Attackers attempting to fabricate relationship between Russian bank and Trump

News by Roi Perez

Alfa Bank has engaged the US based cyber-forensics firm Stroz Friedberg to investigate these new attacks.

Alfa Bank, a privately owned Russian bank, says it has suffered cyber-attacks on its servers with the aim of making appear that it has been communicating with the Trump organisation.

The bank says it has contacted US law enforcement authorities for assistance and offered US agencies its complete cooperation in finding the people behind three new attempted domain name server (DNS) cyber-attacks "of increasing intensity" over the last few weeks.

In the attacks, multiple DNS requests were made by unidentified individuals, mostly using US server providers, to a Trump Organisation server.

The bank says the DNS requests were made to appear as if they originated from Alfa Bank. The DNS responses from the Trump server were then erroneously returned to Alfa Bank, activating Alfa Bank's automated security systems on 18 February and again on 11 and 13 March. Alfa Bank has engaged the US-based cyber-forensics firm Stroz Friedberg to investigate these new attacks.

Alfa Bank believes that these malicious attacks are designed to create the false impression that Alfa Bank has a secretive relationship with the Trump Organisation. "In fact, there is not and never has been such a relationship," says the bank. 

An Alfa Bank spokesperson said: "The cyber-attacks are an attempt by unknown parties to manufacture the illusion of contact between Alfa Bank's DNS servers and 'Trump servers'. We have gone to the US Justice Department and offered our complete cooperation to get to the bottom of this sham and fraud.”

The spokesperson explains: “A simple analogy would be someone in the US sending an empty envelope (in this case a DNS signal) to a Trump office (server) addressed to Trump, but on the back of the envelope the return address is Russia (Alfa Bank) instead of its own real address. The Trump office, recognising there is nothing in the empty envelope to deal with, returns it as undelivered to Russia instead of to the US-based sender. So, on cursory examination, Alfa Bank appears to have been receiving responses to queries it never actually sent.”

Stephen Gates, chief research intelligence analyst at NSFOCUS told SC Media UK:  “It's no secret that the Department of Homeland Security in the US is spearheading efforts to counter DDoS attacks. One of their initiatives encourages worldwide implementation of Internet Best Current Practice 38 (BCP 38). This document recommends service providers stop allowing devices connected to their networks to spoof their source IP addresses.  Believe it or not, BCP 38 was released in the year 2000. Nearly seventeen years later, service providers all over the world still allow spoofing on their networks. Why hasn't this issue been solved?  Simple, there are no incentives or regulations in place for service providers to change their habits.  As a result, the world will continue to witness this type of activity for countless years to come.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews