Researcher Still Being Pursued By Russian Bank Over Last Year's Mistaken Trump Connection Story

from the every-weapon-deployed dept

The war on security researchers continues. But then, it’s never really shown any sign of abating, has it? Report after report comes in of security researchers being threatened with lawsuits or arrest simply for finding and reporting security breaches.

The war on Jean Camp continues to this day, with the researcher on the receiving end of multiple legal threats from the American law firm representing Kremlin-linked Alfa Bank. Camp came under fire from the bank last year, after a story came and went mistakenly insinuating a Trump server was in engaged in lively conversation with Alfa Bank’s servers during the run-up to the presidential election.

That was back in March. Law firm Kirkland & Ellis sent legal threats and communication retention demands to Camp. In addition to demanding she retain all communications possibly relevant to Alfa Bank’s vendetta, the firm also threatened to file CFAA charges.

Nothing has improved over the last several months. The law firm’s tactics now apparently include the use of FOIA laws to grab even more of Camp’s communications. The Intercept reports on the latest developments in the Alfa Bank case.

Alfa’s lawyers went beyond scary lawyer boilerplate, demanding that Camp not only turn over all of her related communications with members of the media, but also divulge her full correspondence with the anonymous Tea Leaves, presumably for the purpose of unmasking and pursuing them. As a professor at a publicly funded university, Camp’s official correspondence is subject to public disclosure.

Alfa Bank seems keen on discovering who the mysterious security researcher “Tea Leaves” is. The pseudonymous researcher was instrumental to the mistaken claims published by Slate in its original report on the supposed link between Trump and the Russian bank. A letter sent by the law firm in May demands Camp turn over “Tea Leaves'” real name, title, and work address if she’s in possession of that information.

Another letter in June expanded Alfa’s demands, ordering Camp to turn over communications and other information related to her work with other security researchers. The latest letter, dated August 3, shows Alfa — through Kirkland & Ellis — serving up a public records request for

“All emails sent, received, or deleted by Professor Camp from University computers or systems using her University or personal email accounts that include any of the keywords “Alfa,” “Alpha,” “Alfa Bank,” “Alpha Bank,” “Trump,” “Clinton,” “Russia” or “Tea Leaves.”

Considering this all took place shortly before the election, this request has the potential to sweep up a great number of communications not directly related to Alfa Bank’s case. But even if it were more limited, it would still be disturbing. Alfa is looking to out other security researchers Camp has been in contact with, presumably in hopes of nailing a few of them to the wall for drawing mistaken conclusions about Trump server traffic.

The Intercept’s Sam Biddle notes this clearly isn’t what legislators had in mind when crafting public records laws.

Although public records laws typically don’t distinguish between U.S. citizens and foreign entities that use them, the purpose and spirit of such laws are generally understood to be a means of making government activities transparent for the public interest. Camp works for a public university and is a government employee, of course, but it’s hard to imagine laws like Indiana’s Access to Public Records act drafted with the well-being of Russian financial mega-institutions in mind.

This is likely true, but ultimately it makes no difference. The law cannot forbid companies from using public records laws to obtain information. (And companies know it.) After all, companies are made up of people and proxy records requests aren’t just for bullying by foreign banks. Muckrock does this all the time, acting as an intermediary for requesters who don’t live in the states they’re requesting records from. Some laws prevent out-of-state requests. Muckrock’s proxies work around this limitation. The use of a US law firm is more of the same, even though most records requesters aren’t normally looking to destroy the target of their requests.

Oddly, the PR firm representing Alfa Bank has been the only entity to respond to requests for comment. And it has done so with as much spin as possible. As Biddle reports, BGR Public Relations claims the nearly-yearlong issuance of threats and demands to Jean Camp isn’t illustrative of Alfa Bank’s end goals. It just wants to “get the facts straight.” Apparently, straightening things out means endangering Camp’s career and, potentially, the livelihoods of every researcher she spoke to about Alfa Bank server traffic.

Filed Under: , , ,
Companies: alfa bank, kirkland & ellis

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Researcher Still Being Pursued By Russian Bank Over Last Year's Mistaken Trump Connection Story”

Subscribe: RSS Leave a comment
ANON says:

Why Not...

Presumably the law means what it says. As a public employee (essentially) she must turn over any email regarding what she did while paid as such. however, I would hope the same avenue is open to her as to any other group obfuscating an FOIA request… “OK, here’s what it’s going to cost – I need to hire an IT expert at $X an hour and have them go through my emails one by one to determine which are relevant, which are personal and not relevant. This could take a few months…” After all, why should she put her work on hold to deal with this? her time is valuable too.

ralph_the_bus_driver (profile) says:

Re: Why Not...

The FOIA request could only apply to any documents related to her position as an employee of the university. Personal emails can not be covered as relevant under any FOIA. I’m pretty sure personal property is covered under the Fourth and Fifth Amendments.

Paying to sort through them should not be a barrier as that can backfire to others asking for legitimate documents. But, I like the way you think.

Oblate (profile) says:

They can always ask...

FOIA Exemption 6:Information that, if disclosed, would invade another individual’s personal privacy.

Seems like any e-mails to or from Tea Leaves might be exempted. Any additional potentially responsive e-mails could be rejected using the rule the banks bought:

FOIA Exemption 8: Information that concerns the supervision of financial institutions.

