go through the white paper, one bit at a time.
“Network Analysis of Yota-Related Resolution Events”. The title sounds ominous. A resolution event is nothing more than a device reaching out to a DNS server asking for the IP address of a website or server so they can connect. This ‘resolves’ the name of the location to a unique IP.2 In other words, somebody is trying to connect to a ‘yota-related’ site. Big woop. A YotaPhone would do this all the time, just like an IPhone would reach out to Apple servers for updates, apps, etc. This isn’t sinister, this is how things work.
Introduction, where we see exactly what they are trying to pull off.
“Communications between Russian networks and Trump Tower…” Ok, right out of the box, what do they mean by ‘Trump Tower'? Trump Tower is a 58 story skyscraper in NYC containing hundreds of commercial and residential tenants. There are many networks. Do they mean public wifi? Cell phone networks? A building intranet? Some kind of wonky geolocated amalgamation (hello 2000 mules)? Who knows, the authors do not specify.
We’re going to see a lot of this slight of hand. The important thing is, anybody seriously analyzing this needs to know. You cant just throw a pile of unsourced and unexplained data at the techies and expect them to draw conclusions from it. For goodness sake, somebody might have *gasp* cherry picked what they gave you! And if you dont know where it came from, you can neither verify it or even assess if its a meaningful sample.
“associated Trump properties,” At least the Trump Tower reference told us a location we can verify.
“with artifacts also present at EOP” EOP is the Executive Office of the President. As we might expect, DNS data (or any data) coming out of the White House is unlikely to be publicly available, and the people controlling it probably shouldn’t be passing it around for their personal political crusades (or hitjobs). It just so happens that one of the people with access to this kind of sensitive data is Rodney Joffe.
And what artifacts are they referencing? We dont know, and we dont find out any more, as this is the last time the EOP is mentioned. They just dropped that stink bomb and walked away.
“Spectrum Health resolver IP 167.73.110.8 in Grand Rapids MI is also observed
making similar queries” Spectrum Health is a Michigan based health care organization owned by the DeVos family. Betsy DeVos was confirmed on February 7th, 2017 as Trumps Secretary of Education after a raucous confirmation process. Sussmann delivered this paper to the CIA sometime in February, an amazing coincidence.
So why was Spectrum Health’s DNS data examined? The writers dont say. Were other organizations examined? Trump related, non Trump related? Were there any controls to indicate if this kind of activity was unusual? We have no idea (well, we do, but not from the contents of this white paper).
Alright, that was just the first paragraph, so this is going to be longer than anticipated. The key takeaways are that the authors of the white papers are not providing any meaningful documentation regarding what data they are talking about, why they chose these particular networks to audit, and therefor its going to be difficult to assess whether what they are presenting is meaningful.
Part III found here.
MB
Dont @ me nerds, this is close enough.