Franklin Foer is a pretty famous reporter. But this week he totally blew a story
that a ton of other media operations had passed on (for good reason), claiming that there was an internet server out there owned by Donald Trump, that was communicating almost exclusively with a server for a Russian bank. It took all of a few minutes to debunk this as technological confusion on the part of Foer, and a whole heck of a lot
of confirmation bias between Foer and the security researchers who had concocted this conspiracy theory with data that they're only supposed
to be using for malware research. Of course, in this stupid election season where both candidates simply love to fling ridiculous accusations at one another, Hillary Clinton herself tweeted out two
about the article, and called it "the most direct link yet between Donald Trump and Moscow."
Except, of course, that was bullshit. It was nothing of the sort. It was some confused security researchers, teaming up with a reporter who famously doesn't like the internet or technology, getting a story so ridiculously wrong that it hurts. Some of us kept waiting for Slate to correct or just pull down the story, but they didn't. They put one small update and one small correction that didn't even touch on the core elements of the story that Foer completely flubbed.
On Thursday, instead, Foer released a new story, which he claims is him "revisiting" the story to evaluate "new evidence and countertheories."
But that's also bullshit. The original theory made no sense at all. The "countertheories" are perfectly logical explanations backed up by data -- but Foer basically puts them all on equal footing and claims he stands by his original reporting. Ridiculously, Foer tries to debunk the claims that everyone made that this was just an outsourced Trump hotel spam server, by arguing that it never appeared on any spam blackhole lists:
Was the server sending spam—unsolicited mail—as opposed to legitimate commercial marketing? There are databases that assiduously and comprehensively catalog spam. I entered the internet protocal address for mail1.trump-email.com to check if it ever showed up in Spamhaus and DNSBL.info. There were no traces of the IP address ever delivering spam. Perhaps the spam went uncataloged because it was being sent to a single bank in Russia, but L. Jean Camp, an Indiana University computer scientist and a source in my original story, thought that possibility unlikely. “It’s highly implausible that spam would continue for so many months, that it would never be reported to spam blocker, or that nobody else in the world would see the spam during that time frame,” she told me.
Wait, what? This seems to be Foer doubling down on his ignorance and confusion about the story. Almost everyone discussing how this was a spam server was using "spam" in the colloquial sense of "marketing emails." They weren't arguing that it was a literal unsolicited
email server spewing things like fake Viagra or fake diplomas (though, with Trump, I guess that last one is a possibility too). It's just a marketing server. People who stay at Trump hotels get on a mailing list. I get that kind of spam all the time from hotels or hotel chains I've stayed at. I don't categorize it as outright spam in the purely scammy sense, but it's marketing spam
. But Foer and Camp seem to act as if everyone meant the scammy kind of spam.
And, as Rob Graham notes in yet another debunking of Foer
, this shows a serious misunderstanding of how spam blacklists work anyway:
Cendyn is constantly getting added to blocklists when people complain. They spend considerable effort contacting the many organizations maintaining blocklists, proving they do "opt-outs", and getting "white-listed" instead of "black-listed". Indeed, the entire spam-blacklisting industry is a bit of scam -- getting white-listed often involves a bit of cash.
Those maintaining blacklists only go back a few months. The article is in error saying there's no record ever of Cendyn sending spam. Instead, if an address comes up clean, it means there's no record for the past few months. And, if Cendyn is in the white-lists, there would be no record of "spam" at all, anyway.
Later, Foer does
consider the marketing email idea, but also tries to discount it.
Still, the marketing email theory has a few holes. A typical marketing campaign would involve the wide distribution of emails, spreading word of discounted prices and hotel openings far and wide. It seems unlikely that a campaign would so exclusively focus its efforts on a bank in Russia and a health care company in Michigan (which received a small batch of DNS look-ups), even if, as one critic has claimed, executives from Alfa Bank had a penchant for staying in Trump hotels.
Except that's misleading too. Because the information that has been revealed publicly does not
prove that the server in question only communicated with the Russian server. In fact, others have argued it's not true.
Graham also raises some pretty serious questions about one of the "DNS experts" that Foer relies on, Jean Camp:
Jean Camp isn't an expert. I've never heard of her before. She gets details wrong. Take for example in this blogpost where she discusses lookups for the domain mail.trump-email.com.moscow.alfaintra.net. She says:
This query is unusual in that is merges two hostnames into one. It makes the most sense as a human error in inserting a new hostname in some dialog window, but neglected to hit the backspace to delete the old hostname.
Uh, no. It's normal DNS behavior with non-FQDNs. If the lookup for a name fails, computers will try again, pasting the local domain on the end. In other words, when Twitter's DNS was taken offline by the DDoS attack a couple weeks ago, those monitoring DNS saw a zillion lookups for names like "www.twitter.com.example.com".
He then goes on to reproduce that kind of merged hostname situation. Graham has a number of other examples of technical points that Foer just gets totally wrong. It's kind of embarassing actually. Rather than admit he's wrong, Foer tries to just post these "countertheories" and then pulls out a "well, I just hope that my reporting gets us closer to the truth."
I pursued this story because I was impressed by the emphatic belief of the experts I consulted, my suspicions were raised by the evidence they presented, and I thought I would be remiss if I sat on data that I believed deserves to be evaluated and understood before we elect the next president. The underlying context for the piece is that Donald Trump has cultivated a troubling relationship with Russia, and the U.S. government has identified Russia as trying to meddle in this election. Not every nexus between the candidate and Russia is nefarious. This one might well be entirely innocent or even accidental. As the New York Times reported on Tuesday, after my story published, the FBI looked into the server activity but “ultimately concluded that there could be an innocuous explanation, like a marketing email or spam, for the computer contacts.” Or maybe it’s less than innocent, as the computer scientists suggested and still believe. (I’ve checked back with eight of the nine computer scientists and engineers I consulted for my original story, and they all stood by their fundamental analysis. One of them couldn't be reached.) I concluded my account of these scientists’ search for answers by arguing that the servers and their activity deserved further explanation. Hopefully my story and the debate that has followed will move us closer to a fuller understanding.
Except, it seems like "the truth" almost certainly is that there's no story at all here, and in publishing as if it was a story, a whole bunch of people are making questionable claims. The whole "Russian connection" thing that keeps popping up in this election is getting pretty ridiculous. It may very well be that the Russians are trying to muck with our election. Lots of credible people are suggesting that's the case. But then coming up with a bunch of weak conspiracy theories based on technical ignorance and confirmation bias is just like being scared of monsters in the shadows.