Might not be entirely (or even very) fitting, but they would get points for irony. Most of the e-mail that remains would likely be campaign ads and other junk mail.

Anonymous Coward says:

I never understood

why people would spend their time “working with” businesses that have closed sources and giving them direct “non-public” feed back.

No good deed goes un-punished. The only security report should be a public one.

Security is nothing but an after thought for applications and businesses. Just enough to stave off legal liability and fuck the rest.

Security will be serious when we finally do these things.

#1. A programing language and compiler that focuses on security from the ground up… no exceptions.

#2. Zero 3rd party protocols like the PKI racket/confidence con.

#3. No backdoors/reversible encryption/recovery agents and software only security components.

#4. The presence of a physically attached “encryption key” circuit that is physically capable of accepting/using a physical or software based key but is physically incapable of reading or reporting on its own key!

Security is a joke, humans suck at it because of fear. fear of losing the key causes businesses to create recovery agents or back-doors are put into every fucking thing that handles encryption.

Anonymous Coward says:

Re: I never understood

A programing language and compiler that focuses on security from the ground up… no exceptions.

I’m not sure what exactly you envision there. Different things require different security, and security protocols change. Putting the security in the language only changes where the bugs could be – it doesn’t get rid of the bugs.

Anonymous Coward says:

Re: Re: I never understood

compiler level security has nothing to do with protocols.

This would be where things like buffer overflows, and incomplete data sets, specially crafted packets, and unhandled exceptions are handled with security in mind. If you can attack vulnerabilities in the programing language then everything built on top of those vulnerabilities are also vulnerable.

Take PERL, a relatively high level language. I was watching a video where a developer destroys the language. Basically because the compiler would allow a person to use untyped data, he could make any perl program execute malicious code the moment he has access to provide data in just about any variable. I wished I could find the link to it but I just cannot remember where it was… maybe a TED talk. Hopefully someone can remember and post the link here.

For security reasons… programming languages should be strongly typed! Sure there are a number of ways to help protect against this, but if you just don’t allow for it to begin with… you never have to worry about it.

So in short programing languages should be written to pretty much prevent any ambiguous code execution as much as logically possible.

Anonymous Coward says:

Re: Re: Re: I never understood

What languages are you proficient at and do you understand the inner workings of same? For example C lang mutex?

Are you cognizant of various operating system safeguards upon over running ones memory space? How does the language used stop these attacks?

You imply that it is possible to eliminate all potential bugs that could possibly affect code execution – do you really believe that?

Anonymous Coward says:

Re: Re: Re:2 I never understood

Oh, I see, I have to be able to understand the inner working of a “particular” programming language to have a say, is that it?

Not going to play your troll game.

A mechanic is more than capable of telling an Engineer what is wrong with their engine design without being an Engineer. The same reason we can all understand the weakness behind a tumbler locks without being lock smiths.

We are over reliant on idiot “professionals” with a long list of credentials but full of stupid! Seen it so damn many times…

Anonymous Coward says:

Re: Re: I never understood

When a compiler/language “focuses on security”, it normally means they focus on the reduction of undefined behavior. This can make entire classes of security-relevant bugs go away (buffer overflows, use-after-free, integer wraparounds, type mismatches). It may also mean they provide tools to assist with theorem-proving or other analysis (it might be intentionally simple to help with this). Usually it wouldn’t refer to security protocols being baked into a language.

Anonymous Coward says:

Re: Re: Re:2 I never understood

Seriously? That is nothing but troll bait posting.

There will ALWAYS be risk of outside interaction from anything, not just from a hyper-visor. Technology is advanced enough for outside forces to affect computing with limited accessibility and with more advancement an external computer may be able to see the contents of another systems RAM remotely without shielding and potentially inject code physically into the machines circuits completely bypassing all physical circuit and software protections. The point is that we perform risk mitigation on these things by changing how we constructing languages, libraries, and compilers along with physically shielding them from interference. None of these are even new concepts, just poorly implemented as requirements dictated with little forethought for expediency.

That One Guy (profile) says:

About that...

Alfa is looking to out other security researchers Camp has been in contact with, presumably in hopes of nailing a few of them to the wall for drawing mistaken conclusions about Trump server traffic.

When the story first came out I figured it was just a stupid mistake on the security researcher’s part, making a connection that didn’t actually exist. People make mistakes, it’s not that big of a deal honestly, story over.

With how fanatical they are apparently being in demanding everything however, going on a gorram crusade to ‘set the record straight’ I’m starting to revise my opinion and suspect that there might in fact be a bit more to it than that. Whether that be the original findings being a little too close to actual evidence they don’t want found, or wanting to scare anyone else from investigating their doings for purely innocent reasons(promise!), their actions leave me with the impression of attempting to send a message to scare people off at the least.

MyNameHere (profile) says:

This is the incredibly huge and strong upside to “everyone is a journalist” nonsense, which basically means that people like this can get their name sullied by accident and then have to live it over and over again. People get the story wrong, it gets repeated.

What is the expression, a lie goes around the world before the truth even gets it’s pants on?

Worse for this guy of course if he got meme’d. At that point, all hope is lost.

Anonymous Coward says:

What happens if this whole thing wasn’t an accident? What happens if this person was acting on behalf of the DNC or the Clinton campaign? What happens if the goal was to connect Trump and Russians by any means, even if it was a lie? What happens if this person, the DNC and the Clinton campaign just made this thing up and put it out there?

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...