Russian Bank Sends Legal Threats To Researcher Who Revealed Spike In Traffic Supposedly Tied To Trump's Server
from the is-the-wrong-message-worth-shooting-the-messenger-over? dept
Late last year, a security researcher noticed what was believed to be an unusual amount of network traffic between Donald Trump's server and a Russian bank. A lot of bad reporting followed -- some it aided by the security researcher's conclusions -- which attempted to tie some spikes in spam to Trump's supposed collusion with the Russians.
It was a conspiracy theory borne of a researcher's belief something was happening, even when further research by others showed it to be a whole lot of nothing. At this point, only the die hard conspiracy theorists are still holding onto this spike in traffic between a Trump server and a Russian bank as evidence of anything.
Now, there's an additional wrinkle. The FBI is investigating possible connections between Trump and Russia that may have played a part in the election. Nothing has been confirmed by the FBI. As for the spike in network traffic noticed by the researcher, it can still be chalked up to the most boring of non-conspiracy theories: spammers using the same domain name server as both Trump's server and a Russian bank to spam recipients with hotel-related email.
The other party that can't let go of this conspiracy theory is the Russian bank's lawyers. CyberScoop reports Alfa Bank's lawyers have issued legal threats to a security researcher behind the Trump-Russia story.
In a document obtained by CyberScoop, Alfa Bank notified Indiana University computer researcher L. Jean Camp that it’s pursuing “all available options” after Camp’s research suggested the bank engaged in some form of communication with the Trump Organization. Washington-based law firm Kirkland & Ellis sent the letter on the bank’s behalf on March 17.
Alfa Bank is considering, among other things, using one of our nation's most easily-abused laws to pursue legal action against Camp for "promoting an unwarranted investigation" into the bank's ties to Donald Trump. The CFAA is cited as one route the bank may take towards making Camp pay for besmirching the reputation of the Russian bank. It also demands [PDF] she retain records possibly needed in upcoming litigation, including those detailed in this memorable sentence:
communications between you and the individuals you have publicly identified as a "loose group of concerned nerds" with whom you reportedly worked in concert regarding this matter
Being a security researcher is dangerous enough, even when you're 100% in the right. Legal threats tend to follow news of security breaches or unpatched exploits. When you follow the wrong conclusion because you're so sure you're right, you make things worse. The CFAA is a blunt weapon with surprising flexibility, and all the data researchers normally avail themselves of without issue can be twisted into "unauthorized access" by a complainant with sufficient motivation.