Fact-check: Hillary didn't pay techies to infiltrate Trump Tower or the White House
Moreover, Durham's filing doesn't even allege this -- somebody just misinterpreted what Durham wrote.
Claim: from Fox News:
Lawyers for the Clinton campaign paid a technology company to "infiltrate" servers belonging to Trump Tower, and later the White House, in order to establish an "inference" and "narrative" to bring to government agencies linking Donald Trump to Russia, a filing from Special Counsel John Durham found.
Verdict: Liar liar pants on fire
Summary:
No, the filing does not allege payments from the Clinton campaign (or its lawyers) to Neustar (Internet Company-1), and nobody has claimed such a thing until now. The only payments alleged by John Durham are from the Clinton campaign to its lawyers, not any payments from its lawyers.
No, there are no servers belonging to the Trump Tower or the White House involved. Actually, there’s no servers involved. The thing in question are Neustar’s DNS logs, which presumably are stored on servers somewhere, but this isn’t really relevant (you wouldn’t accuse Neustar of infiltrating it’s own servers).
No “infiltration” happened. The issue is misuse of data legitimately in their possession.
Yes, they misused the data legitimately in their possession for possibly illegitimate purposes — specifically to support conspiracy-theories against candidate Trump.
Details:
(this content is going to be repeated across multiple related fact checks)
Neustar (Internet Company-1) provides enhanced DNS servers to many major organization around the world. They receive DNS requests from those using its services, which apparently includes the White House, Trump Towers, and Spectrum Health. The purpose is to protect against cyber threats, mostly phishing and malware. They “log” these requests, keeping a record of where the queries came from and for what names.
Neustar’s techies are constantly analyzing these DNS logs in order to find patterns, to stay one step ahead of hackers. They share the DNS logs with university researchers, who are devising new ways to track down hackers and stop them.
DNS is the “phone book” of the Internet. Almost every activity you do, such as clicking on a website or updating your phone, first involves a DNS lookup of a name (like www.google.com) to a numeric protocol address (like 172.217.10.100). The underlying network routes traffic according to numeric protocol addresses, not names. By blocking DNS lookups to fraudulent names like gmail.com.verified-address.info, Neustars servers can protect against many phishing attacks.
While they can see the names, they can’t see any other content of Internet traffic. The can’t spy on websites, emails, Zoom calls, or whatever. But if you look for ExpertSexChange.com, they’ll see that name.
To use Neustar’s cyber threat protection, configure your computer or home router to redirect DNS queries through their servers, 156.154.70.2 and 156.154.71.2. It’ll block much malware and phishing, at the expense that they’ll see what queries you make from your Internet address.
Rodney Joffe (Tech Executive-1) at Neustar. He worked with DNS researchers across the industry, including at Georgia Tech (university).
They worked together on analyzing Neustar’s DNS logs, and logs from other sources, in order to counter cybersecurity threats. During this time, Georgia Tech competed for and won a $17million contract from DARPA to find new ways of tracking down hackers using DNS logs.
This includes analyzing DNS logs from Neustar, which means from most all of Neustar’s customers, including the White House, Trump Tower, and Spectrum Health. I guess the size of the logs is on the order of trillion entries of requests from millions of users over more than a decade.
Thus, Neustar and Georgia Tech analyzing these logs for cybersecurity reasons is totally legitimate. It’s not considered spying, and it’s absolutely nothing like “infiltrating” something.
However, Joffe and the Georgia Tech researchers went beyond their scope, analyzing those logs for what they describe as “legitimate national security concerns”, but which others describe as “derogatory information on Trump”. National security and cybersecurity are interrelated after all, in their minds, so if they believe a candidate for President is a Manchurian candidate controlled by the Russians, then in their minds, they are justified for searching the logs for corroboration.
Thus, fearing that Donald Trump was some sort of national security threat, they used their logs to investigate him. They found two things.
The first was what they claim is evidence of a security communications channel between Trump Tower and Alfa Bank, a large Russian bank tied to Putin. They shopped this story around to mainstream media, which rejected it. It was eventually published by partisan news site Slate.com. I’ve debunked this story elsewhere, it’s obviously a crazy conspiracy-theory that simply disparages Trump without pointing to any security threat.
The second was what they claimed were multiple Russian phones associated with the Obama White House and the Trump campaign. The phone was made by YotaPhone, a Russian startup trying to use “e-ink” displays. They were sold in Europe (and weren’t popular even there), and they never shipped a version that worked with U.S. carriers.
Whether this second story started with Trump is unclear. It could’ve started with an investigation into YotaPhone as a way to track possible Russian hackers active in the United States, which is reasonably within their scope of attributing hacker attacks. They could’ve been as surprised as anybody to see YotaPhones at the White House and Trump Tower.
Regardless, it eventually became about Trump, investigating a private citizen, when they performed additional analysis trying to track activity across Trump-related entities (office, apartment, and Spectrum Health) associated with campaign activity.
Whether this constitutes “spying” is a difficult question. They were using only records voluntarily sent to Neustar’s DNS servers, and they had no other visibility. Most of their “spying on Trump” was actually just from reading public news articles about his activities and correlating them with the DNS logs, to make the claim that one of the staffers following Trump had a YotaPhone.
Why they misinterpreted things
I don’t know how they’ve misinterpreted things, but this is likely the source paragraph from the Durham filing:
(Tech Executive-1’s employer, Internet Company-1, had come to access and maintain dedicated servers for the EOP as part of a sensitive arrangement whereby it provided DNS resolution services to the EOP. Tech Executive-1 and his associates exploited this arrangement by mining the EOP’s DNS traffic and other data for the purpose of gathering derogatory information about Donald Trump.)
They seemed to have rearranged the words to “exploited sensitive servers”.
No, that’s not valid at all.
Legitimate concerns:
There are a couple legitimate concerns here.
The first is DNS researchers exceeding their scope. I personally think they did, others argue they didn’t. Either way, it’s not “infiltrating servers” as Fox News claims, but more “abusing authority”. Neustar’s users, including the White House, voluntarily sent them DNS requests with the understanding that researchers would be analyzing them for threats. It’s as if GMail engineers who sometimes have to read emails in order to fine-tune anti-spam/anti-phishing protections used that authority to read your emails because they suspected you were a national security threat.
The second is their relationship with the Hillary campaign. Durham links the researchers with the lawyer Sussmann, who is paid by the Hillary. But Durham claims that Joffe is also a client. In other words, the arrow goes the other direction: it’s not Sussmann (Clinton campaign lawyer) paying Joffe as Fox News claims, but Joffe paying Sussmann as Durham claims.
On the other hand, it’s highly suspicious that Sussmann is the link between the two. They may not have been payment, but it doesn’t mean everything is innocent.
Author biases
I’m a security researcher. I’ve done analysis on DNS logs looking for hacker threats.
I’m a #NeverTrump libertarian who would normally vote for a reasonable Republican candidate over a Democrat.
The difference between "illegally monitoring traffic that flows through the servers stored at your site that you maintain for them" and "illegally monitoring traffic that flows through the servers stored at their site but you maintain for them" is almost nil. It's a technicality.
Certainly nothing LIKE enough of a difference to accuse someone of "liar, liar, pants on fire."
When you focus on technicalities, it sounds like you have something to hide. Just sayin'.
By misusing the data, It was now an infiltration. This company did not respect the data they were gathering and had a contract to gather this data.. The infiltration happened years ago when they were first hired and then they executed it by handing the data to unauthorized parties. This is like putting malware on your computer and years later it executes itself and steals your sensitive data. The firm was corrupt from the git go.