Researcher Still Being Pursued By Russian Bank Over Last Year's Mistaken Trump Connection Story

from the every-weapon-deployed dept

The war on security researchers continues. But then, it's never really shown any sign of abating, has it? Report after report comes in of security researchers being threatened with lawsuits or arrest simply for finding and reporting security breaches.

The war on Jean Camp continues to this day, with the researcher on the receiving end of multiple legal threats from the American law firm representing Kremlin-linked Alfa Bank. Camp came under fire from the bank last year, after a story came and went mistakenly insinuating a Trump server was in engaged in lively conversation with Alfa Bank's servers during the run-up to the presidential election.

That was back in March. Law firm Kirkland & Ellis sent legal threats and communication retention demands to Camp. In addition to demanding she retain all communications possibly relevant to Alfa Bank's vendetta, the firm also threatened to file CFAA charges.

Nothing has improved over the last several months. The law firm's tactics now apparently include the use of FOIA laws to grab even more of Camp's communications. The Intercept reports on the latest developments in the Alfa Bank case.

Alfa’s lawyers went beyond scary lawyer boilerplate, demanding that Camp not only turn over all of her related communications with members of the media, but also divulge her full correspondence with the anonymous Tea Leaves, presumably for the purpose of unmasking and pursuing them. As a professor at a publicly funded university, Camp’s official correspondence is subject to public disclosure.

Alfa Bank seems keen on discovering who the mysterious security researcher "Tea Leaves" is. The pseudonymous researcher was instrumental to the mistaken claims published by Slate in its original report on the supposed link between Trump and the Russian bank. A letter sent by the law firm in May demands Camp turn over "Tea Leaves'" real name, title, and work address if she's in possession of that information.

Another letter in June expanded Alfa's demands, ordering Camp to turn over communications and other information related to her work with other security researchers. The latest letter, dated August 3, shows Alfa -- through Kirkland & Ellis -- serving up a public records request for

"All emails sent, received, or deleted by Professor Camp from University computers or systems using her University or personal email accounts that include any of the keywords "Alfa," "Alpha," "Alfa Bank," "Alpha Bank," "Trump," "Clinton," "Russia" or "Tea Leaves."

Considering this all took place shortly before the election, this request has the potential to sweep up a great number of communications not directly related to Alfa Bank's case. But even if it were more limited, it would still be disturbing. Alfa is looking to out other security researchers Camp has been in contact with, presumably in hopes of nailing a few of them to the wall for drawing mistaken conclusions about Trump server traffic.

The Intercept's Sam Biddle notes this clearly isn't what legislators had in mind when crafting public records laws.

Although public records laws typically don’t distinguish between U.S. citizens and foreign entities that use them, the purpose and spirit of such laws are generally understood to be a means of making government activities transparent for the public interest. Camp works for a public university and is a government employee, of course, but it’s hard to imagine laws like Indiana’s Access to Public Records act drafted with the well-being of Russian financial mega-institutions in mind.

This is likely true, but ultimately it makes no difference. The law cannot forbid companies from using public records laws to obtain information. (And companies know it.) After all, companies are made up of people and proxy records requests aren't just for bullying by foreign banks. Muckrock does this all the time, acting as an intermediary for requesters who don't live in the states they're requesting records from. Some laws prevent out-of-state requests. Muckrock's proxies work around this limitation. The use of a US law firm is more of the same, even though most records requesters aren't normally looking to destroy the target of their requests.

Oddly, the PR firm representing Alfa Bank has been the only entity to respond to requests for comment. And it has done so with as much spin as possible. As Biddle reports, BGR Public Relations claims the nearly-yearlong issuance of threats and demands to Jean Camp isn't illustrative of Alfa Bank's end goals. It just wants to "get the facts straight." Apparently, straightening things out means endangering Camp's career and, potentially, the livelihoods of every researcher she spoke to about Alfa Bank server traffic.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 30 Oct 2017 @ 12:08pm

    It just wants to "get the facts straight."

    the only fact I draw from their activity is the "Embarrass us and we will destroy you and everybody you talked to if we can".

    reply to this | link to this | view in chronology ]

  • identicon
    ANON, 30 Oct 2017 @ 12:23pm

    Why Not...

