Feb 15, 2022·edited Feb 15, 2022Liked by Robert Graham
I'm mostly on-board with your interpretation. You say "[a]ll this was before Trump was elected in 2016 — they didn’t spy on the Trump White House." Item 6 in the document seems to say that it continued after 1/20/2017.
I'd also point out that earlier Durham filings indicated that Tech Executive-1 was hoping for a position in the Clinton administration, so even if he was uncompensated, he was hoping for compensation.
One more thing: IANAL, but it seems to me that TE-1 may have opened up Neustar to civil liability. I'd like to hear a real lawyer's opinion on that.
The meeting with the CIA was Feb 9, 2017. There wasn't enough time to continue to spy on the White House. Yes, the Durham document "seems to say", but does not actually clearly say.
Yes, Durham claims cherry picks things to create a story that it was all about Joffe seeking some sort of cyberczar position, but it's not really supported with evidence. I believe it's probably true, but at the same time, I can't defend that position.
I doubt there's civil liability. Neustar manages DNS services where people willingly sent them DNS requests.
alfabank/trump dns request wouldn't be coming from whitehouse internal network, it would be coming from a public resolver. I doubt Trump Tower was a ultradns _commercial_ user.
I'm rather curious which resolver was it, and what was the chain of agreements for sharing of the traffic (presumably neustar->packetforensics->gatech) with DARPA indirectly in the middle. There likely were restrictions on sharing.
Edit: remember gdd53 and node_id:ams-ix23 ? Could well be one of root-servers at amsix. Uh oh.
Edit: Sussman indictment, quoting: "Among the data that University-1 accessed through Internet Company-1 was the DNS data of an Executive Branch office of the U.S. government ("Office-1"), which Internet Company-I had come to possess as a sub-contractor in a sensitive relationship between the U.S. government and another company."
Is Agency-1/Company-1 DARPA/neustar? Or, NSA/packetforensics (also owned by rjoffe). Huh.
I think it is outrageous because of "special trust" given to entities that receive (say) netflow and dns logs for threat intel, from internet infra (public resolvers for example). It's not just about rjoffe or neustar's reputation, it is a stark reminder of potential conflicts of interest and insider threats, and I'd think twice about cymru feeds now.
Neustar provides protective DNS services to a ton of organizations around the world, including a public resolver. They log all the requests. What they searched for was YotaPhone requests, not "Trump campaign DNS requests". They could then filter the YotaPhone requests by location.
In other words, they know of a YotaPhone in Trump Tower, because Trump Tower was apparently a Neustar user. It wasn't because they reached out and arbitrarily started monitoring Trump Tower.
I'm mostly on-board with your interpretation. You say "[a]ll this was before Trump was elected in 2016 — they didn’t spy on the Trump White House." Item 6 in the document seems to say that it continued after 1/20/2017.
I'd also point out that earlier Durham filings indicated that Tech Executive-1 was hoping for a position in the Clinton administration, so even if he was uncompensated, he was hoping for compensation.
One more thing: IANAL, but it seems to me that TE-1 may have opened up Neustar to civil liability. I'd like to hear a real lawyer's opinion on that.
The meeting with the CIA was Feb 9, 2017. There wasn't enough time to continue to spy on the White House. Yes, the Durham document "seems to say", but does not actually clearly say.
Yes, Durham claims cherry picks things to create a story that it was all about Joffe seeking some sort of cyberczar position, but it's not really supported with evidence. I believe it's probably true, but at the same time, I can't defend that position.
I doubt there's civil liability. Neustar manages DNS services where people willingly sent them DNS requests.
alfabank/trump dns request wouldn't be coming from whitehouse internal network, it would be coming from a public resolver. I doubt Trump Tower was a ultradns _commercial_ user.
I'm rather curious which resolver was it, and what was the chain of agreements for sharing of the traffic (presumably neustar->packetforensics->gatech) with DARPA indirectly in the middle. There likely were restrictions on sharing.
Edit: remember gdd53 and node_id:ams-ix23 ? Could well be one of root-servers at amsix. Uh oh.
Edit: Sussman indictment, quoting: "Among the data that University-1 accessed through Internet Company-1 was the DNS data of an Executive Branch office of the U.S. government ("Office-1"), which Internet Company-I had come to possess as a sub-contractor in a sensitive relationship between the U.S. government and another company."
Is Agency-1/Company-1 DARPA/neustar? Or, NSA/packetforensics (also owned by rjoffe). Huh.
Internet Company-1 was Neustar.
Office-1 was Executive Office of the President.
I don't think packetforensics employed Joffe. The filing implied employer, hence, Neustar.
I think it is outrageous because of "special trust" given to entities that receive (say) netflow and dns logs for threat intel, from internet infra (public resolvers for example). It's not just about rjoffe or neustar's reputation, it is a stark reminder of potential conflicts of interest and insider threats, and I'd think twice about cymru feeds now.
How does Neustar get Trump campaign DNS requests before the inauguration? Was the EOP providing IT security/WiFi to the Trump campaign?
Neustar provides protective DNS services to a ton of organizations around the world, including a public resolver. They log all the requests. What they searched for was YotaPhone requests, not "Trump campaign DNS requests". They could then filter the YotaPhone requests by location.
In other words, they know of a YotaPhone in Trump Tower, because Trump Tower was apparently a Neustar user. It wasn't because they reached out and arbitrarily started monitoring Trump Tower.