YotaPossibilities (Part 3)
Joffe's Silliest Trick, Part III
The white paper can be found here.
On we press:
“here are Russian-made cellular devices on these networks, seldom seen elsewhere in the US” And now we go into a long list of undefined qualifiers. Russia-made cell phones are ‘seldom seen’ elsewhere in the US. Yeah? What’s seldom mean? If the writers want us to believe this network activity was unusual, they had better bring some control data to quantify it. Was this an assumption on there part? Perhaps, they certainly haven’t supplied anything to support their contention that this traffic was unusual (more on that later).
So why would there be Yotaphones floating around? Certainly there are Russian tourists visiting the US. Statistica indicates about 300,000 visited in 2017. But not only Russians used Yota. Yotaphone 1 and 2 were popular export products to Europe and Asia in the mid 2010s. Certainly New York City and Washington DC are popular tourist destinations for any of these potential users.
“these networks appear to be attempting SIP-connections to Russian networks”. SIP is protocol used for voice over internet (VOIP), instant messaging, things like that. For instance if you were in a foreign country without service from your cellular provider, and wanted to make phone calls or video chats over Wifi. This, again, is what you would expect from tourists.
“which very few IPs globally are seen trying to resolve” We are going to see the term ‘globally’ many times in the white paper. Unfortunately it is never defined. Do they mean globally in the sense of the entirety of the datasets they examined? Or globally in all the DNS data in all the world?
If its the former, well we have no idea the extent of their dataset, because they havent provided it or even explained their methodology.
If its the latter… Rodney Joffe has access to a good deal of DNS data, no question. But not all of it, not even most of it. By far, the largest passive DNS connection database in the world is maintained by a company called Farsight Security. Farsight was founded by a tech innovator named Paul Vixie, generally known as the inventor of DNS.
Joffe and Vixie have a long history together, but they had a falling out years ago. Moreover, Farsight and Joffe’s companies are competitors in the pDNS field. In any event, its hard to take seriously an argument that you have examined ‘global’ DNS records without including the Farsight DNSDB. And perhaps the writers did, but if so, we have no idea, because they havent explained their methodology.
Now we get into the ‘big if true’ section of the white paper. Is is possible that these Yota hits at different locations are from the same device. They hits could be possibly correlates to big events in the world.
So where is the evidence that support these possible scenarios? Nowhere. Perhaps buried in whatever data Sussmann handed to the CIA you could find evidence of given events matching up with Yotaphone requests, but you could also ‘possibly’ find those requests matching up with just about anything. This is the Texas Sharpshooter fallacy.
The writers are leaving it up the imaginations of the recipients to run wild. Depending on what you’re hoping to find, all sorts of correlations are certain to appear to match up to whatever data they provided. That doesn’t mean they are actually correlated.
“This document summarizes factual observations” Now those are some weasel words. Why is your white paper summarizing your factual observations? They are making an extraordinary claim, that the President of the United States maintains clandestine communications with unknown Russian entities. But they are summarizing their factual observations? Where is the extraordinary evidence?
“so that others may infer activities associated with these Russian phones on Trump’s networks.” Do you see what they did there? Others may infer. We’re just tossing it out there. Its up to the CIA or the FBI or the NYT to go on their own fishing expeditions and find any actual evidence of wrongdoing.
This is the tell that the entire paper is garbage. Its the equivalent of your weird uncle sending his conspiracy theories to the CIA to investigate. And its supported just about as well, not withstanding dressing it up in tech jargon and including some queries to make it look official.
Which is what we’ll take a look at in the next post.