    Presumably the law means what it says. As a public employee (essentially) she must turn over any email regarding what she did while paid as such. however, I would hope the same avenue is open to her as to any other group obfuscating an FOIA request... "OK, here's what it's going to cost - I need to hire an IT expert at $X an hour and have them go through my emails one by one to determine which are relevant, which are personal and not relevant. This could take a few months..." After all, why should she put her work on hold to deal with this? her time is valuable too.

    reply to this | link to this | view in chronology ]

    • icon
      ralph_the_bus_driver (profile), 31 Oct 2017 @ 6:15pm

      Re: Why Not...

      The FOIA request could only apply to any documents related to her position as an employee of the university. Personal emails can not be covered as relevant under any FOIA. I'm pretty sure personal property is covered under the Fourth and Fifth Amendments.

      Paying to sort through them should not be a barrier as that can backfire to others asking for legitimate documents. But, I like the way you think.

      reply to this | link to this | view in chronology ]

  • icon
    Oblate (profile), 30 Oct 2017 @ 12:36pm

    They can always ask...

    FOIA Exemption 6:Information that, if disclosed, would invade another individual's personal privacy.

    Seems like any e-mails to or from Tea Leaves might be exempted. Any additional potentially responsive e-mails could be rejected using the rule the banks bought:

    FOIA Exemption 8: Information that concerns the supervision of financial institutions.

    Might not be entirely (or even very) fitting, but they would get points for irony. Most of the e-mail that remains would likely be campaign ads and other junk mail.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 30 Oct 2017 @ 12:39pm

    I never understood

    why people would spend their time "working with" businesses that have closed sources and giving them direct "non-public" feed back.

    No good deed goes un-punished. The only security report should be a public one.

    Security is nothing but an after thought for applications and businesses. Just enough to stave off legal liability and fuck the rest.

    Security will be serious when we finally do these things.

    #1. A programing language and compiler that focuses on security from the ground up... no exceptions.

    #2. Zero 3rd party protocols like the PKI racket/confidence con.

    #3. No backdoors/reversible encryption/recovery agents and software only security components.

    #4. The presence of a physically attached "encryption key" circuit that is physically capable of accepting/using a physical or software based key but is physically incapable of reading or reporting on its own key!

    Security is a joke, humans suck at it because of fear. fear of losing the key causes businesses to create recovery agents or back-doors are put into every fucking thing that handles encryption.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 30 Oct 2017 @ 1:34pm

      Re: I never understood

      A programing language and compiler that focuses on security from the ground up... no exceptions.

      I'm not sure what exactly you envision there. Different things require different security, and security protocols change. Putting the security in the language only changes where the bugs could be - it doesn't get rid of the bugs.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 30 Oct 2017 @ 2:26pm

        Re: Re: I never understood

        compiler level security has nothing to do with protocols.

        This would be where things like buffer overflows, and incomplete data sets, specially crafted packets, and unhandled exceptions are handled with security in mind. If you can attack vulnerabilities in the programing language then everything built on top of those vulnerabilities are also vulnerable.

        Take PERL, a relatively high level language. I was watching a video where a developer destroys the language. Basically because the compiler would allow a person to use untyped data, he could make any perl program execute malicious code the moment he has access to provide data in just about any variable. I wished I could find the link to it but I just cannot remember where it was... maybe a TED talk. Hopefully someone can remember and post the link here.

        For security reasons... programming languages should be strongly typed! Sure there are a number of ways to help protect against this, but if you just don't allow for it to begin with... you never have to worry about it.

        So in short programing languages should be written to pretty much prevent any ambiguous code execution as much as logically possible.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 30 Oct 2017 @ 2:48pm

          Re: Re: Re: I never understood

          What languages are you proficient at and do you understand the inner workings of same? For example C lang mutex?

          Are you cognizant of various operating system safeguards upon over running ones memory space? How does the language used stop these attacks?

          You imply that it is possible to eliminate all potential bugs that could possibly affect code execution - do you really believe that?

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 31 Oct 2017 @ 10:02am

            Re: Re: Re: Re: I never understood

            Oh, I see, I have to be able to understand the inner working of a "particular" programming language to have a say, is that it?

            Not going to play your troll game.

            A mechanic is more than capable of telling an Engineer what is wrong with their engine design without being an Engineer. The same reason we can all understand the weakness behind a tumbler locks without being lock smiths.

            We are over reliant on idiot "professionals" with a long list of credentials but full of stupid! Seen it so damn many times...

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 31 Oct 2017 @ 11:11am

              Re: Re: Re: Re: Re: I never understood

              I think you missed the point.

              What happens when you build your house upon unstable ground? Same concept applies elsewhere.

              If you put your pristine unbreakable language upon corrupted hardware, you're going to have a bad day.

              reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 30 Oct 2017 @ 2:32pm

        Re: Re: I never understood

        When a compiler/language "focuses on security", it normally means they focus on the reduction of undefined behavior. This can make entire classes of security-relevant bugs go away (buffer overflows, use-after-free, integer wraparounds, type mismatches). It may also mean they provide tools to assist with theorem-proving or other analysis (it might be intentionally simple to help with this). Usually it wouldn't refer to security protocols being baked into a language.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 31 Oct 2017 @ 8:33am

          Re: Re: Re: I never understood

          If that lang was then used to build the OS, then maybe it stands a chance of doing what you claim, however - all bets are off it then runs on a system with a corrupted hypervisor.

          ie: there is much more to it than just the language used

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 31 Oct 2017 @ 9:54am

            Re: Re: Re: Re: I never understood

            Seriously? That is nothing but troll bait posting.

            There will ALWAYS be risk of outside interaction from anything, not just from a hyper-visor. Technology is advanced enough for outside forces to affect computing with limited accessibility and with more advancement an external computer may be able to see the contents of another systems RAM remotely without shielding and potentially inject code physically into the machines circuits completely bypassing all physical circuit and software protections. The point is that we perform risk mitigation on these things by changing how we constructing languages, libraries, and compilers along with physically shielding them from interference. None of these are even new concepts, just poorly implemented as requirements dictated with little forethought for expediency.

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 31 Oct 2017 @ 11:14am

              Re: Re: Re: Re: Re: I never understood

              "The point is that we perform risk mitigation on these things"

              Really? Please explain the IOT botnets.

              reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 31 Oct 2017 @ 11:17am

              Re: Re: Re: Re: Re: I never understood

              Point is, the chain is only as strong as its weakest link.
              And yet you claim that strengthening one link will make the entire chain stronger.

              reply to this | link to this | view in chronology ]

              • icon
                The Wanderer (profile), 1 Nov 2017 @ 4:36am

                Re: Re: Re: Re: Re: Re: I never understood

                If that link happens to be the weakest one, then yes, by your own stated point strenthening it will in fact make the entire chain stronger.

                reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 30 Oct 2017 @ 5:50pm

    About that...

    Alfa is looking to out other security researchers Camp has been in contact with, presumably in hopes of nailing a few of them to the wall for drawing mistaken conclusions about Trump server traffic.

    When the story first came out I figured it was just a stupid mistake on the security researcher's part, making a connection that didn't actually exist. People make mistakes, it's not that big of a deal honestly, story over.

    With how fanatical they are apparently being in demanding everything however, going on a gorram crusade to 'set the record straight' I'm starting to revise my opinion and suspect that there might in fact be a bit more to it than that. Whether that be the original findings being a little too close to actual evidence they don't want found, or wanting to scare anyone else from investigating their doings for purely innocent reasons(promise!), their actions leave me with the impression of attempting to send a message to scare people off at the least.

    reply to this | link to this | view in chronology ]

  • identicon
    oliver, 31 Oct 2017 @ 2:21am

    hey, shouldn't those antics by Alfa Bank trigger the use of a Popeht Signal for the researcher?
    That stupid banks needs to get a response with a least one pony reference and "snort my taint"!!

    reply to this | link to this | view in chronology ]

  • icon
    MyNameHere (profile), 31 Oct 2017 @ 2:25am

    This is the incredibly huge and strong upside to "everyone is a journalist" nonsense, which basically means that people like this can get their name sullied by accident and then have to live it over and over again. People get the story wrong, it gets repeated.

    What is the expression, a lie goes around the world before the truth even gets it's pants on?

    Worse for this guy of course if he got meme'd. At that point, all hope is lost.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 31 Oct 2017 @ 7:16am

    What happens if this whole thing wasn't an accident? What happens if this person was acting on behalf of the DNC or the Clinton campaign? What happens if the goal was to connect Trump and Russians by any means, even if it was a lie? What happens if this person, the DNC and the Clinton campaign just made this thing up and put it out there?

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.